Schedule Day 3

Missed a lecture or even missed WhatTheHack? WhatTheShame! But it could be worse. We've collected tons of footage for you - check out articles and full-length videos of the presentations, enjoy the knowledge of the experts that have gathered at WhatTheHack in the link "track" in each slot of the program.

^{English, Lecture, Track}

^{This presentation will show how to go about reverse engineering an XDA (Pocket PC)device. Both from the hardware and software perspective. It will show how easy itwas to unlock the device and how many mistakes were made by the developers tryingto prevent it.}

English, Lecture, Track

• Job de Haas

^{OpenWrt is a Linux distribution for wireless lan routers, such as Linksys WRT54G and Asus WL500g. Instead of trying to cram every possible feature into one firmware, OpenWrt provides only a minimal firmware with support for add-on packages.We would like to present the OpenWrt distribution for interested beginners and developers.}

English, Lecture, Track

• Felix Fietkau
• Waldemar Brodkorb

^{The MILK ProjectThe MILK project of artist Esther Polak followed a European dairytransportation from the udder of the (Latvian) cow, to the mouth of the(Dutch) consumer. All people who played a role in this chain received aGPS-device that registered their movements for a day. A softwareapplication, called the Milk Machine, was developed by Markus The ofAmsterdam Software to edit and visualize these GPS-tracks, to combinethese visualizations with pictures and sound, and to create and show thefinal installation.The MILK Project was awarded the Prix Ars Electronica 2005 in thecategory of Interactive Media.Target audience: Those interested in multi media art and/or GPS. Notechnical skills required.}

English, Lecture, Track

• Markus The

^{How does the 'Golden Shield'work? What is censored, which companies are involved.}

English, Lecture, Track

• Greg Walton

^{Until now WindowsCE or more specific PocketPC has not received very muchattention in terms of exploitation, also both are around for quite sometime now. This presentation aims to change this. It will give anintroduction on how to exploit PocketPC. We start of with a overview ofWinCE and then quickly move over the specifics of writing exploits.The presentation will focus on the ARM architecture only and will bevery technical all together. One of the highlights will show what can bedone with PocketPC based smartphones. Previous work will be mentioned,of course.}

English, Lecture, Track

• Collin Mulliner

Networking and remote areas

^{This presentation is about the development of a device that can connect local (wifi) networks over a distance of more than 500 km.}

English, Lecture, Track

• Karel Fassotte

Crawling Myanmar, Circumnavigating Internet Censorship, Mapping Whois Issue Networks (the movie), Picturing Palestinian-Israeli

^{Govcom.org is conceived as a project to map debates on the Web on important social issues. Together with Anderemedia and Sonologic, different tools have been developed to crawl, scrape, locate, and eventually map those issues. In many of the cases, the resulting maps visualize a Web state-of-affairs that is otherwise invisible to the naked Web-surfer's eye. By making things visible, we touch upon different issues and questions ranging from the location of the places of issues on the Web; positive and negative implications visualizing Internet censorship might have; representation of the digital divide from different points of view; and media monitoring of conflict-related issues. A public presentation aimed at developers, public interest groups, advocates, (media)activists, and academics.}

English, Lecture, Track

• Anat Ben-David
• Erik Borra
• Koen Martens
• Marieke van Dijk

^{One of the hot topics in the ongoing security vs. privacy debate is theuse of biometrics. As usually happens with hot topics, there is a lot ofmis-/disinformation, secret agenda's and wild expectations clouding theissues.The goal of the Biometrics Crash Course is to provide those new to thetopic of biometrics with an introduction that is as clear and honest aspossible. After that, there will be time for questions and discussion soboth novices and experts are very welcome.}

English, Lecture, Track

• Marnix Arnold

Wireless networks in Amsterdam and Leiden

^{English, Lecture, Track}

• Jaap
• Rop Gonggrijp
• Rudi van Drunen

Reconfigurable computing for the kernel

^{KAD is an interdisciplinary development project which consists of kernel driver programming, fpga programming (VHDL/Verilog) and hardware development. There is no working KAD at the moment, but our aim is to develop such a device under the GPL with much support from everyone who likes to do so. The development will be carried out from bottom up by integrating existing components into the kad.This is a follow up to the lecture held at 21c3. We want to talk about the development and discuss the architecture.}

