Category Archives: 33C3

33C3: Edible Soft Robotics

Certainly one of the more entertaining talks of the 33rd Chaos Communications Congress was [Kari Love]’s talk on her experiments in mixing food with function. In [Kari]’s talk at the 2016 Hackaday Supercon, she talked extensively about working on soft robotic for NASA. At the 33C3, her focus was twofold: on a fun side project to make mobile robots out of stuff that you can eat, and to examine the process of creative engineering through the lens of a project like this.

If you look up edible robotics, you get a lot of medical literature about endoscopes that you can …read more

Continue reading

Posted in 33C3, cons, edible, gummi, robots hacks, soft robotics | Leave a comment

33C3: Memory Deduplication, the Hacker’s Friend

At the 33rd annual Chaos Communications Congress, [Antonio Barresi] and [Erik Bosman] presented not one, not two, but three (3!!) great hacks that were all based on exploiting memory de-duplication in virtual machines. If you’re interested in security, you should definitely watch the talk, embedded below. And grab the slides too. (PDF)

Memory de-duplication is the forbidden fruit for large VM setups — obviously dangerous but so tempting. Imagine that you’re hosting VMs and you notice that many of the machines have the same things in memory at the same time. Maybe we’re all watching the same cat videos. They …read more

Continue reading

Posted in 33C3, corruption, de-duplication, memory, Rowhammer, security hacks | Leave a comment

33C3: How Can You Trust Your Random Numbers?

One of the standout talks at the 33rd Chaos Communications Congress concerned pseudo-random-number generators (PRNGs). [Vladimir Klebanov] (right) and [Felix Dörre] (left) provided a framework for making sure that PRNGs are doing what they should. Along the way, they discovered a flaw in Libgcrypt/GNUPG, which they got fixed. Woot.

Cryptographically secure random numbers actually matter, a lot. If you’re old enough to remember the Debian OpenSSL debacle of 2008, essentially every Internet service was backdoorable due to bad random numbers. So they matter. [Vladimir] makes the case that writing good random number generators is very, very hard. Consequently, it’s very …read more

Continue reading

Posted in 33C3, cons, crypto, diehard, dieharder, prng, random, random numbers, security, security hacks | Leave a comment

33C3: Works for Me

The Chaos Communication Congress (CCC) is the largest German hacker convention by a wide margin, and it’s now in its thirty-third year, hence 33C3. The Congress is a techno-utopian-anarchist-rave with a social conscience and a strong underpinning of straight-up hacking. In short, there’s something for everyone, and that’s partly because a CCC is like a hacker Rorschach test: everyone brings what they want to the CCC, figuratively and literally. Somehow the contributions of 12,000 people all hang together, more or less. The first “C” does stand for chaos, after all.

What brings these disparate types to Hamburg are the intersections …read more

Continue reading

Posted in 33C3, ccc, chaos communication congress, conference, cons, Featured, games, Hackerspaces | Leave a comment

33C3: If You Can’t Trust Your Computer, Who Can You Trust?

It’s a sign of the times: the first day of the 33rd Chaos Communications Congress (33C3) included two talks related to assuring that your own computer wasn’t being turned against you. The two talks are respectively practical and idealistic, realizable today and a work that’s still in the idea stage.

In the first talk, [Trammell Hudson] presented his Heads open-source firmware bootloader and minimal Linux for laptops and servers. The name is a gag: the Tails Linux distribution lets you operate without leaving any trace, while Heads lets you run a system that you can be reasonably sure is secure. …read more

Continue reading

Posted in 33C3, cons, heads, libreboot, openboot, security, security hacks, tails, trusted computing | Leave a comment

33C3: Breaking IoT Locks

Fast-forward to the end of the talk, and you’ll hear someone in the audience ask [Ray] “Are there any Bluetooth locks that you can recommend?” and he gets to answer “nope, not really.” (If this counts as a spoiler for a talk about the security of three IoT locks at a hacker conference, you need to get out more.)

Unlocking a padlock with your cellphone isn’t as crazy as it sounds. The promise of Internet-enabled locks is that they can allow people one-time use or limited access to physical spaces, as easily as sending them an e-mail. Unfortunately, it also …read more

Continue reading

Posted in 33C3, bluetooth, cons, IoT, lockpicking, locks | Leave a comment