Schedule Day 2

Missed a lecture or even missed WhatTheHack? WhatTheShame! But it could be worse. We've collected tons of footage for you - check out articles and full-length videos of the presentations, enjoy the knowledge of the experts that have gathered at WhatTheHack in the link "track" in each slot of the program.

^{English, Lecture, Track}

the good, the bad, and the ugly

^{Physical security is an oft-overlooked but critical prerequisite for good information security. Software has leaked into every aspect of modern life and now controls access to physical resources as well as to business and personal information. When critically examined, physical security policies and mechanisms have (perhaps have always) contained substantial snake oil components, including back doors, extensive use of protection by "security through obscurity", and piece solutions which ignore their environmental context or need to function in a system.}

English, Lecture, Track

• Mark Seiden

^{Details on the science of information retrieval as it applies to Web-based search engines, file search and bibliographic systems. Once a document is harvested, how is it parsed, weighted and ranked? When a query is submitted, what algorithms are used to decide which documents best match the query? A focus on the internal algorithms and processes available to such systems, with information on how to make or tune your own system. We will work through some examples of ranking algorithms, starting with simple binary ranking, then into more sophisticated vector and probabilistic ranking. The goal is for participants to understand the science that goes into search systems.}

English, Lecture, Track

• Greg Newby

^{With this presentation first we want to present a very interesting open source project where we are working in internally and want publish some new capabilities as result of our use and testing of this impressive Apache module, because we think it is a good project to invest time for the community, and it tries to cover a forgotten field and be a true alternative to commercial solutions; second objective is to present a practical demonstration on how it works, what kind of attacks we can avoid and how the advanced filtering definition permits to control, in an incredible detail, the security of an application, and how you can build your own Application Firewall Appliance; and thirdly, to explain wherein we are working in to increase the level of protection of the applications, usability, increase the per-application automated rule generation, etc.Modsecurity is already a solid project, it really works very fine, and it only needs more people to know it and get involved to make it bigger and better.Audience: GeneralSkills: Basic Knowledge of Web Application attacks- What is mod_security?- Characteristics and capabilities- Advantages- Configurations:* Generic attacks protection* Commercial/OpenSource applications defense* Propietary Web App protection* Web Services Apps attacks- Architectures:* Apache module* App Firewall+proxy- Performance tests/results- Future improvements:Areas which we are working to enhance the power of this module.}

English, Lecture, Track

• Christian Martorella
• Daniel Fernández

The Past and the Future

^{Recent breakthrough-results on hash functions like MD5 and SHA-1 cast some doubts on their fitness for particular applications. Which applications? What is the real impact?What are standardization organisations (NIST, ISO, IETF, ETSI, ...) doing / planning to do?Is it possible to fix existing hash functions without changing their inner working?Shall we replace MD5 and SHA-1 immediately? What are our alternatives anyway?Many questions, some insights and answers in this talk.}

English, Lecture, Track

• Christian Rechberger

^{Cyclos is an Open Source internet applications which is a sort of combination between ebay and banking software. It makes it possible to start issue your own money, and start an internet based "local community currency" system. The idea behind such systems is very simple, though effective: if you don't have money, just create and issue it yourself! Cyclos makes it possible to login with member accounts, place ads, make payments in the local currency, apply taxes, etc. etc.The presentation goes a bit into the background of economics, money and the community currency philosophy, which in fact resembles the Open Source Philosophy. Also the software itself, as well as the practical use of it is being addressed.target audience: anyone interested in poverty or social issuesrequired skills: none}

English, Lecture, Track

• Rinke Hoekstra

^{There are good reasons why PGP is more suitable for commercial applications than X.509, but also several reasons that make it less usable. We will compare the technologies to find out the things that block PGP from commercial applications.One problem of signing technologies in general is that it is hard to assign formal value to signatures. We address this problem with a proposal to automate the processing of signing policies.Target audience: Those interested in digital signing.Assumed skills: Some basic experience with digital signing.}

English, Lecture, Track

• Rick van Rein

^{An informal introduction to quantum computing and quantum cryptography in particular.}