English, Lecture, Track

• Ludwig Jaffe

^{Geluidsnet operates a low-cost network of air plane noise measuringunits that surrounds Schiphol Airport in the Netherlands. The monitoringstations are housed by the local community; private people, schools andcompanies.By placing the measurement stations within a kilometre distance of eachother an overlapping network is created where you can watch a plane flyfrom one measuring unit to another.The monitoring stations are Linux computers with a calibrated microphoneattached to the sound card's microphone input. A DSL line is used toupload the measurements to a central database so that the results can beviewed real-time on our website.Measurement reports are made available to local municipality. Thisenables them to discuss the development of air plane noise with the Aircontrol officials based on their own measurements.}

English, Lecture, Track

• Jasper Koolhaas

^{This talk will describe the efforts underway to create and distribute free literature, with a focus on Project Gutenberg and on the challenges of copyright laws. Greg Newby is the CEO of the Project Gutenberg Literary Archive Foundation (PGLAF), which operates Project Gutenberg (PG). PG is the oldest all-electronic Internet-based information source, founded in 1971. How does Project Gutenberg create and digitize electronic books? What is the technical infrastructure? How can free eBooks be used to empower people,through greater literacy? Perhaps most importantly, how has the continued expansion of copyright laws and extension of copyright protection terms kept millions of potential eBooks locked away? Other efforts to create and distribute eBooks will be discussed, including the new PG of the European Union (PG-EU). Attendees will be invited to create and distribute their own eBooks, and to contribute to the world's free electronic literature.}

English, Lecture, Track

• Greg Newby

^{More info will follow soon.}

English, Lecture, Track

• Ilja van Sprundel

Non-technical challenges for community networking

^{More info: http://wiki.whatthehack.org/index.php/NonTechnicalChallengesInCommunityNetworking}

English, Lecture, Track

• Rob Dyke

^{At What the Hack streamtime will give a public presentation and proposes a work shop for people interested in building links with Arabic partners. We hope to be able to bring representatives of the Iraqi Linux users Group from Baghdad and Europe. We hope to welcome Iraqis and other Arab speakers to join!}

English, Lecture, Track

• Bassam Hassan
• Cecile Landman
• Jo vd Spek

(Or: What It Would Take To Build A Secure OS Your Mother Could Use)

^{Traditional client security models have been spectacular failures when it comes to creating a safe computing environment. Despite firewalls, antivirus software and such, the average PC is still an extreme security risk. Much blame has been placed on vendor 'M' for this, but despite their abysmal security practices, this is pretty much beside the point: just about every current operating system would fail in similar ways when exposed to the requirements of today's consumer market.In this session, we'll take a look at how security threats have evolved in such a way that traditional models no longer offer effective containment. Also, the dangers of addiction to ineffective third-party security tools or equally unhelpful 'alternative' application/OS evangelism are uncovered. Finally, we'll discuss directions that future operating systems and applications should follow to overcome these issues, and how existing systems could be modified to start offering true security to their users.Attending this session is highly recommended for security experts, developers, system administrators, as well as anyone with the notion that, in the long run, using browser 'F', antivirus package 'N' or non-Windows OS 'L' makes the average consumer significantly safer than he or she is today.}

English, Lecture, Track

• Michiel de Bruijn

^{The Open Biometrics Initiative challenges hard and fast classification of biometric data. It cracks open the clean fabrication of automated biometric identification. The first version of the Open BiometricsInitiative is dedicated to finger print analysis. A custom designed machine calculates and prints the same data that law enforcement agencies use to check one’s identity. Instead of matching the data to a database of criminals, this machine calculates an unfiltered set of characteristic points as a probabilistic IDcard, defying reductionist classification.}

English, Lecture, Track

• Marc Böhlen

^{An introductory course with todo's and todont's for those interested in the Border Gateway Protocol}

English, Lecture, Track

• Sabri Berisha

^{Matt Ettus, GNU Radio team member and Universal Software RadioPeripheral (USRP) creator, will be discussing both the technical andregulatory aspects of open source software radio, and how GNU Radioand the USRP fit in.In a software radio, software defines the transmitted waveforms,and software demodulates the received waveforms. GNU Radio is an opensource software radio framework which allows for experimentation,rapid prototyping and deployment of complex Software Radio systems ongeneric microprocessors. Software radio is becoming increasinglyimportant as a technology for implementing communication systems. Byperforming most or all processing in software, it allows for extremelyversatile radio systems and makes multi-standard systems possible.The Universal Software Radio Peripheral (USRP) is a hardwarecomponent which allows for the physical realization of complexwideband software radios using commodity PCs. It allows for up to 4antennas, enabling MIMO and Smart Antenna systems. The hardware designis completely open and free.}

