BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Pentabarf//Schedule 0.3//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALDESC;VALUE=TEXT:0sec08 Schedule Release 0.7 X-WR-CALNAME;VALUE=TEXT:0sec08 Schedule X-WR-TIMEZONE;VALUE=TEXT:Europe/Berlin BEGIN:VEVENT METHOD:PUBLISH UID:20@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081018T233000 DTEND;TZID=Europe/Berlin:20081019T003000 DURATION:PT1H00M SUMMARY:Coreboot DESCRIPTION: The BIOS and it's successor EFI are considered by many to be thefinal frontier for open source software in commodity PCs. This talkdescribes the BIOS replacement coreboot and the projects surroundi ngit.The closed nature of traditional firmware is starting to causecon cern even on the government level\, as awareness for BIOS malwarerisks is increasing.The presentation describes coreboot\, supplementary too ls such asbuildrom\, flashrom\, superiotool and nvramtool\, and some p opularpayloads that combine with coreboot to make up the firmware: FIL O\,EtherBoot\, SeaBIOS\, Memtest86\, tint\, Linux\, coreinfo\, bayou a ndlibpayload featuring tinycurses\, which can turn simple applications into instant-on appliances. Finally there will be a demonstration ofco reboot running on hardware. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/20.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Peter Stuge":inval id:nomail ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Carl-Daniel Hailfi nger":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:19@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081019T133000 DTEND;TZID=Europe/Berlin:20081019T143000 DURATION:PT1H00M SUMMARY:Developing and destroying hardware DESCRIPTION: Designing commercial electronical circuits always forcesc ompromises between several contradicting natural laws and\, to prevent thedeveloper from being bored\, further constraints are imposed by ec onomicalrequirements. The Unholy Alliance of short time-to-market\, lo w costs\, slipsof the mouse and contradicting design rules causes weak nesses in thehardware that can easily be exploited by programmers and users. We willexamin this on circuits using the fieldbus ARCNET. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/19.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Nikolai Eichbauer" :invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:21@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081017T173000 DTEND;TZID=Europe/Berlin:20081017T180000 DURATION:PT0H30M SUMMARY:doors opening DESCRIPTION: Let's start 0sec 2008. We open our doors at 17:30. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/21.en.html LOCATION:Lounge ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="0sec orga team":in valid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:22@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081018T120000 DTEND;TZID=Europe/Berlin:20081018T123000 DURATION:PT0H30M SUMMARY:doors opening DESCRIPTION: Let's continue the fun and start the second day of the 0s ec. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/22.en.html LOCATION:Lounge ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="0sec orga team":in valid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:23@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081019T123000 DTEND;TZID=Europe/Berlin:20081019T130000 DURATION:PT0H30M SUMMARY:doors opening DESCRIPTION: Heading towards the last day of the 0sec ... sunday start s. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/23.en.html LOCATION:Lounge ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="0sec orga team":in valid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:16@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081017T210000 DTEND;TZID=Europe/Berlin:20081017T220000 DURATION:PT1H00M SUMMARY:KKRXNK - Cryptographs in the Early Middle Ages DESCRIPTION: In the scriptoriums of the early Middle Ages cryptographs were liked very much and spread. There was a big number of codes whic h can be summarised systematically\, nevertheless\, on few procedures. Substitution codes were prevailing. Their deciphering does not pose m any problems to us. Mysteriously they appear to us because her purpose is not clear. The paper offers a small overview about the medieval cr yptography\, in particular in the area of the historical tradition of German language and discusses functional questions of the attractive p henomenon. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/16.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Andreas Nievergelt ":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:24@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081018T193000 DTEND;TZID=Europe/Berlin:20081018T220000 DURATION:PT2H30M SUMMARY:Lunch CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/24.en.html LOCATION:Lounge ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="0sec orga team":in valid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:11@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081017T190000 DTEND;TZID=Europe/Berlin:20081017T200000 DURATION:PT1H00M SUMMARY:Misusage of Cisco Devices - or\, why a Cisco Device can be evi l DESCRIPTION: New Features in the Cisco Router\, like TCL\, can be used for portscaning from a router\, or writing a Mail-Spam-Bot. With EEM you can create a Rackdoor Monitoring and Logging system\, or integrate portknocking for execute a config change. Some combination of IOS com mands and TCL scripts generates new posibilities for doing Abuse thing s on a Cisco Router. