Schedule Day 1

Missed a lecture or even missed WhatTheHack? WhatTheShame! But it could be worse. We've collected tons of footage for you - check out articles and full-length videos of the presentations, enjoy the knowledge of the experts that have gathered at WhatTheHack in the link "track" in each slot of the program.

^{English, Lecture, Track}

• Emmanuel Goldstein
• Rop Gonggrijp

^{The attack tree is an “and-or� tree where the want to be reached aims are on the top (roots of the tree) and the lines represent the ways threats could come from. The ‘AND’ lines must be happen together to reach the node, while among the ‘OR’ lines one is enough to be done. Each node could have a cost, a probability or even a ‘required tools’ value and it can be counted the cheapest way to node or even the most possible way.The advantage of an attack tree is, that in the future every new attack type can be inserted or existing node values can be modified and the attack ways can be recounted. There is also possible to connect different attack trees. Smart card systems many times are used with biometry or cryptology, which could have their own attack tree.The creation of a smart card attack tree could involve other not only directly but also indirectly influenced areas, producing the ‘attack forest’ of the information technology.}

English, Lecture, Track

• Zoli Kincses

^{English, Lecture, Track}

• Maurice Wessling
• Sjoera Nas

NGO's in the developing world

^{My presentation will consist of presenting a report I wrote for the Social Science Research Countries on the ways in which FOSS is adopted by NGO's in developing countries. I will address the barriers that NGO's face in their FOSS adoption and look at the role that institutional mediators like Tactical Tech play in facilitating FOSS adoption (1) in the developing world, and (2) outside technically proficient, FOSS-aware communities. I argue the financial precariousness of many of these organizations and the thinness of FOSS communities in many of the settings in which these organizations operate shape the case for—and define the points of resistance to—FOSS adoption in this contexts. Despite limits, in the past three years, barriers have certainly diminished in many countries, and show signs of continuing to do so as the FOSS developer community expands, and as it becomes more responsive to the needs of non-technical users. This progress has underwritten continued and expanding NGO interest in FOSS technologies, including in the poorest and most challenging locales. This chapter is an exploration of the unique sectoral conditions underlying FOSS adoption among NGOs, focusing on an account of emerging intermediaries (often NGOs themselves) who promote FOSS and facilitate its adoption in the NGO sector.In presenting this, I will also draw on my dissertation material to talk about the ways in which FOSS has functioned as an icon by which other social groups have developed and furthered their own projects. I hope to raise awareness in the developer community about the “travels� that FOSS technologies have taken. Given the participants at WTH, I hope to learn more about this area of FOSS extension by presenting this material.}

English, Lecture, Track

• Biella Coleman

^{The amount of Software written with the Microsoft .NET Framework is increasingrapidly. Shareware Authors and commercial vendors are both making heavily use ofthis new technology.In the past the quality of ordinary shareware protections has continuously risen. Mostauthors are aware of the risks included with offering trials versions of their software.They use strong algorithms like RSA, Rijandle or Blowfish to protect their software.The potential attacker is using tools like Softice, IDA or OllyDbg to break theprotection.The widespread use of the .NET Framework brings new dangers to the softwaredeveloper. He still is in risk of an attacker finding a way to break his protection.Furthermore he now faces a new threat: an attacker can easily gain access to thehigh-level source code of the Application.The presentation gives an overview of how .NET Applications are different fromwellknown Win32 Applications and what new security threats with respect to reverseengineering are arising from that situation. It will show why not to trust RSA-1024based strong names to protect your software but will show other steps you can take toavoid getting “cracked�.Presentation:(i) The Common Language Infrastruce (CLI)(ii) Intermediate Language ( IL)(iii) Strong names, RSA 1024 bit encryption(iv) Ildasm & Reflector(v) Obfuscating & ProtectingDemonstration:(i) Decompiling into IL ( Intermediate Language ), Patching IL, Recompiling(ii) Fully decompile an application to its source(iii) Beating strong names(iv) Defeating obfuscators}

English, Lecture, Track

• Hannes Pavelka

^{English, Lecture, Track}

• Kevin Warwick

^{How can you, nerd, ubergeek or opensource developer sell your skill's and knowledge to organisations who have no knowledge of opensource? A trip to the reality of pointy-haired bosses, their worries and drives. Forget MS vs Linux, KDE vs Gnome or the beauty of IPv6, managers want tools that make's stuff work faster, cheaper, better and so on.The workshop gives a short intro to synchronise our jargon and then quickly degenerates into a brainstorm based on cases from the life of the partipants. The business management perspective is brought to bear by a senior, pointy haired, tie-wearing, IT-manager.}