English, Lecture, Track

• Matt Ettus

^{“A chain is not even stronger than its weakest link�, a wellknown poet said. That’s absolutely true, but in the real world it's notsomething obvious. Web Security issues will be analyzed. Vulnerabilitieswill be discussed and particular attacks will be shown. Social engineering,Owned Communities, Computer Skills can be used by attackers to find a wayto control your relationships and your life. Dangerous is everything we arenot prepared to face.Discover how easily your security can be compromised and please don’t letit happen.}

English, Lecture, Track

• Giorgio Fedon

^{About 15 years ago Ton van der Putte discovered that biometric fingerprint sensors could easily be fooled with dummy fingerprints. With these test he proved that the claim of the manufacturers that the sensors can detect if the finger on the sensor is alive, dead or a dummy is not true. Even today manufacturers do not have solved this problem.In his presentation Ton will explain how easy it is to make a duplicate of a fingerprint when the owner cooperates. He also will explain that –with some more skills- it is possible to make a duplicate of latent fingerprint that is e.g. left on a glass. With simple means and today’s digitals cameras and laser printers it is possible to make duplicates with a resolution of 1200 bpi, which is about twice as good as today’s fingerprint sensors can detect.At the end of his talk Ton will ask for a volunteer and will demonstrate that he can make a duplicate of the volunteers finger in about 10 minutes, that will be accepted by the fingerprint sensor as the real finger, so proving it is not just big talk.Together with a colleague Ton wrote the first paper on the subject in the year 2000 and presented it on the CARDIS conference in Bristol UK. The paper can be found at: www.keuning.com/biometrics}

English, Lecture, Track

• Ton van der Putte

^{English, Lecture, Track}

• Paul Keller

^{Last month, the United States Drug Enforcement Administration raideda group of medical cannabis dispensaries private houses andbusinesses in San Francisco. It was the latest in a series of raidsby federal narcotics agents who have declared war on medical cannabisgrowers in California. Agents target computers at each locationdownloading data onto portable hard drives. They search forinformation about fellow growers, financial transactions, salesrecords, bank accounts and the identity of medical cannabis patientswho purchase from the dispensaries. In an effort to protect patientprivacy, the City of San Francisco issues "anonymized" patient IDswith only a string of digits identifying each patient in theirdatabase. Patients, dispensaries, lawyers and journalists involvedwith medical cannabis are trying to defend their data using PGPdisk,Hushmail and other measures.The talk will focus on how to build acommunity of trust in the face of mandatory five and ten year federalprison sentences sought by U.S. authorities for growing California'snumber one agricultural crop.}

English, Lecture, Track

• Ann Harrison

^{This talk is about a bug that appeared during a few experimentations with the TCP/IP stack after which we found out that it was not, at least it is not of our knowledge, found anywhere else before. That was actually a Solaris bug that resembles this one.After an established connection, a specially crafted packet with the ACK/FIN flags set, a corrected Sequency Number but with an incorrected Acknowledge Number will trigger a massive flush of packages with zero size and only the ACK flag set. Ethereal logs showed that the keep alive state was occuring and this flow kept going for approximately 3 minutes and a few million packets. It was clearly observed that CPU and network performance was severed decreased due to this misbehave.Potential attacks includes DoS and DDoS. Applications and services that depends on quality of services (QoS) such as H323 applications (VoIP) and video streamming will suffer dramatic performance downgrade.We recently got referenced in Security Focus, check it out:Security Focus: www.securityfocus.com/bid/13215}

English, Lecture, Track

• Diego Casati
• Leandro Spinola

^{I delt with the security (especially the defaetment) of biometric systems for nearly 4 years. i could show practically how easy it is to fake biometric systems. From the beginning of the data collection (in the outworld or sniffing the communication) to the unrecognized use in real life. At this time that would are optical and capacitive Fingerprintsensors, a face recognition system and an iris scanner.see also (both in german): http://www.biometrische-systeme.org/verfahren-schwachstellen.html and www.ccc.de/biometrie}