English, Lecture, Track

• Stephanie Wehner

Wireless Support In OpenBSD

^{The OpenBSD project produces a free, multi-platform 4.4BSD-basedUNIX-like operating system. Their efforts emphasize portability,standardization, correctness, proactive security and integratedcryptography.The developers of OpenBSD are very careful about licensing issues andthe consequent use of free software in their base system. Recently, thishas most notably resulted in missing support for many Wireless LANchipsets due to the non-openess of manufacturers - either they requirethe usage of their very restrictive licensed firmware or the usage ofprecompiled, binary only kernel objects which control hardware access tothe chipsets.This speech addresses these problems and how various manufacturers couldbe convinced to release their firmwares under less restrictive licenses,how the Open Source HAL module for the ath(4) driver was developed aswell as details about the enhanced WLAN support with new drivers andfeatures for the upcoming OpenBSD release 3.7. The Open Source communityhas support for nearly all Ethernet, SCSI and RAID chipsets and whyshouldn't there be Open Source support for all of the Wireless LANchipsets? Or is "Wireless 802.11 a Microsoft only technology?"}

English, Lecture, Track

• Reyk Floeter

Turbocash a rising open source accounting package

^{Accounting package with stock control and cash register witch allowshooking up scanner, display pole, cash register, printer and weightdish. There is also integration with one of the biggest open source webshop OSCommerce. The lecture will include the founding of Turbocash,current status and feature plans, functionality scan and demonstrationof the primary functions. The workshop will cover more in dept programknowledge, hooking up to OSCommerce web shop, and gives the attendees anopportunity to ask questions. There will be an e-book available to allworkshop attendees. We have a good user basis in South Africa (10000+),United-Kingdom (3500+) and the Netherlands (2600+) but more parts of theworld are discovering Turbocash. Current translations include English,South African, Dutch, Spanish and Indonesian.AudienceConsultants, System integrators and anyone with a interest in financialadministration.SkillsAccounting skills would be handy but not really needed.}

English, Lecture, Track

• Pieter Valentijn

^{Well...This lecture is about IT-securityrisks in factories and how you can prevent them. Usually, with a crowd like the one at WTH, I guess most know how to run a network with firewalls, vlans and ACLs etc,etc... It's the same here, but for factories you probably need to know how the factory equipment work. PLC's, Distributed I/O's and fieldbuses are all special types of equipment that no sysadmin has encountered before in an office lan (well, perhaps bus-networks ;P) . I'll explain what a Programmable Logic Controller, distributed I/O and a fieldbus is, how to implement them and how and why they are used. We'll look at pictures from SSAB (swedish steel AB) of equiptment in use at the factory floor. I'll also talk about how they did when they created their intranet (office and industrial) and the filosofies behind their decisions. Modern day threats, such as viruses or ddos's and the human factor will be a key part in my lecture. Profibus will also be a major point in my presentation. It's a new standard fieldbus that enables easier wireing and has other benefits aswell. The PLC's that I'll talk about are ABB's AC800M* and Siemens Step 7**. I'll also talk about programming a productionline using logic operators (AND OR ELSE and so forth..). That will be brief, since that's doesn't really touch upon what this lecmore in-depth after the lecture if anyone wants it.Needed skills for this lecture:CCNA or similar common networking skills}

English, Lecture, Track

• Mats Lundqvist

^{1) What's the problem? - the positive relationship between worldwide standards of living, industrial / agricultureal production, and energy consumption; why oil is a key and irreplaceable fossil fuel.2) How much oil is down there? - why it's hard to know, and why there is so much uncertainty and consequent disagreement.3) At what rate can we extract oil from underground? for how long? - description of Hubbert's Peak, Peak Oil, and reasons for even more uncertainty and disagreement.4) What are the consequences of Peak Oil? - range of opinions, from "no problem" cornucopians to "die off" pessimists. Why is there so much uncertainty? Is there anything that can clarify the outlook for our energy future?5) Things we can do: (a) acknowledge our energy problem and raise awareness; (b) acquire better energy information; (c) undertake a project to model world energy.This presentation focuses on (c).6) What are the benefits of a world energy model? - helping raise awareness of consequences; provide a decision-making tool to nations and policy makers7) Foundation of a good energy model: good information (energy database) and a rigorous ERoEI (Energy Return on Energy Invested) methodology. Every energy source has an energy cost; the model must observe the laws of physics and thermodynamics.8) Energy Model in use: run scenarios of possible energy futures; answer the question "can we get there from here?"9) Attributes of a good energy model: accessibility and transparency. Examples of other modeling efforts. Some ideas for how to start the energy modeling project with creation of a software-readable energy database.10) Models for development of a huge project like this - initial design team of 4-10 people, 2 years, $1M - then international Internet collaboration, similar to Linux and Open Sofware concept, to maintain and improve the model.}