English, Lecture, Track

• Arjen Kamphuis

Introduction to uClinux

^{This presentation is the result of a 6 hours teaching to 4th year university students in applied electronics and to various research laboratories in Besancon (France). It aims at filling the lack of introductory material for people willing to getting started with uclinux, while focusing an a real application requiring a complete development to be functional (use of the TCP/IP stack, threads, jpeg compression as well as hardware access to most peripherals of the motorola coldfire).The picture of the authors was taken by an OVL6620 camera connected to a Coldfire 5282 processor running uClinux, as will be demonstrated during the presentation.}

English, Lecture, Track

• Jean-Michel Friedt

^{Digital Passports are introduced to combat passport modification and cloning fraud. The legacy technology has shown a growing business case for identity-fraud to support illegal migration and terrorism. Digital Passports rely on smart cards for protecting the integrity of personal data and avoiding illegal cloning. Although smart card technology is very suitable for this, vulnerabilities do exist and new attacks continuously emerge.This presentation first briefly discusses the state of the art of secure identification technology, including applications, biometry, (contactless) smart cards, operating systems, cryptographic protocols and algorithms. Then, it covers several of the latest logical and side channel attack techniques in detail. The theory behind the attack technique is explained to the audience, and for each technique, a demonstration is given on a commercially available card.}

English, Lecture, Track

• Marc Witteman

^{The development goals and action plan put forward by the World Summit on the Information Society (WSIS) constitutes a set of guidelines for externalmedia development policy for African newsrooms. Considering the rapid growth of Information and Communication Technologies (ICT) in Africa,specifically the use of mobile telephony, this presentation argues that the internal development strategies of African newsroom should coincide with the goals of the WSIS and must be supported by internal development policies. African media organisations must therefore be mindful of theories of policy, knowledge management and media convergence in order to ensure the policies developed are appropriate to an African context and are sustainable over time.}

English, Lecture, Track

• Vincent Maher

^{computer based audio is finding its way into our lives just about everywhere we turn. why is this audio often stereo at best? what is so special about multichannel audio? what specifically can one do in a homegrown way to get scalable multichannel audio into a house, concert hall, shared on multiple platforms intelligently? can you say that when you walk into your bathroom in the morning your audio not only follows you but scales properly to that environment? i hope to clear up some common misconceptions about the use of multichannel audio and to shed light on some creative uses of scalable audio space all the while employing hands-on demos with homebrew hardware and software solutions. this talk is both for the home audiophile and the musician or artist to employ in real time performance.}

English, Lecture, Track

• Fabienne Serriere

Wireless connections over 20km and more

^{What you need to know to successfully design and build a wifi long shot. RF Calculation. Knowledge about the Fresnel Zone. Polarisation of electromagnetic waves. Tricks to avoid interference. Timeout problems of 802.11abg and how to deal with them.}

English, Lecture, Track

• Elektra Wagenrad

^{The presentation will cover a basic intro into Symbian from a security perspective.It will show that it basically is security from the era of Windows 98. Possible topics include analysis of known viruses and trojans, attack demonstrations, tools to aid reverse engineering of Symbian OS programs or the OS itself. Show some differences between the different Symbian licensees such as Nokia and SonyEricsson. Show the security measures that have been taken or that could or should be taken.}

English, Lecture, Track

• Job de Haas

^{I will discuss a variety of memory allocators that are available for C and C++ and how they can be exploited.Afterwards I will describe our modification to one of these memory allocators that makes it more resilient to attacks.The talk will cover security issues with a range of memory allocators:- dlmalloc (linux malloc)- csri/quickfit- phkmalloc (bsd malloc)- Boehm's garbage collector- Windows mallocOur talk will describe how an attacker would attack the memory management of such memory allocators. The talk will also detail our own modification to dlmalloc to make it more secure against code injection attacks.}

English, Lecture, Track

• Yves Younan

Old and new legislation in theory and practice

^{English, Lecture, Track}

• Kees Peterse
• Rick van Amersfoort
• Wil van der Schans

^{Oilprices are breaking record after record. While newspapers and oilcompanies blame the Chinese, more and more geologists are saying whe are simply running out of cheap oil. Since 1961 we found less and less new oil reserves, since 1981 we started to consume more oil then found in new reserves. Currently we consume 4 barrels of oil for 1 barrel found in new reserves. Dissidents from the oilindustry itself are saying we will see a supply shortfall in 2007.According to a new study by the Department of Energy in the US making a transistion form oil to other forms of energy takes at least 20 years and will take huges investments. And energy is just one of the things we need oil for. Almost everything form clothing, computers, drugs , even solarpanels is made out of oil.When oilproduction declines, our way of live will change forever.}

