Without a Traceroute

Another historic first from 25C3, the first-ever (confirmed) Dual Dunkin’ Donuts Distributed Denial of Service (DDDDDoS) attack.

Two Dunkin’ Donuts stores near the conference center in Alexanderplatz were simultaneously flashmobbed by hundreds of hackers, temporarily interrupting normal donut delivery. It would appear that the stores did not have adequate caching implemented, although local mirrors were available.

Happy New Year’s, everyone!

Photos and video courtesy the 25C3 wiki:

Hacker fuel

One of the important elements of a subculture is its tendency to collectively select visible markers of membership in that culture: clothes, hairstyles, preferred products. Hackers as a culture are certainly not immune to this, but as a culture that prides itself on valuing accomplishment over image, the markers of membership in hacker culture tend to be functional outgrowths rather than stylistic flourishes.
(more…)

Well, sometimes, they are really 1337 elitist Cambridge hackers who figure out how it’s possible to steal your credit card number when you use it at the cash register.

Then, occasionally, they go to German hacker conferences and explain how to do it. Hint for those of you playing along at home: it involves power drills, acid, and paperclips. Sometimes, they show off their method on a special BBC news report and leave a representative from the banking industry spluttering and making excuses.

Money quotes:
@15:15:
“I think the important thing to remember from this piece is that we’re not talking about a break of the chip & PIN security overall.”
“Well I think, according to that, we certainly are.”
@17:10:
“Let’s clarify, the system is not vulnerable. Chip & PIN is very secure. It’s not 100% guaranteed against fraud—”
“So it is vulnerable.”
“No, there’s no guarantee, 100% against fraud.”
“So it’s vulnerable! By definition. If it’s not 100% guaranteed, it’s vulnerable.”
@19:19:
“So despite the fact that new cards have enhanced security, the old cards don’t lack anything by not having it? Are you seriously saying that?”

Note to American newspeople: This is called a real interview. I realize it may look strange and unfamiliar to you. The person on the right is called a journalist, his job is to ask hard questions to his interview subject, and not let her get away with answers that are blatantly absurd or self-contradictory on their face.

I’ve arrived in Berlin at the 25th Chaos Computing Congress (25C3). I’ve only been here a couple hours, but so far it’s been really cool.

Things I’ve seen:

1. A little toy RC flying saucer with blinking LEDs and a tendency to crash into (or “attack”) passersby.
2. A guy with a multimeter working on repairing a cold-war era phone that looks like it could be the nuclear hotline.
3. A pretty cool rig using a wiimote to spot points where green laser beams are broken. Imagine a harp with laser beams instead of strings.

There’s a strict no-photos-without-permission policy at the Congress, so I haven’t been taking a lot of photos so far. If I see some cool stuff tomorrow, and people are ok with pictures, I’ll try to post some.

I’m really tired right now, I stayed up late putting off packing, and I didn’t sleep much on the train. They’ve got a gym/flophouse thing where you can crash for €5, so I’ve been waiting for that to open.

Also I’ve been encrypting and tunneling like crazy. I normally err on the side of convenience when it comes to security. I figure I don’t deal with any data that’s really top secret or anything, so, for instance, I don’t encrypt my drives because I figure it’s far more likely that I’ll wind up locking myself out of my data than that I’ll foil a thief. However, the 25C3 website includes a “How to Survive” primer that really put the fear of God in me with regard to security.
Sample reassuring passages:

“Of course there is no reason to get paranoid, even though security and paranoia go hand in hand a bit. But be careful: Just because you’re paranoid, this doesn’t mean that nobody will break into your box or is after you. ” [Translation: don't be paranoid. Well, do be paranoid. Actually, being paranoid won't save you anyway.]

“Another thing worth mentioning: Even when all consoles are locked and the passwords theoretically unguessable, most recent notebooks and desktops are equipped with Firewire, which can be quite a lot of fun as well: http://www.ccc.de/congress/2004/fahrplan/event/14.de.html (German only) And who knows, maybe somewhere in the RAM there’s a clear text copy of the necessary password…? ” [Do everything right and you can still get pwn3d.]

“NO Social hacking (don’t trust anyone)” [And have fun!]

Aside from the main robot exhibition in the museumquartier, there were also several seminar-style discussions on different topics related to robots and technology.

There were three different panel discussions:

1. Smartass reloaded? AI and the Future Role of Cybernetics
2. Rest in Pieces? Cyberpunks, Cyborgs and the Complexities of Discourses
3. The Policy of the Artificial: Strategies, Tendencies and Perspectives

The discussions were pretty interesting. However the participants in each panel were randomly assigned, not by area of expertise, so the conversations had a tendency to drift off topic. The second panel, in particular devolved into a love-fest for Twitter. One girl even said, “You’re no one if you’re not on twitter,” which was apparently intended to be a clever song reference, but just came off sounding pretentious since nobody knew the song. At this, I chortled audibly, and Johannes dragged me up to the front (“Who’s laughing back there?”) to discuss my distaste for Twitter.

This I did, reluctantly at first, but with gradually increasing vehemence. I believe I said, and still believe, that Twitter takes the worst elements of blogging and exaggerates them. It promotes self-absorbed navel-gazing, instantaneous, knee-jerk posting-without-thinking and obsession with irrelevant minutia. The one-hundred-and-forty character post limit virtually assures an absence of serious reflection. I’m not saying people who use Twitter are necessarily shallow people, but it is a tool that promotes shallow thinking.

In any case, I give the Twitter-loving audience credit for not immediately burning me at the stake. My aversion to Twitter did become my most well-known personality trait for the rest of the festival, though. Sample Tweet: “Roboexotica panel: finished. Having dinner with @melochka and the guy who hates twitter”
(more…)