English, Lecture, Track

• Starbug

^{Abstract for Digital Newsroom and National Arts Festival coverage:Grahamstown, South Africa, hosts the National Arts Festival each year over a ten day period. This event is used as a leanring-by-doing experiment inmultimedia reporting by students and staff of the New Media Lab at the Rhodes University School of Journalism and Media Studies. The scale of theproject is larger than several commercial news media operations for the ten day period and this demonstration illustrates lessons learned, systemsdeveloped and outputs for the 2005 festival.Media Lab softwareThis is a prototype of an OSS system being jointly developed by the New Media Lab and the Centre for Advanced Media Development (CAMP) in Prague.DNR architecture used to power a newspaper, interactive digital TV channel, web site, photographic agency, pod-casting channel and multimediaDVD for the ten days of the National Arts Festival in South Africa.}

English, Lecture, Track

• Colin Daniels
• Vincent Maher

^{In the last year, a team of Chinese researchers announced breakthrough-results on various hash functions like MD4, MD5, SHA-1 etc. First short-cut attacks on SHA-1 were published in the beginning of this year. From the basic ideas to the state of the art - this talk will give some insights on how to produce collisions for real world hash functions. The audience should not be afraid of bits ;-)}

English, Lecture, Track

• Christian Rechberger

Bluetooth Security Workshop

^{English, Lecture, Track}

• Martin Herfurt

^{Nerds like us often have stiff shoulders, neck and backs, mainly because we are sitting behind our computers too long and in the wrong posture. In this session, a few basic massage techniques from shiatsu will be taught. Bring a thin mattress or towel to lie on, wear comfortable clothing and above all: bring your own nerd.}

English, Lecture, Track

• Tim Hemel

^{English, Lecture, Track}

sharing cultural heritage in the digital age

^{The development of digital technologies in general and the internet inparticular has finally made it possible to freely share knowledge andelements of culture with people all over the world.At the same time so called intellectual property and digitalrestriction regimes threaten the exchange of ideas.There are many areas where we can now influence the holders and usersof cultural heritage to add to the global pool of knowledge and toprofit of its existence.Many researchers and smaller institutions in the field of knowledgeand culture don't know about the possibilities and benefits of usingopen tools and open content and the dangers of proprietary softwareand "protected" contents.Many projects that could enrich the global knowledge are neverattempted or fail after a few years because common errors are madeagain and again. Millions of tax-payers dollars perish becauseproprietary software stops working and can't be replaced. Synergiesthat spring from creating new links between existing material are leftuntapped because content is locked into closed systems.Every hacker can and should help in enabling free tools and freecontent and in fighting digital restrictions on our common culturalheritage.I will present some good and some bad examples in the field, showopportunities for new projects and end with a big call forcollaboration.}

English, Lecture, Track

• Robert Casties

a technical discussion

^{Come talk with Roger Dingledine, Tor project leader, about all thehard issues in the anonymity world. How to get users? How to getservers? How does public perception figure into security? Shouldwe have a GUI, and how should it work? Should we capture IP packetsor work at the TCP layer? What good uses are there for anonymizingnetworks, and do they outweigh the bad uses? How do we scale whilehandling heterogeneous and unreliable nodes, and without sacrificingsecurity? Should we integrate with BT, Kazaa, Freenet? How to choosea good path length? Caching content at the exit nodes? Shouldwe allow revocation of anonymity if a threshold of servers wantto? Backdoors? When does sticking to a single entry or exit nodehelp you? Padding and traffic shaping? Patents? Responder anonymityand survivable services? Censorship-resistant publishing? Corporateand government users? Local adversaries, ISP adversaries, governmentadversaries? Jurisdictions? China? Iran?Basic knowledge of Tor recommended (for example you should come to theearlier talk on Tor), but feel free to drop by and listen too.}

English, Lecture, Track

• Len Sassaman
• Lexi Pimenidis
• Peter Palfrader
• Roger Dingledine

^{Wikipedia is a free encyclopedia containing nearly 2 million articles inover 100 languages. While working for Geekcorps in Mali Kasper Sourenattempted to get the Wikipedia in Bambara started. Bambara is aWest-African languages spoken by over 10 million people.}

English, Lecture, Track

• Kasper Souren

Collaborative vector mapping the world

^{OpenStreetMap is a collaborative website using wiki-like techniques tomake maps of the world. GPS traces made by physically travelling onroutes and aerial images from aircraft or satellites are used as a baselayer upon which streets and features are drawn. Out of copyright mapsfrom the 1950's can also be scanned and used. The data and softwareproduced by individuals is released under free licenses for all to rip,mix and burn.}

English, Lecture, Track

• Benjamin Gimpert
• Steve Coast

And why should you care?