English, Lecture, Track

• Richard Lawrence

^{A honeypot is a closely monitored network decoy serving severalpurposes: it can distract adversaries from more valuable machines ona network, can provide early warning about new attack andexploitation trends, or allow in-depth examination of adversariesduring and after exploitation of a honeypot. As physical honeypotsare often time intensive and expensive, virtual honeypots can easilyscale to thousands of machines. This talk presents recentimprovements in Honeyd, a framework for virtual honeypots thatsimulates virtual computer systems at the network level. Thesimulated computer systems appear to run on unallocated networkaddresses. To deceive network fingerprinting tools, Honeyd simulatesthe networking stack of different operating systems and can providearbitrary routing topologies and services for an arbitrary number ofvirtual systems. This talk discusses fun features of Honeyd'sdesign and how Honeyd can be applied to many areas of systemsecurity, e.g. detecting and disabling worms, distractingadversaries, or preventing the spread of spam email.}

English, Lecture, Track

• Job de Haas

^{ngode is free/libre open source accounting software focused on needs anddeveloped from the perspective of non governmental/non (for)profitorganization. it is developed in multimedia institute's mi2lab.multimedia institute - mi2 is croatian ngo focused on issues of new media/ technology / art, social theory, cultural policies and activism. ngodeis based on use case of mi2 where there is a complex matrix of manyprojects, programs, grants, funders + a commercial service of publicaccess to internet.the goal of the software is:* to cover records of incomes (grants + own earnings etc.)* to cover outcomes (costs etc.)* to plan allocation of money from grants into projects* to have a good tool to write easily and quickly reports for fundersby particular projects and/or grants (based on plans)* to have a good tool to make reports on the current states ofprojects/grants/costs/etc for project managers in an organization(ie."how much money left i have in the budget of project XYZ for theparticular XYZ costs").in designing the data model we were trying to cover many to many matrix(many funders, many grants, many projects, many costs, many reports...).for example by many to many we mean possibility of having particularcosts which are covered by more than one grant by more then one funderor being placed in more than one project at the same time.in choosing the technologies on which ngode is based we had in mindplatform which will be remotely avalaible for demos or hosting it asweb service + multiplatform client's printing support (firefox). theother priority was to make ngode good platform for online support inreal time + having documentation editable from everywhere so it can beused to build financial knowledge base for ngo's in general. that's whywe build ngode upon our online colaborative tool tamtam with wikifunctionality. tamtam and ngode is written in python using twistedmatrixnetwork framework.additional information: http://tamtam.mi2.hr/TamTamDev/NGOdE}

English, Lecture, Track

• Andy Nicholson
• Nenad Romic

^{Even though all the knowledge has been known for hundreds of years, many people still find cryptography complex. This presentation shows how the basic cyphers works, explains their shortcomings and possible solution. The knowledge ought to be a required skill for everyone who wants to use cryptography and explore the possibilities. After the session participants will be able to encode or decode messages by hand on a small piece of paper.This session isn't really groundbreaking in the sense that anything shocking is shown. The main purpose is to educate people in the field of cryptography and make them enthousiastic about it. It needs to break down barriers of 'too complex for me' and encourage people to get started and use/write software.Besides the ins and outs there will be a focus on the clear need. As with many other presentations this is a fun-to-be-at-session}

English, Lecture, Track

• Brenno de Winter

How it works, its future, and its effect on community & pirate radio.

