The 27th Chaos Computer Congress, which wound up yesterday in Berlin, was predictably fantastic. It’s the second time I’ve elected to flee the bosom of my family the day after Christmas to spend a few days in a basement with the world’s nicest hackers, and I have no regrets. This year’s congress not only had more snow (contributing to a not unpleasant feeling that I might be stranded in Chaos forever) but also, thanks to Wikileaks, better journalists AND better spies. Here are my highlights:
Rop Gonggrijp’s keynote speech
The big one. Rop opened the congress with an epic and thoughtful keynote that revisited his “We lost the war” speech at 22c3 five years ago, and plotted a courageous and critical path forward for the community in a post-Wikileaks age. By all means watch the video once, but you’ll also want to read the transcript Rop has posted to his blog. This speech will be a set text for students of the movement in years to come.
Jeremie Zimmerman demystifies ACTA
With the text of the dread anti-counterfeiting trade agreement (ACTA) finalised, La Quadrature du Net’s Jeremie Zimmerman set out what’s at stake if it gets adopted by the European Parliament in a vote scheduled for the first half of next year. Clear, precise and accessible, this is the video you should be sending your friends and relatives to in order to explain the issues and convince them to lobby their elected representatives. Speaking straight after Rop, Jeremie had a tough act to follow, but he brilliantly turned the mood from introspection to action.
SMS-o-Death
Veteran hackers may have found this one a bit slow, but for me it perfectly demonstrates what CCC is here for. After detailing their experiments sending semi-random payloads via SMS to “feature phones” (those cheap, durable handsets beloved of Mums everywhere that sit in the middle of the spectrum between smart and dumb), Collin Mulliner and Nico Golde revealed the fatal and often incurable vulnerabilities they had found, and the almost universally mute response they had had from handset manufacturers in response. Having learnt about the work of OpenBTS and other grassroots GSM networking projects at the last CCC, it was gratifying to see that work applied. The talk was also a good reminder of how seriously the security community takes its responsibility as the public’s eyes and ears against vendors selling damaged goods.
Is the SSLiverse a safe place?
The talk I wish I hadn’t missed. My travelling tech support went to this, and reported it excellent. Using recently reported man-in-the-middle attack vulnerabilities in SSL based on corrupt SSL certification as a jumping off point, the EFF set out to survey the SSL certification landscape. Their diagnosis is frightening.
“The Concert”: A disconcerting moment for free culture
On top of the real spies and real journalists, 27c3 also had real musicians. “The concert” was my ultimate congress high point, and I’m sorry to say that the video is unlikely to communicate the magic that happened in Saal 1 on the evening of Day 2. But I predict that this isn’t the last time you’ll see Alex Antener, Corey Cerovsek and Julien Quentin put on this piece they premiered at 27c3. I wouldn’t be surprised if they hadn’t done TED by the end of next year.
Image credits: anders_hh@Flickr
The Barefoot Technologist 