Termin:Chaotic-Congress-Cinema-28C3 Nr. 22Aus Attraktor Wiki
Chaotic Congress Cinema Nr. 22
Achtung: Der Projektor ist eingeschickt, die Teilnehmer muessen also Initiative ergreifen und sich eine Loesung zum Schauen der Videos engineeren (i.e. auf dem eigenen Laptop oder so). Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-) Weitere Informationen unter Chaotic Congress Cinema. ChokePointProject - Quis custodiet ipsos custodes?Aggregating and Visualizing (lack of) Transparancy Data in near- realtime The object of the lecture is to present and discuss the chokepointproject. How it (will) attempt(s) to aggregate and visualize near-realtime global internetwork data and augment this visualisation with legislative, commercial(ownership) and circumvention information. The goals of the project are as follows:
commercial abuse of internetworking systems in regards to civil and human rights.
information.
including voting histories.
verifiable data.
data for general use.
legal status and their potential risks.
system.
block and route) 1b. Legislative information such as Which relevant laws are currently active. Who has voted for them (supposing voting was a part of the process). Which relevant laws are currently under review or being proposed. Who are proposing/drafting these laws. 1c. What circumvention methods are currently available for specific problems.
restricted to 2a. Connectivity of geographic clusters, > 2b. Manipulation of connectivity such as: 2b.1. Traffic shaping, 2b.2. Content filtering, 2b.3. Blackouts.< p>
New Ways I'm Going to Hack Your Web AppWriting secure code is hard. Even when people do it basically right there are sometimes edge cases that can be exploited. Most the time writing code that works isn’t even the hard part, it’s keeping up with the changing attack techniques while still keeping an eye on all the old issues that can come back to bite you, straddling the ancient world of the 90’s RFCs and 2010’s HTML5 compatible browsers. A lot like how Indiana Jones bridges the ancient and the modern... Except for Indiana Jones 4. Let’s never talk about that again. Ever. Take Facebook, Office 365, Wordpress, Exchange, and Live. These are applications that had decent mitigations to standard threats, but they all had edge cases. Using a mix of old and new ingredients, we’ll provide a sampler plate of clickjacking protection bypasses, CSRF mitigation bypasses, "non-exploitable" XSS attacks that are suddenly exploitable and XML attacks where you can actually get a shell; and we'll talk about how to defend against these attacks. The best description is probably via the slides linked below. We've put a lot of effort into these, and they have video clips making the slide deck pretty big (why we're linking to it and not attaching it). |