^{This talk explains how DAB (Digital Audio Broadcasting) is much more complex and in many ways better than analogue radio (AM and FM). It looks at the state of the market, which countries have it and its popularity. Does the fact that DAB is much more in the hands of large companies stop small community/student stations from broadcasting? And how much more difficult is it to broadcast pirate radio on the more locked-down DAB?}

English, Lecture, Track

• Russell Trafford-Jones

^{What do the United States Department of Defense and the ElectronicFrontier Foundation have in common? They are both funding the developmentof Tor (tor.eff.org), a free-software onion routing network that helpspeople around the world use the Internet in safety.The public Tor network has over 200 servers on five continents, andaverages over 100Mbit/s of traffic. Our users include ordinary citizens whowant protection from identity theft and prying corporations, corporationswho want to look at a competitor's website in private, and aid workersin the Middle East who need to contact their home servers without fearof physical harm.I'll give an overview of the Tor architecture, and talk about why you'dwant to use it, what security it provides, and how user applicationsinterface to it. I'll show a working Tor network, and invite the audienceto connect to it and use it.}

English, Lecture, Track

• Roger Dingledine

Non-technical challenges for community networking

^{More info: http://wiki.whatthehack.org/index.php/NonTechnicalChallengesInCommunityNetworking}

English, Lecture, Track

• Rob Dyke

^{English, Lecture, Track}

• Colin Daniels
• Vincent Maher

^{Internet background radiation can be analyzed using a so-called network telescope. Traffic destined to an other-wise unused network is dissected and analyzed for anomalies as well as worm propagation, DDOS attacks and whatnot.The talk will give an overview on traffic categorization methods, buildup of such a system and countermeasures based on the lessons learned.}

English, Lecture, Track

• Hendrik Scholz

^{Today our identity is far more digital than most people consider. But what creates an identity? What part of our identity is created by ourselves and how big is the influence of others? And, finally, is there a way to manipulate us deep inside via digitality? We will discuss the role of digital power - and especially hacking - and take a look on todays scientific research.}

English, Lecture, Track

• Stephan Humer

What do our Issues have to do with the 3rd World?

^{Copyright enforcement directive, software patents, digital divide, seeds and pharma patents are all parts of the same game:The laws and directives about the so-called intellectual property are all working towards a stronger monopolization of knowledge.This workshop wants to show, what international treaties like TRIPS and institutions such as the WIPO mean for our lives, our work and what our fight for the private copy, against software patents or for privacy can do to help the people in developing countries.}

English, Lecture, Track

• Julian Finn

^{Technology profoundly changes life for the disabledTechnology is about creating new abilities, as is education. Combining them is the best way to find a solutionThe disabled need to take empowerment to a new level, where they take charge of technological development for their needs}

English, Lecture, Track

• Arun Mehta

^{Evolutionary Computation is a term that describes a variety of methodsinspired by evolution that can solve problems that might otherwise beintractable. The methods share a population-based approach, in whichpossible solutions are "evolved" by performing "genetic operations" suchas mutation and cross-over on some type of genomic representation.Using genetic programming methods you actually grow or evolvecomputer programs to solve your problem. Instead of specifying howsomething is to be done, you specify a "fitness measure" that tellshow good of a solution you've got, and then let the system evolve apopulation of candidates. Believe it or not, this stuff actuallyworks!Human equivalent (or superior) solutions to problems such as analogcircuit design, control theory, circuit layout, synthesis of antennas,and optical systems have been achieved over the past couple of yearswith genetic programs running on 100 node clusters. Given Moore'slaw, this stuff will be running on our desktops soon.}

English, Lecture, Track

• Eric Blossom

Organizing the chaos with the Lady of Discord

^{Planning a conference in the hacking community is a tough job. Pentabarf is a new approach to finding a solution pulling things together in a web-based database application.}

English, Lecture, Track

• Sven Klemm
• Tim Pritlove

^{When the Huygens probe sent back the first raw images from Titan, these were immediately available online. An online group of space enthusiasts responded instantly. With basic photo editing software, it was possible to create simple compositions of the fitting puzzle pieces. By exchanging these first composited images, other amateurs could easily jump in on the task of completing full views of Titan. The collection of puzzle pieces quickly revealed exciting unseen panoramas which were published online. While the space agencies allowed their teams to prepare for a press conference on the first results, the group of amateurs had already sparked an online interest. The talk tells the story of how an open source philosophy allowed the enthusiasts to beat the space agencies to impressions of Titan. The scientific value of amateur compositions is discussed. Suggestions on how open source minded amateurs and space agencies can cooperate on similar future projects are presented. The talk is of interest to people with an interest in astronomy and/or open source philosophers.Keywords: amateur astronomy, Huygens, open source, space agencies, Titan.}

