Interesting talks at 26c3

I hope to attend a CCC event some day. While there are many great talks in the 26c3 schedule, here are some talks that look particularly interesting.

Others that may be interesting but haven’t posted slides or papers yet:

Hope everyone at 26c3 has a great time. Best wishes for a safe and secure 2010.

3 thoughts on “Interesting talks at 26c3

  1. Sigh. I’m not sure how I feel about the GSM attacks.

    The hand-waving assertion in the SRSLY talk that criminals are cracking GSM all the time smells strongly of fish to me. If there are criminal gangs out there of sufficient skill to replicate the work these guys are doing, they’re surely in the tiny minority. And the ability of governments to break it is no news, it must be taken for granted by any even remotely clueful criminal, I mean Hollywood has only been showing location traces and intercepts in films for the last 10 years or so.

    It’s not even telling the world something new or interesting. GSM security was known to be vulnerable, that’s why UMTS does mutual handset/network authentication and isn’t vulnerable to the kasumi downgrade attacks. Releasing the tools people need to practically exploit GSM isn’t going to magically speed up 3G deployments.

    As is often the case with advanced security research, it seems likely to me that the only people who will benefit from it are bad guys who don’t have the skill level needed to do the work themselves, which I feel sure is the vast majority.

    1. I was with you until the “bad guys” part. I think this announcement and publicity was premature. Basically they reached a milestone of getting all the data together, but it’s not yet in a sorted and cleaned up form. That’s great, but probably not the most effective time to make a big splash since so much isn’t complete, as you point out. It leaves room for industry FUD.

      Compare this to the EFF DES Cracker. They went public after they had cracked the DES Challenge key, not when the first prototype chips came online. That was the right moment to have the biggest impact on getting banks to change over from single DES.

  2. BTW thanks for the links. I found two other talks that are of direct interest to me and my work:

    I’ve been working on identifying large numbers of bad/fake spammer ASNs. Who needs botnets when you can just scam RIPE out of huge netblocks?

    I’ve been developing some of the ideas of liquid democracy on my own. I didn’t know until today that it has a name. Looks like web activity for the term [liquid democracy] is pretty quiet though. It’s good to find a way to connect with others who are using the same ideas. The pirate party connection is unfortunate though.

Comments are closed.