Termin:Chaotic-Congress-Cinema-28C3 Nr. 37
Chaotic Congress Cinema Nr. 37
| Beginn: |
27.10.2025 18:27"2012/09/19 20:00:00 PM" contains "20" as hour element that is invalid for a 12-hour convention. |
| Ende: |
27.10.2025 18:27"2012/09/19 22:00:00 PM" contains "22" as hour element that is invalid for a 12-hour convention. |
The coming war on general computation
The copyright war was just the beginning
The last 20 years of Internet policy have been dominated by the copyright war, but the war turns out only to have been a skirmish. The coming century will be dominated by war against the general purpose computer, and the stakes are the freedom, fortune and privacy of the entire human race.
The problem is twofold: first, there is no known general-purpose computer that can execute all the programs we can think of except the naughty ones; second, general-purpose computers have replaced every other device in our world. There are no airplanes, only computers that fly. There are no cars, only computers we sit in. There are no hearing aids, only computers we put in our ears. There are no 3D printers, only computers that drive peripherals. There are no radios, only computers with fast ADCs and DACs and phased-array antennas. Consequently anything you do to "secure" anything with a computer in it ends up undermining the capabilities and security of every other corner of modern human society.
And general purpose computers *can* cause harm -- whether it's printing out AR15 components, causing mid-air collisions, or snarling traffic. So the number of parties with legitimate grievances against computers are going to continue to multiply, as will the cries to regulate PCs.
The primary regulatory impulse is to use combinations of code-signing and other "trust" mechanisms to create computers that run programs that users can't inspect or terminate, that run without users' consent or knowledge, and that run even when users don't want them to.
The upshot: a world of ubiquitous malware, where everything we do to make things better only makes it worse, where the tools of liberation become tools of oppression.
Our duty and challenge is to devise systems for mitigating the harm of general purpose computing without recourse to spyware, first to keep ourselves safe, and second to keep computers safe from the regulatory impulse.
Links
+ `Bio Cory Doctorow <http://craphound.com/bio.php>`__
- Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4848.en.html>
- Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4848-en-the_coming_war_on_general_computation_h264.mp4>
The engineering part of social engineering
Why just lying your way in won't get you anywhere
All the talks i saw about SE so far just showed which good SE's the speakers are. I try to do another approach, what if i get in and don't know what to do then. The talk is about the reconn. before the assessment, the different approaches of SE. Which techniques can one use, how to do a proper intel. and what is useful. How things work and more important why. Which skill set should one have before entering a engagement. And last but not least how do one counter a SE attack.
Preface:
Needed Skillset:
-physical (ie.NLP)
-logical Customer Preparation:
-theoretical models of attack
-check customer needs by his business
-Contract
Preparation & Reconnaissance:
-threat modeling
-physical
-logical
Project Planing:
-Storyboard
-the target
-infiltration
-fetching data/reaching the target
-exfiltrate
-backup plans
Infiltration:
Find & fetch the data:
Exfiltrate the data:
Writing report:
Business impact analyses:
customer meeting:
Links
+ `the slide deck <http://www.slideshare.net/theAluc/28c3-version-of-
the-engineering-part-of-social-engineering>`__
+ `http:// <http://>`__