English, Lecture, Track

• Anthony Liekens

why do YOU need a PC in your car

^{I'd like this presentation to be more a debate/brainstorming/collective dreaming than a typical presentation about the opportunities that having PCs inside cars [call it trucks/buses/motorcicles/boats/whatever you can take some extra 500watt of, and moves ;)] will open in the near future.Anyway, I should first try to give a short introduction and a review of the state of art (basically by reviewing already completed installations) in this particular area of computer (ar)technology.}

English, Lecture, Track

• José Ramón Torregrosa Durán

^{Beginning with 2003, Bluetooth security is investigated. Since then,different methods and ways were identified that allow to either crash,abuse or control Bluetooth-enabled devices.Besides known Bluetooth security issues like BlueSnarf, BlueBug andBlueSmack, this talk also covers newly identified Bluetooth securityproblems. For the sake of fun, after a short introduction of theBluetooth wireless technology and the explanation of the differentsecurity issues, there will be a hands-on demonstration-part where alsonew toools are released.}

English, Lecture, Track

• Martin Herfurt

^{Lobbying for Open Source and Free Software is necessary for raisingawareness in politicians' minds. But there are only few who really dojust that on a national and european level. Lobbying for free softwaremeans working in your spare time against lots of paid Microsoftlobbyists and agencies. In this presentation we want to show howlobbying for free software and open source works and what can be done topromote freedoms in the digital age.}

English, Lecture, Track

• Elmar Geese
• Markus Beckedahl

The German Infectious Disease Surveillance Network

^{Infectious disease surveillance is very important for outbreak investigations and health service planning, not to mention the all important war against (bio)-terrorism. Since 2001, a federal law has required the German "Länder" (States) to collect information on selected infectious diseases like Salmonella, Influenza, Anthrax etc. With surveillance systems already established in many European countries for decades, Germany had to catch up quickly and did manage surprisingly well to implement a good solution (}

English, Lecture, Track

• Florian Burckhardt

^{The current state of the arts in operating systems happens to be a grotesque accident. We're suffering daily from the rotten foundations of modern computing, particularly the widespread use of the programming language C, and the process model of UNIX and its evil twin, Windows.This talk will illustrate why the current approach is futile, and present alternative approaches and ideas. We will look at different historical approaches, why they failed, and what we can learn from them.We suggest an alternative approach for an operating system and computing environment, and present a roadmap based on the work we have done so far towards a system that at least will be secure against buffer overflows, integer overflows and double frees, to free our hand to care about real problems, like getting the actual job done.}

English, Lecture, Track

• Andreas Bogk
• Hannes Mehnert

Events since the publicity surrounding a rather large security problem involving all sorts of mechanical locks

^{A technique called 'bumping' can open most locks damage free, inlittle time, with little training and using only inexpensive tools.Even a number of high security locks can be rapidly opened damage freewith this technique. When this message hit Dutch media all hell brokeloose. Questions where even asked in Dutch parliament.In this workshop we will explain how bumping works, what happened withthe media in the Netherlands and what lock manufacturers have (triedto) come up with to protect their locks against this problem.}

English, Lecture, Track

• Barry Wels
• Han Fey

^{Geeky variant on speed-dating: 10-15 presentations in 1 - 1,5 hour.}

English, Lecture, Track

• Rolf Kleef

^{English, Lecture, Track}

• Esther de Haan
• Irene Schipper

^{English, Lecture, Track}

• padeluun
• Pim Peterse
• Wil van der Schans

^{THC Olympic Quiz is held every 4 years. Groups or individuals have to proof their skills and answer the questions of the THC quiz master. We start with an easy round where individuals battle against each other. Then we do some group rounds where groups of up to 4 people battle against other groups.Questions are about security, hacking, unix, anarchy, computer history, programming questions, exploits, tools, ...The winners receive a t-shirt, a box of beer and eternal life.}

English, Lecture, Track

• Skyper