English, Lecture, Track

• Peter Polder

^{Software is the basic cultural technique of the digital age, like reading and writing were the cultural techniques of their ages. Free Software understands software not as a product, but as a process of codified knowledge. To allow participation in a digital age, software must offer users the freedom to use, examine, modify and distribute the program. Acting as a European NGO within a global network, the Free Software Foundation Europe is working to improve the political, economic and legal environment for Free Software. Supported by the Fellowship community, we spread knowledge and awareness for Free Software, Free Society and work to implement it on a legal, political and technological basis.}

English, Lecture, Track

• Georg Greve

^{Cross Site Scripting (XSS) is a common vulnerability on the web these days.The presentation starts off with an introduction to XSS with some examples.What is the problem?- Untrusted data gets inserted into web pages.How is it exploited?* JavaScript Insertion* Phishing attacks* "Defacements"* Social EngineeringWhat do web developers need to know about XSS?* Filter untrusted data* Use perl's taint modeIntroduction of a new, free XSS tool first released at WHATTHEHACKWhat is it?- A XSS vulnerability scanner that helps to automate the process of looking for XSS vulnerabilities.How do I use it- Come to the talk...What do I do once a vulnerability is found?- Fix your site!- It wasn't your site? Exploit or report it! ;-)Q&A sessionTarget audience:* Web developers,* penetration testersAll code shown during the talk is in perl and JavaScript. Some knowledge of perl and JavaScript is recommended.}

English, Lecture, Track

• Sven Neuhaus

^{English, Lecture, Track}

• Ben Hayes
• Wil van der Schans

^{Seeing that the burocractic ways of the brazilian government where cloged, we found a way of working together with civil society by leaping into the digital era and collaborating directly with different collectives, from artistis, indymedia activists, hackers to musicians, trough discussion lists and wikis in the internet. We created a concept for a government project that is joining many agents in Brasilian culture, aiming to create cultural hotspots troughout the country where local cultural production exists. The cultural hotspots will use free and open source software to produce digital artifacts and will distribute these using alternative intelectual property licenses and broadband connections to the Internet. This talk will portrait over two years of our history getting this project into the government and our current progress implementig the cultural hotspots."Brazil's minister of culture, Gilberto Gil has launched a project called Points of Culture (Pontos de Cultura) that will establish free-software studios, built with free software, in a thousand towns and villages throughout Brazil, enabling people to create culture using tools that support free cultural transmission. If things go as planned, the result will be an archive of Brazilian music, which will be stored in digital form and governed by a license inspired by free software's GPL. The Canto Livre project will "free music" made in Brazil, for Brazilians (and the world) to remix and re-create. And like a free-software project, it achieves that freedom on the back of copyright"?Claudio Prado is the coordinator of digital policy of the ministry of culture of Brazil and the canto livre is one of the strategic pillars in that policy.Estudio Livre is the root of our multimedia kit that we are distribuiting in underpriviledged areas as a form to jump from the 19th century directly to the 21st century, bypassing the dead-ends of the 20 century.We have a big interest in expose our projects specially in search of synergy around the world. Our project is both governmental and non governmental at the same time. It is unique in the sense that it empowers activist movements in an anarchical process of building "isles" of free knowledge...I believe that it is exactly to the point of what the hack is going on in brazil...}

English, Lecture, Track

• Claudio Prado

how to lower it by employing fun gadgets

^{In this presentation we will learn about the electricity use in your home and what you can do in order to minimize it by employing fun off-the-shelf gadgets.}

English, Lecture, Track

• Jonas Stenling

^{Find out how magnetic stripe technology works, how it can be hacked, how to build a card reader with parts you can find in your 'junk drawer', and how this reader design can be used to reverse engineer proprietary formats.}

English, Lecture, Track

• Joseph Battaglia

^{Debian has become famous for many things -- and notorious forothers. Ubuntu is a new project that aims to use Debian as a solidbase from which to build a user-centric desktop distribution and toimprove on Debian while improving Debian itself.Of course, other Debian derived distributions exist. Ubuntu isdifferent because it is being built by Debian developers and iscontributing improvements and bug fixes back to Debian as they aremade. Funded by Canonical Ltd. Ubuntu is trying to experiment witha development methodology that harnesses of benefits of a forkwithout sacrificing either principles or practical benefits ofextensive Free Software community and cross-community collaboration.In April, Ubuntu made its second release to continued criticalacclaim. This talk introduces Ubuntu and the principles and actionsthat made that release possible while providing a glimpse into thefuture of the project.}

