Feed cleverhans-blog [copy] http://www.cleverhans.io/feed.xml has loading error: cURL error 22: The requested URL returned error: 404
Feed Security (b)log [copy] http://securityblogru.livejournal.com/data/rss has loading error: cURL error 22: The requested URL returned error: 403 Forbidden
CCC&T - Cosmic ray, the Climate Catastrophe and Trains. (39c3)
How can we predict soil moisture by measuring cosmic ray products and what have trains to do with it? Ever wondered how this Dürremonitor works, that you heared about in ther german news? These question and some more I will try to answer while I give an overview of some of the research that is done by the Helmholtz Centre for Environmental Research (UFZ). The Dürremonitor is a programme that is often mentioned in the German news when some regions experience drought. Alongside the Dürremonitor and the underlying Mesoscale Hydrological Model (MHM), there is ongoing...
CUII: Wie Konzerne heimlich Webseiten in Deutschland sperren (39c3)
Stellt euch vor, eine private Organisation aus milliardenschweren Konzernen entscheidet, welche Webseiten ihr nicht besuchen dürft - ohne Richter, ohne öffentliche Kontrolle oder Transparenz. Genau das macht die CUII in Deutschland seit Jahren. In Deutschland entscheidet eine private Organisation aus Internetanbietern und großen Unterhaltungskonzernen, welche Webseiten für den Großteil der Bevölkerung nicht mehr erreichbar sind. Die selbsternannte "Clearingstelle Urheberrecht im Internet" sperrt ohne richterliche Beschlüsse den Zugriff auf Hunderte von Domains. Wir haben daraufhin cuiiliste.de ins Leben gerufen, um die geheim gehaltene Liste von Domains zu veröffentlichen und so mehr Transparenz in die heimliche Zensur...
Atoms in Space (39c3)
*What are atoms doing in space anyways?* This talk will provide a brief overview of applications of quantum technologies in space ranging from precise timing and inertial measurements to fundamental physics. Quantum technologies have seen a wide field of applications in medicine, geosciences, computing and communications, in many cases bridging the gap from laboratory experiments to commercial products in the last decade. For terrestrial applications that is. But what about going to space? Quantum physics based sensors and experiments promise higher accuracy, sensitivity or better long term stability as they rely on immutable properties of atoms....
“End Of 10”: How the FOSS Community is Combatting Software-Driven Resource and Energy Consumption (39c3)
The end of free support for Windows 10 was 14 October 2025. Well, sort of. Microsoft moved the date to 2026, one more year the FOSS community can introduce users to sustainable software. 14 October is also KDE's birthday, International E-Waste Day, with International Repair Day following on 18 October. The irony is deep, but what is not ironic is that millions of functioning computers will end up becoming security risks or discarded as e-waste. This means manufacturing and transporting new ones, the biggest waste of all: hardware production accounts for over 75% of...
Breaking BOTS: Cheating at Blue Team CTFs with AI Speed-Runs (39c3)
After we announced our results, CTFs like Splunk's Boss of the SOC (BOTS) started prohibiting AI agents. For science & profit, we keep doing it anyways. In BOTS, the AIs solve most of it in under 10 minutes instead of taking the full day. Our recipe was surprisingly simple: Teach AI agents to self-plan their investigation steps, adapt their plans to new information, work with the SIEM DB, and reason about log dumps. No exotic models, no massive lab budgets - just publicly available LLMs mixed with a bit of science and perseverance. We'll...
We, the EU, and 1064 Danes decided to look into YouTube: A story about how the EU gave us a law, 1064 Danes gave us their YouTube histories, and reality gave us a headache (39c3)
We explore what happens when Europe’s ambitious data access laws meet the messy realities of studying major digital platforms. Using YouTube as a central case, we show how the European Union’s efforts to promote transparency through the GDPR, the Digital Services Act (DSA), and the Digital Markets Act (DMA) are reshaping the possibilities and limits of independent platform research. At the heart of the discussion is a paradox: while these laws promise unprecedented access to the data that shape our digital lives, the information researchers and citizens actually receive is often incomplete, inconsistent, and difficult...
Battling Obsolescence – Keeping an 80s laser tag system alive (39c3)
Keeping old projects working can be an uphill battle. This talk explores how the laser tag system Q-Zar (Quasar in the UK) has been kept alive since the company behind it failed in the 90s. The challenges encountered, the lessons learnt, and how those can be applied to our own future projects to maximise the project lifetime. Looking at the effects of obsolescence in the context of a laser tag system from the 1980s Q-Zar (Quasar in the UK), what needed to happen to keep it going to enable people to continue...
I Hated All The Cross-Stitch Software So I Made My Own: My Deranged Outsider Software Suite For Making Deranged Outsider Art (39c3)
I wanted to design beautiful header diagrams and ASCII tables suitable for stitching on throw pillows, but found existing tools for cross-stitch design to be all wrong. I made my own set of command-line tools for building this chunky, pixelated visual art. If you've never seen a cross-stitch sampler that had bitrot, this talk will fix it. Designing cross-stitch patterns, I got frustrated with all the programs which expected me to click around a canvas setting individual pixels. I wanted a cross-stitch design software suite that I could drive with a Makefile, which could give...
Laser Beams & Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling (39c3)
Stored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1's and 0's, original EPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory. Naturally, whilst useful, this has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as...
Verschlüsselung brechen durch physischen Zugriff - Smartphone Beschlagnahme durch Polizei (39c3)
Eine zwar profane Methode der Überwachung, die Polizeibehörden in Deutschland jedoch hunderttausendfach anwenden, ist das Auslesen von Daten beschlagnahmter Smartphones und Computer. Dazu nutzt die Polizei Sicherheitslücken der Geräte mithilfe forensischer Software von Herstellern wie Cellebrite oder Magnet aus. Die Verfassungsmäßigkeit der Rechtsgrundlagen ist zweifelhaft. Im Vortrag werden anhand aktueller Fälle technische und juristische Hintergründe erörtert. Staatstrojaner, Chat-Kontrolle, Wanzen. Die Mittel staatlicher Überwachung sind vielfältig und teilweise technisch sehr komplex. Dabei ist es leicht, den Überblick zu verlieren. Ein relativ profanes Mittel, das Polizeibehörden in Deutschland hunderttausendfach anwenden, ist die Beschlagnahme von Smartphones und Laptops...