Feed cleverhans-blog [copy] http://www.cleverhans.io/feed.xml has loading error: cURL error 22: The requested URL returned error: 404
Feed Security (b)log [copy] http://securityblogru.livejournal.com/data/rss has loading error: cURL error 22: The requested URL returned error: 403 Forbidden
When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own Weapons (39c3)
What happens when AI-powered criminals meet AI-powered hunters? A technical arms race where both sides are vibing their way through exploitation—and the backdoors write themselves. In October 2025, we investigated Taiwan's fake delivery scam ecosystem targeting convenience store customers. What started as social engineering on social media became a deep dive into two distinct fraud platforms—both bearing the unmistakable fingerprints of AI-generated code. Their developers left more than just bugs: authentication flaws, file management oversights, and database implementations that screamed "I asked LLM and deployed without reading." We turned their sloppiness into weaponized OSINT. Through...
Trump government demands access to European police databases and biometrics (39c3)
The USA is demanding from all 43 countries in the "Visa Waiver Programme" (VWP), which enables visa-free travel, to conclude an "Enhanced Border Security Partnership" (EBSP). This is intended to grant US authorities direct access to police databases in these - mostly European - countries containing fingerprints, facial images and other personal data. Anyone who refuses this forced "border partnership" faces exclusion from the visa-free travel programme. The US demand is unprecedented: even EU member states do not grant each other such extensive direct database access – normally the exchange takes place via the "hit/no-hit...
Unnecessarily Complicated Kitchen – Die Wissenschaft des guten Geschmacks (39c3)
In unserer „Unnecessarily Complicated Kitchen“ hacken wir die Gesetze der Kulinarik. Ich zeige live, wie Hitze, Chemie und Chaos zusammenwirken, wenn Moleküle tanzen, Dispersionen emulgieren und Geschmack zu Wissenschaft wird. Zwischen Pfanne und Physik entdecken wir, warum Kochen im Grunde angewandtes Debugging ist – und wie man Naturgesetze so würzt, dass sie schmecken. Willkommen in der „Unnecessarily Complicated Kitchen“ – einer Küche, in der Naturwissenschaft, Technik und kulinarisches Chaos aufeinandertreffen. Wir sezieren das Kochen aus der Perspektive von Hacker*innen: Warum Hitzeübertragung ein deinen Tschunk kühlt, warum Emulsionen wie BGP funktionieren und wie sich die Kunst des...
"Passwort" - der heise security Podcast live vom 39C3 (39c3)
Der heise security Podcast macht wieder einen Betriebsausflug nach Hamburg. Diesmal bringt Christopher seinen Co-Host Sylvester mit und spricht 90 Minuten lang über aktuelle Security-Themen vom Congress. Wir haben uns erneut einige spannende Fundstücke herausgesucht und sprechen darüber miteinander, aber auch mit unseren Gästen.
Welche Themen wir besprechen ist - wie immer bei unserem Podcast - eine Überraschung.
Licensed to the public under http://creativecommons.org/licenses/by/4.0
about this event: https://events.ccc.de/congress/2025/hub/event/detail/passwort-der-heise-security-podcast-live-vom-39c3
Video:39c3-83754-deu-Passwort_-_der_heise_security_Podcast_live_vom_39C3_hd.mp4
Don’t look up: There are sensitive internal links in the clear on GEO satellites (39c3)
We pointed a commercial-off-the-shelf satellite dish at the sky and examined all of the geostationary satellite communications visible from our vantage point. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks. In this talk, we will cover our hardware setup, alignment techniques, our parsing code, and survey some of the surprising finds in the data. This talk will include some previously unannounced results. This data can be...
Kenji Tanaka LIVE // Insights into my workflow, structure and philosophy (39c3)
How does live techno work? On the dance floor, it's practically impossible to understand what's happening up front. It's also irrelevant there, because it's all about the music and many other things. Live sets have a thousand faces. Everyone has their own workflow, and there are countless approaches to performing electronic music. I don't know all of them, but I will give a deeper insight into the architecture of my setup in this short presentation. I explain my approach to improvising techno in clubs and at festivals. There will be a few technical insights into my...
CSS Clicker Training: Making games in a "styling" language (39c3)
CSS is a programming language, and you can make games in it. Let's install NoScript and make some together! This talk is about how HTML and CSS can be used to make interactive art and games, without using any JS or server-side code. I'll explain some of the classic Cohost CSS Crimes, how I made [CSS Clicker](https://lyra.horse/css-clicker/), and what's next for the CSS scene. I hope this talk will teach and/or inspire you to make cool stuff of your own! --- *Content notes:* - Slides feature animations and visual effects - Short video clip (with music) will be played - Clicker sound...
How To Minimize Bugs in Cryptography Code (39c3)
"Don't roll your own crypto" is an often-repeated aphorism. It's good advice -- but then how does any cryptography get made? Writers of cryptography code like myself write code with bugs just like anyone else, so how do we take precautions against our own mistakes? In this talk, I will give a peek into the cryptographer's toolbox of advanced techniques to avoid bugs: targeted testing, model checking, mathematical proof assistants, information-flow analysis, and more. None of these techniques is a magic silver bullet, but they can help find flaws in reasoning about tricky corner...
Variable Fonts — It Was Never About File Size (39c3)
A brief history of typographic misbehavior or intended and unintended uses of variable fonts. Nine years after the introduction of variable fonts, their most exciting uses have little to do with what variable fonts originally were intended for and their original promise of smaller file sizes. The talk looks at how designers turned a pragmatic font format into a field for experimentation — from animated typography and uniwidth button text to pattern fonts and typographic side effects with unintended aesthetics. Using examples from projects such as TypoLabs, Marjoree, Kario (the variable font that’s used as...
1965 + 60 Years of Algorithmic Art with Computers (39c3)
What power structures are inherent to the field of computer-generated art? In the year 1965, so 60 years ago, the first three exhibitions of art created with the help of computers took place - in part independently of each other. We want to present the interesting aspects of developments since then and discuss them with Frieder Nake, one of the people who exhibited in those very beginnings and followed those developments with a critical attitude. We want to look at the complex topic of art created with computers, beginning with some careful and barely noticed...