Introduction

In December 2019, I traveled to Leipzig, Germany, and attended 36c3 (one of the largest technology, security, and activism conferences in the world) with the Irish Assembly from the local Hackerspace TOG.

A hackerspace is a community-operated, "not for profit" workspace where people with common interests, such as (but not limited to) computers, machining,
technology, information security, programming, electronics, and science can
meet, socialize and collaborate.

The theme for this year's CCC was Resource Exhaustion.

Resource Exhaustion is a type of attack on computer systems that is considered rather crude and destructive.

Life in a temporary town of hackers

For four days, 17,000 hackers congregated under one roof. I had opportunity to experience life in mini villages of hackers, activists, anarchists and artists.

I marvelled at the lights, geo-domes, hammocks, tea gardens, ball pits, art installations and temporary structures, A hacker beauty palace offered massages and make-up tutorials to avoid facial recognition. My pwnagotchi finally got to team up with other units in real life. I grew accustomed to the sounds of DECT phones ringing, people whizzing around on light-up scooters and skates, and endless supplies of Club Mate, a drink popular amongst hackers.

I enjoyed an immense sense of physical privacy, knowing that people were not permitted to take photographs without the consent of everyone in the shot, so no longshots of the hackspaces or lecture halls etc, therefore I was able to relax while walking around, free from the surveillance of social media or members of the press.

I would absolutely recommend for anyone with an interest in technology, security, privacy, open source, and freedom of speech to consider attending.

Notable Talks of Interest:

Email authentication for penetration testers - When SPF is not enough

"Forget look-alike domains, typosquatting and homograph attacks. In this talk we will discuss ways of forging perfect email counterfeits that (as far as recipients can tell) appear to be coming from well-known domain and successfully pass all checks on their way."

https://media.ccc.de/v/36c3-10730-email_authentication_for_penetration_testers#t=1

Getting software right with properties, generated tests, and proofs

"How do we write software that works - or rather, how do we ensure it's correct once it's written? We can just try it out and run it, and see if it works on a few examples. If the program was correct to begin with, that's great - but if it's not, we're going to miss bugs. Bugs that might crash our computer, make it vulnerable to attacks, stop the factory, endanger lives, or "just" leave us unsatisfied. This talk is about techniques every programmer can use to avoid large classes of bugs."

https://media.ccc.de/v/36c3-10768-getting_software_right_with_properties_generated_tests_and_proofs

36C3 Infrastructure Review

"36C3 is run by teams of volunteers. In this event, they will provide some insight into the challenges they faced while building the GSM, DECT and IP networks, running video streams, or organizing ticket sales."

https://media.ccc.de/v/36c3-11235-36c3_infrastructure_review

Boeing 737MAX: Automated Crashes - Underestimating the dangers of designing a protection system

"Everybody knows about the Boeing 737 MAX crashes and the type's continued grounding. I will try to give some technical background information on the causes of the crash, technical, sociological and organisational, covering pilot proficiency, botched maintenance, system design and risk assessment, as well as a deeply flawed certification processes."

https://media.ccc.de/v/36c3-10961-boeing_737max_automated_crashes

All wireless communication stacks are equally broken

Wireless connectivity is an integral part of almost any modern device. These technologies include LTE, Wi-Fi, Bluetooth, and NFC. Attackers in wireless range can send arbitrary signals, which are then processed by the chips and operating systems of these devices. Wireless specifications and standards for those technologies are thousands of pages long, and thus pose a large attack surface.

https://media.ccc.de/v/36c3-10531-all_wireless_communication_stacks_are_equally_broken

More Talks...

It's possible to watch back the streams at https://media.ccc.de/c/36c3
You can also view from the comfort of your Smart TV/Tablet via Chaosflix https://github.com/NiciDieNase/chaosflix