Despite really wanting to, I didn’t find the time to go to Hamburg for the 32C3 (bachelor’s thesis + TOEFL exam in January + work) but I caught up on some of the talks thanks to the amazing recordings the CCC always provides. I’m gonna share some of my favorite talks here with you. (Small disclaimer: I obviously didn’t watch every single talk ;))
One of my biggest takeaways is that I’ll think twice whenever I use my debit card to pay at a store. I doubt that gaping even begins to describe the security holes uncovered by Karsten Nohl, Fabian Bräunlein and dexter.
Since we’re already on the topic of banking: Using the same physical device to generate TANs and handle the actual transaction turns out to be a bad idea – who could have guessed. Vincent Haupert really drives this message home by showing how easy it is possible to exploit the app-based TAN system offered by Sparkasse.
Another really interesting security talk was given by Alexander Graf and focused on bad security in cable modems used by – among others – Germany’s biggest cable provider. I was actually pointed to that one by a friend – thanks!
There was also a great talk that looked into Red Star OS (the Linux version used by the DPRK). This was kind of a follow-up to the interesting talk from last year that focused on Computer Science education.
Another talk that I really liked shone a spotlight on the many ways that Perl is broken (Demoing for example a remote code execution vulnerability in the documentation of a widely use default library). It is presented in a way that is really funny, but apparently too much tongue-in-cheek for some proponents of the language.
Last but not least I want to share a talk that is less technical and more political. It’s a great theatrical reenactment of the most absurd situations from the NSA-BND Untersuchungsausschuss – the federal inquiry into NSA spying and the involvement of the BND. Unfortunately it is in German only.