Die Faszination im IT-Bereich liegt mitunter darin das es quasi jeden Tag etwas komplett Neues zu entdecken gibt. Diesem Leitsatz folgend gab es gleich am ersten Tag des 23C3 eine geballte Ladung an neuen Themen.
Im ersten Vortrag von Rechtsanwalt Peter Voigt ging es um die Neufassung des deutschen Strafrechtsparagraphen 202c. Der Vortag war insofern interessant als das bereits bekannte Fakten nochmals für den rechtlichen Laien aufbereitet dargestellt wurden. Die Einführung dieser Änderung wird jedenfalls erhebliche negative Auswirkungen auf die Arbeit im IT-Security Bereich haben.
The picture above shows the active RFID tag of the CCC Sputnik Project. The Sputnik project
is an self made location tracking system. The tag consists of an micro-controller and an NRF24L01 RF-IC. The location tracking is based on transmitting the tag ID with 5 different power levels and software based correlation of several readers.
In the next talk "Fudging with Firmware" the speaker mainly focused on how to get started with an firmware image file - like you get it from your DSL-Router vendor.His tool UWfirmforce looks really interesting:
[frank@t01 UWfirmforce-0.0.1]$ wget http://www.uberwall.org/releases/UWfirmforce-0.0.1.tar.gz [frank@t01 UWfirmforce-0.0.1]$ tar -xzvf UWfirmforce-0.0.1.tar.gz [frank@t01 UWfirmforce-0.0.1]$ cd UWfirmforce-0.0.1 [frank@t01 UWfirmforce-0.0.1]$ make make[1]: Entering directory `/tmp/UWfirmforce-0.0.1/plugins' cc -W -fPIC -Wall -g -O2 -c ar.c ... cc -o UWfirmforce UWfirmforce.o plugin.o UWfirmforce.o: In function `UWfirmforce_dlerror': /tmp/UWfirmforce-0.0.1/UWfirmforce.c:298: undefined reference to `dlerror' collect2: ld returned 1 exit status make: *** [UWfirmforce] Error 1 [frank@t01 UWfirmforce-0.0.1]$ cc -o UWfirmforce UWfirmforce.o plugin.o -ldl [frank@t01 UWfirmforce-0.0.1]$ ./UWfirmforce -v wgt634u_1_4_1_10.img | less Analyzing file: wgt634u_1_4_1_10.img Matching GZIP signature #0 at offset 26788 compression deflate, flags FNAME, 06/04/2005 07:27:46, OS Unix Score: 100% Matching CPIO signature #1 at offset 90769 binary big-endian, uid 21197, gid 19184, 16/06/1952 00:54:47 Score: 0% ...
The talk "Java wird Groovy" was even more interesting. It was an short but quite good introduction to Groovy. The final talk of the day about the OpenXPKI project made references to the tools sscep and CertNanny which you should definitely checkout if you have to deal with SSL certificates.
Like yesterday my stack of talks for tomorrow:
- 11:30 Saal 2 - Router and Infrastructure Hacking
- 12:45 Saal 2 - JSON RPC - Cross Site Scripting and Client Side Web Services
- 14:00 Saal 3 - Secure Network Server Programming on Unix
- 16:00 Saal 1 - A Hacker's Toolkit for RFID Emulation and Jamming
- 17:15 Saal 1 - RFID hacking
- 18:30 Saal 1 - Stealth malware - can good guys win?
- 21:45 Saal 1 - Black Ops 2006 Viz Edition