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/11.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Christoph Weber":i nvalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:17@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081018T150000 DTEND;TZID=Europe/Berlin:20081018T160000 DURATION:PT1H00M SUMMARY:On how (not) to break crypto systems DESCRIPTION: In this overview talk we focus on the question "What is a secureencryption scheme?". We shall start with a discussion of classi calencryption schemes\, and see why they are insecure. Based on thesee xamples we develop an intuitive notion of secure encryption. We thenfo rmalize this intuition and discuss the notion of "IND-CPA security"\,w hich is a widely accepted definition for "secure encryption" in thecry pto community. We shall see that - under certain assumptions - AESbase d symmetric encryption schemes can be mathematically proved to beIND-C PA secure. Finally\, we discuss what these rather theoreticalsecurity considerations mean in practice. In the course of thisdiscussion\, we give an overview of side channel attacks\, such as\,timing and power a nalysis attacks. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/17.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Endre Bangerter":i nvalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:15@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081018T220000 DTEND;TZID=Europe/Berlin:20081018T230000 DURATION:PT1H00M SUMMARY:Rainbow tables explained DESCRIPTION: What are rainbow tables exactly\, how do they work\, what are they goodfor? Without going into the detailed math\, we'll try to understandrainbow tables and how their parameters can be tuned. We wi ll alsoexplore what systems can be subjected to attacks by rainbow tab les.Finally we will show a new development\, dictionnary-based rainbow tables\, which we will demo with oracle password hashes. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/15.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Philippe Oechslin" :invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:12@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081018T183000 DTEND;TZID=Europe/Berlin:20081018T193000 DURATION:PT1H00M SUMMARY:The end of the internet - Self replicating malware on home rou ters DESCRIPTION: This talk is about devices that close to everybody has in their homes and offices. So called Soho (Small home and office) route rs have become extremely popular in the last few years. While the good guys where busy trying to prevent malware from infiltration their des ktop systems\, the bad guys had gone one step ahead of the game and st arted to experiment with these devices. Close to nobody pays attention to the security of their routers and why should they. These mystical devices have always been protected thru security by obscurity.This Tal k is not about how to reverse engineer routers\, or how to get the bes t possible security out of the original firmware. This is the real stu ff. Participants will learn the fundamental basics how routers can be taken over. After a few practical examples we will then move intothe field of malware. -- Self spreading of corseThis talk will give the pa rticipants not only a fundamental knowledge of soho router hacking\, b ut also a idea about future threats and the ongoing research in this v ery interesting field of it security.Note:The preview may read a bit b oring - but when it comes down to the presentation and thematerials in volved -- then you don't want to miss it ;) CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/12.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="naxxatoe":invalid: nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:14@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081018T130000 DTEND;TZID=Europe/Berlin:20081018T140000 DURATION:PT1H00M SUMMARY:The non-technology hack CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/14.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Federico Pagiola": invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:18@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081018T170000 DTEND;TZID=Europe/Berlin:20081018T180000 DURATION:PT1H00M SUMMARY:War stories\, and what is behind them DESCRIPTION: Antitrust\, Standardisation\, United Nations - the battle for legal and political dominance over technology and markets has bec ome increasingly fierce. Georg Greve has been involved in several of t he recent clashes and will give an insight into what has taken place\, which interests are at stake\, and how this affects most people worki ng in technology. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/18.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Georg C. F. Greve" :invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:25@0sec08@pentabarf.org DTSTART;TZID=Europe/Berlin:20081017T180000 DTEND;TZID=Europe/Berlin:20081017T190000 DURATION:PT1H00M SUMMARY:welcome apéritif CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2008/events/25.en.html LOCATION:Lounge ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="0sec orga team":in valid:nomail END:VEVENT END:VCALENDAR