English, Lecture, Track

• Benj. Mako Hill

^{Estudiolivre (free studio) is an environment which enables the production,distribution and development of free media. It does this through personal weblogs, downloadable archives ,user manuals, forums, working groups, discussion lists and other collaborative work tools all of which are based on the concepts of free software,free knowledge and the appropriation of technology.Estudiolivre is unique as a collaborative Brazilian Portuguese speaking network, which researches and develops experimental andprofessional software livre for multimedia production. The community involved in estudiolivre realises that the use of free software in thecreative process is a way to improve the circulation of cultural 'goods'.Implemented this year throughout Brazil, in a partnership between the Brazilian Government and local cultural collectives, will be about 200Pontos de Cultura (cultural hotspots). Each of which , through an interface to Estudiolivre, will become mediactive in the network. Thefeedback loop will mean that the terms user and developer cease to exist and it is culture itself which influences the direction of'estudiolivre'.In the presentation we wanted to shortly demonstrate what we've been researching and producing in EstudioLivre and also mention thecultural hotspots.}

English, Lecture, Track

• Ian Robert Lawrence
• Luis Fagundes

^{The 'modern' PC in fact is a very primitive fan heater. And while many other machines become more and more energy efficient, the energy waste by PC's is rising with each new generation, without people being aware.So computers and their ever growing numbers are contributing more and more to climate change, acid rain etc. and burn more and more oil, coal and atoms.I'll share what I've learned and demonstrate my energy efficient PC (hope to improve it during WTH). And I think my small but serious effort allows me to appeal to the hard- and software industry to also, finally, take their responsibility: the world needs energy efficient hard- and software now!}

English, Lecture, Track

• Boyd Noorda

^{It's now been over thirty years since the magnetic stripe has been used in aircraft boarding passes, credit cards, identification documents, etc. For many years now much more secure alternatives have existed, such as smartcards, which offer substantially greater potential for security and privacy. This presentation examines the history and vulnerabilities of the way magstripe cards are currently used, with specific attention paid to the situation in Canada which is experiencing record levels of financial debit card fraud due to skimming and theft of PINs using cameras, hacked keypads, etc. More secure alternatives are already in use in countries like France, the UK, etc., but the largest ecomony in the world is resisting them. Is North America doomed to be the last frontier of financial card fraud?}

English, Lecture, Track

software for the freedom of speech

^{Many developers involved in dyne.org and freaknet.org free software projects will be presenting new software releases for MuSE (radiostreaming), FreeJ (vision mixer) and the ongoing development of dyne:II distribution, the next generation of dyne:bolic.}

English, Lecture, Track

• Alpt
• Godog
• Kysucix
• Newmark
• Nightolo
• Xant

^{Research with psychedelic drugs in the 1950s-1970s brought us fundamental understanding of how the brain works (including such concepts as "serotonin" and "receptors"). Many thousands of papers were published on experiments using LSD, psilocybin and other mind-altering drugs in humans. Anti-counterculture politics from the late '60s brought that research to a halt, worldwide. In the 1990s and 2000s, perseverence has again won scientists the right to use these substances to understand and treat the mind. Today, doctors are giving MDMA,psilocybin, and soon LSD to patients in ongoing clinical trials. The new focus is on proving that these drugs can help to cure otherwise intractable conditions such as obsessive-compulsive disorder, post-traumatic stress, fear of death in cancer patients, and cluster headaches.Both safety and efficacy are being studied, and if the formal results match the informal results, doctors will be able to prescribe these medicines within the next decade. By creating contexts in which these drugs can be safely taken, it may eventually be possible for healthy people to legally use them for insight, sacred use, and enjoyment.Medical use of marijuana is ancient, but has been revived in thelast decade, starting in California. Public compassion for the illis producing tolerance of the formerly illegal drug. Ten US statesallow the legal medical use of marijuana, and solid 70% majoritiesfavor it throughout the US. Most politicians hate the issue, butsome are rising to regional prominence by supporting it and ridingits popularity. Tens of thousands of patients are getting relief.Many rural police refuse to follow the law and harass patients, andfederal cops, courts, and bureaucrats are dead-set against it. Butpersonal experience with patients is teaching ordinary Americansthat what they believed about marijuana was false. Turns out thegovernment was lying and the marijuana activists were more credible.The result is rising tolerance for all kinds of marijuana use.}

English, Lecture, Track

• John Gilmore