Blog‎ > ‎

33C3 notes & keywords part 5

posted Mar 19, 2017, 1:05 AM by Sami Lehtinen   [ updated Mar 19, 2017, 1:06 AM ]
  • No USB? No problem. - Sounds interesting. Software based USB stack. Basics of USB. This is nice, I haven't really bothered. Bit stuffing. keepalive. Slew rate. I really like this talk. Grainuum. Also loved many of the approaches where they mentioned, this is what should be done. But we can just go and ignore it. Nice.
  • Copywrongs 2.0 - Let's see how stupid laws there are being crafted. Yep, just as crazy as you could imagine. Well, I won't even comment these.
  • Quicky glanced at BearSSL. No I don't have any use for it right now. It's also alpha software. Alpha + Security = Not a good match for production. ;) But I admit there are use cases where lighter and smaller code is very useful. Getting rid of all that bloat, and doing only the essential things is sometimes very beneficial.
  • It seems that time of wonders isn't ever over. When watching 33c3 videos, suddenly there start to be really annoying audio artifacts. First I thought that the video streams audio was bad. But then I noticed when pausing and unpausing the video stream the audio artifacts were late for about 100 - 150 milliseconds. I don't know what caused the problem. Probably had to do something with too many different audio sources when I had multiple video stream tabs open. After rebooting system, everything worked normally again. - So annoying, so strange, yet so normal.
  • 3 Years After Snowden: Is Germany fighting State Surveillance? - This should be interesting. Well, it's pretty good. So far nothing I wouldn't have expected. Wiretapping Internet exchanges (IX), etc. - Nice ending, they got Snowden talking. Nice applauses too.
  • On the Security and Privacy of Modern Single Sign-On in the Web - SSO This topic is also interesting. But I'm sure there are way different implementations. Others are actually secure and some are guaranteed to be totally insecure. OAuth, OpenAuth, OpenID Connect, IdP, Mozilla Persona, BrowserID. Lack of privacy. Single point of failure. kw: token, authentication, authorization. OAuth 2.0 not compatible with OAuth 1.0, yet OAuth 2.0 is much nicer.  Session integrity. Authentication. Authorization Code. Redicrect Attack. Identity Bridge. Identity Forgery. Privacy Attacks. So much fail, unsigned parts, etc. Lack of signature checking, and other 'obvious' fails. BrowserID privacy broken. Spresso. Identity Provider. Subresource Integrity.
  • A world without blockchain - Complexity of cross bank money transfers. Interbank messaging. ECB. SWIST Communication network. XML SCLSCT BBkSCF. Yep, nothing special. Does look just like any other XML integration. TARGET2 / RTGS. Netting Batches. Low value transactions. Money Clearing House. Beneficiary Accounts. International cross currency payments.
  • Stopping law enforcement hacking - Stingray, IMSI Catcher. Military Surveillance Technology. Remote Operations Unit (ROU). Cross Border Hacking. Power Abuse. Lack of Firefox security sandbox. Cubes OS, Subgraph OS. Generally new high level talk. Surprisingly litte news / technical facts in this talk. "Are Linux users safer, because of being minority" - "No", was the answer. Technical debt mentioned. Zero Day Exploits. Government and Law Enforcement does mistakes. - Sure, everyone does. Network Investigative Technique, it's just FBI issued malware. Twisting words.
  • The Untold Story of Edward Snowden’s Escape from Hong Kong - Refugees saved him life? This should be interesting. Lame fail with the presenter, that's unfortunate. When giving presentation, if anything goes wrong. It's your fault. Presenter needs to make everything as ready and sure as possible. Because it's your presentation which will get ruined, by any fault whatsoever. Very bad start for that presentation.  Well story got much better after that major blunder at the beginning. Fund raising platform taking 20% cut, ouch! That's bad.