Feed cleverhans-blog [copy] http://www.cleverhans.io/feed.xml has loading error: cURL error 22: The requested URL returned error: 404
Feed Security (b)log [copy] http://securityblogru.livejournal.com/data/rss has loading error: cURL error 22: The requested URL returned error: 403 Forbidden
Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boot (39c3)
In August 2024, Raspberry Pi released their newest MCU: The RP2350. Alongside the chip, they also released the RP2350 Hacking Challenge: A public call to break the secure boot implementation of the RP2350. This challenge concluded in January 2025 and led to five exciting attacks discovered by different individuals. In this talk, we will provide a technical deep dive in the RP2350 security architecture and highlight the different attacks. Afterwards, we talk about two of the breaks in detail---each of them found by one of the speakers. In particular, we first discuss how fault injection...
The Eyes of Photon Science: Imaging, Simulation and the Quest to Make the Invisible Visible (39c3)
Science advances by extending our senses beyond the limits of human perception, pushing the boundaries of what we can observe. In photon science, imaging detectors serve as the eyes of science, translating invisible processes into measurable and analysable data. Behind every image lies a deep understanding of how detectors see, respond and perform. At facilities like the European XFEL, the world's most powerful X-ray free-electron laser located in the Hamburg metropolitan area, imaging detectors capture ultrashort X-ray flashes at MHz frame rates and with high dynamic range. Without these advanced detectors, even the brightest...
Doomsday-Porn, Schäferhunde und die „niedliche Abschiebung“ von nebenan (39c3)
Der amtierende US-Präsident postet ein Video, in dem er Demonstrierende aus einem Kampfjet heraus mit Fäkalien bewirft und das Weiße Haus zelebriert den „Star Wars Day“ mit einem pompösen Trump-Bild mit Lichtschwert. Accounts von AfD-Sympathisanten posten KI-Kitsch einer vermeintlich heilen Welt voller blonder Kinder und Frauen im Dirndl. Ist das lediglich eine geschmackliche Entgleisung oder steckt da mehr dahinter? KI-generierter Content ist aus der Kommunikationsstrategie autoritärer Akteure nicht mehr wegzudenken. Social Media wird derzeit mit rechtem KI-Slop geflutet, in dem wahlweise die Welt dank Migration kurz vor dem Abgrund steht oder blonde, weiße Familien fröhlich...
Coding Dissent: Art, Technology, and Tactical Media (39c3)
This presentation examines artistic practices that engage with sociotechnical systems through tactical interventions. The talk proposes art as a form of infrastructural critique and counter-technology. It also introduces a forthcoming HackLab designed to foster collaborative development of open-source tools addressing digital authoritarianism, surveillance capitalism, propaganda infrastructures, and ideological warfare. In this talk, media artist and curator Helena Nikonole presents her work at the intersection of art, activism, and tactical technology — including interventions into surveillance systems, wearable mesh networks for off-grid communication, and AI-generated propaganda sabotage. Featuring projects like Antiwar AI, the 868labs initiative, and the...
Life on Hold: What Does True Solidarity Look Like Beyond Duldung, Camps, Deportation, and Payment Cards? (39c3)
Lager, Duldung, Bezahlkarte, Essensscheine – Criminalization, Radicalization, Reality for Many People in East Germany This talk sheds light on how these terms shape everyday life. We dive into an existence marked by uncertainty, isolation, and psychological strain, both in anonymous big cities and rural areas of East Germany. We ask: What does “solidarity” really mean in this context? In this session, people share everyday experiences with a system that often systematically undermines human rights and dignity. We don’t just talk about the obvious obstacles like the payment card or residency obligation, but also the invisible wounds: the...
Landtagsrevue Live - AUA (Ask us Anything) (39c3)
Live-Sonderausgabe der Landtagsrevue - dem Landespolitik-Ableger der Parlamentsrevue.
Wir schauen zurück auf das erste Jahr der Landtagsrevue und beantworten eure Fragen rund um die Parlamente - wie funktioniert das eigentlich alles? Wo können wir als Zivilgesellschaft am besten Einfluss nehmen? Wer sind all diese Leute?? Schickt uns eure Fragen gern vorab an landtag@parlamentsrevue.de - so können wir auch Antworten aus den Ländern mitbringen, die nicht live dabei sind.
Licensed to the public under http://creativecommons.org/licenses/by/4.0
about this event: https://events.ccc.de/congress/2025/hub/event/detail/landtagsrevue-live
Video:39c3-83768-deu-Landtagsrevue_Live_-_AUA_Ask_us_Anything_hd.mp4
Escaping Containment: A Security Analysis of FreeBSD Jails (39c3)
FreeBSD’s jail mechanism promises strong isolation—but how strong is it really? In this talk, we explore what it takes to escape a compromised FreeBSD jail by auditing the kernel’s attack surface, identifying dozens of vulnerabilities across exposed subsystems, and developing practical proof-of-concept exploits. We’ll share our findings, demo some real escapes, and discuss what they reveal about the challenges of maintaining robust OS isolation. FreeBSD’s jail feature is one of the oldest and most mature OS-level isolation mechanisms in use today, powering hosting environments, container frameworks, and security sandboxes. But as with any large and evolving...
Syncing visuals and stage lights against the beat of live music: an introduction (39c3)
Most clubs and concerts have predefined light and visuals, and often they are generic and not synced to the beat of the music. Today we will show you that it's actually possible to sync visual effects to the beat of live music recorded from the microphone, and it's pretty easy! Aimed at beginners. We will teach people how to set up and use TouchDesigner to perform audio analysis and how to draw basic effects and light shows that respond to the beat of the input audio. If you want to follow along, please come with ...
Pwn2Roll: Who Needs a 595€ Remote When You Have wheelchair.py? (39c3)
A 595€ wheelchair remote that sends a handful of Bluetooth commands. A 99.99€ app feature that does exactly what the 595€ hardware does. A speed upgrade from 6 to 8.5 km/h locked behind a 99.99€ paywall - because apparently catching the bus is a premium feature. Welcome to the wonderful world of DRM in assistive devices, where already expensive basic mobility costs extra and comes with in-app purchases! And because hackers gonna hack, this just could not be left alone. This talk depicts the reverse engineering of a popular electric wheelchair drive system - the Alber...
Friday Squid Blogging: Squid Camouflage
New research:
Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused mainly on the chromatophore system for communication. Camouflage adaptations to the substrate while moving has been recently described in the semi-pelagic oval squid (Sepioteuthis lessoniana). Our current study focuses on the same squid’s complex camouflage to substrate in a stationary, motionless position. We observed disruptive, uniform, and mottled chromatic body patterns, and we identified a threshold of contrast...