By Nils Magnus and Anika Kehrer
Out of 100 events, the "Hacking" track was best represented with about 35 talks, with the "Society" track following close behind (Figure 1). Roger Dingledine talked about the Tor project and the increasingly urgent need for an interface between technology and society. Dingledine said, "We need more lawyers looking into data protection" [1].
The Congress is continuing to move in the direction of more political and social topics. Despite this, there were still a number of interesting technical demonstrations. For example, the animated Mitch Altman, inventor of the open source TV-B-Gone remote control, shared his enthusiam at his talk and workshop on microcontroller hacking [2]. Several contributions clearly showed that vendors who block gaming consoles for alternative operating systems actually motivate open source developers.
Felix Domke broke the Xbox 360 security design, which developers had unsuccessfully fought the previous year. The console enthusiast admitted that the security design was well thought-out; for example, the box would run only Microsoft signed code.
Domke discovered a vulnerability in the form of a comparison instruction in machine code that only used 32 bits of a 64-bit number. His exploit used a console game with a modified shader to inject code and boot Linux, leading to much applause from the audience.
To complement this, kernel developer Michael Steil investigated the link between closed-console hardware and existing bootleg copies of games. The only platform for which bootlegs are not available is the PlayStation 3, and Sony offers an SDK for programming the onboard cell processor.
Apple also tries to prevent Mac OS X from running on anything but Apple hardware. Alexander Graf extended a number of patches for the two Linux virtualization solutions, Qemu and KVM, and was thus able to run multiple instances of Mac OS X under a Linux host on his Apple machine. "This is legal on Apple hardware," he said, interpreting the license.
Some contributions were a disappointment. For example, two speakers wanted to evaluate the movement data collected by the Sputnik project using RFID chips at the last conference.
One speaker failed to get past the basics of graph theory in her talk, even though she had announced an investigation of social networks based on the Sputnik data. The other speaker showed no fewer than 135 slides in a 45-minute talk, most of which showed 30-line PostgreSQL algorithms, yet failed to draw conclusions from his findings.
Consultant Alexander Kornbrust showed how to present code in an informative way in his talk on Oracle security trends, patiently demonstrating how an attacker could use invisible users to manipulate the database, undetected by the administrator.
The organizers took good care of their "Chaos Angels" [3], volunteers who are a long-standing tradition at CCC events. "The food was great," said Martina, a recent graduate, computer scientist, and web programmer. Thanks to Martina and other helpers, the Congress talks are available on the web [4].
Under the auspices of anti-hacking legislation, online investigations, and data retention, prospects for the new year seemed gloomy.
The ironic New Year's greeting "Happy New Year 1984" started to spread from a group of 500 hackers who joined the mini-demonstration organized by the Data Retention pressure group and the FFII [5] during the conference. This shows fighting spirit with a dash of frustration that seemed to characterize the whole event.
INFO |
[1] Literature on anonymization software: http://www.freehaven.net/anonbib/topic.html
[2] Microcontroller hacking: http://www.ladyada.net [3] Chaos Angels: http://events.ccc.de/camp/2007/Chaos_Angels [4] 24c3-Videos: http://events.ccc.de/congress/2007 [5] FFII: http://www.ffii.org/ |