^{Ever get the feeling that your country's copyright regime is getting more restrictive?This may well be due to a UN agency you have probably not heard of: The World Intellectual Property Organisation (WIPO) in Geneva. Here,international treaties on copyright, patents and trademarks are drafted and decided on. Until now, this has usually happened in the interests ofbig rightsholders (read: the music and film business).In a move that can be called dramatic by UN standards, developing countries are making their voices heard. The Group of Friends of Development, led by Brasil, Argentina and India, are calling for a reorientation of WIPO's work. Instead of ever stricter enforcement of copyright and patent treaties, they are calling for more flexibilities.I will give an introduction on what WIPO is and what it does. Then I will present the basic positions and lines of conflict, involvingdifferent groups of countries as well as other NGOs such as http://www.fsfeurope.org Free Software Foundation Europe After explaining why this matter is important for all of us, I'm looking forward to an interesting discussion.}

English, Lecture, Track

• Karsten Gerloff

^{Microsoft (Longhorn) and the Trusted Computing Group are working on thebiggest change of the information landscape since decades.One of main problems with these plans is that the computer owner is seenasan adversary. To make DRM 'successful' users should no longer have thefull control over their own computers anymore.Because of this cryptographic flaws in the TCG/Longhorn design have to beconsidered exceptionally harmful.Even though cryptographers have warned since many years TCG/Longhornspecifications are using SHA-1 as standard hash function.Recent cryptographic results have shown additional a remarkablenumber of new serious security problems and practical attacks.Exemplarily we present new attacks on the digital signatures andthe boot check values which are used in Longhorn/TCG that canfundamentallycompromise 'trusted' systems.We warn Microsoft the TCG not to establish a security infrastructurebased on a broken hash algorithm.}

English, Lecture, Track

• Rüdiger Weis

1.0rc1 Out Now!

^{LiveSupport is the first free and open radio management software that provides live studio broadcast capabilities as well as remote automation in one integrated system.}

English, Lecture, Track

• Frans van Berckel

having fun with the c64 in the 21st century

^{Some time ago the C64 was the most popular computer system in the world. But time goes by and other systems arise, new hardware comes to life... hey, that doesn´t mean that the machine of our childhood is not able to deal with the tasks of today. Using the internet can be a great deal with the C64 - and other things are possible, too. We´ll show what is possible today.}

English, Lecture, Track

• Stephan Humer

The big picture

^{The true networked community is build around a philosophy, a freedom based social model. Due to this model our community is gaining popularity and is growing, in fact it is exploding. But there is more. Activities are expanding from hacking (i.e. writing) free and open source software towards digital content like wikipedia and even further towards political activities. The community has become a new force in democracies that cannot be ignored anymore. But it raises questions too like: Can we become offensive instead of defensive? Are we able to attract "common" people and create awareness? Can we apply our business model to other area's? WTH is a perfect occasion to set targets for the coming years. The subjects at WTH - and more - should be glued together in a larger context. A group of Vrijschrift.org core members tried to answer questions and made a proposal for our community that will be presented at WTH. We try to answer questions like: How can we bring in all brains in the world to help the progression of mankind? How can we make politicians aware to follow our course? Can we fight terrorism by fighting illiteracy through the net? Tough questions that are hard to answer but interesting enough to answer in the coming (four) years.}

English, Lecture, Track

• Ante Wessels
• Harmen v/d Wal

^{Activists and Friends meet in the open space of this event and show some results of BigBrotherAward-Ceremonies.}

English, Lecture, Track

• padeluun
• Rena Tangens

^{The major barrier for the development of independent media is a catastrophic lack of techies and programmers.Last year one of the best Indymedia techies 'burned out', while maintaining over 30 Indymedia web sites on his own. In 2002 media makers very successfully experimented with a 'Media pool' for exchanging digital media material (joburgmedia.net), during the UN Johannesburg conference on development and environment. Since then all efforts to build a permanent version of this proven tool (http://mediapool.nl) stranded, due to lack of programmers. The Cancunmedia.net initiative (hoping to provide independent news on the WTO Ministerial, september 2003), for which a extensive NGO-network was build, had to be cancelled, due to lack of programmers.The new Dutch 'AnderNieuws.Net' (Other/Alternative News Network) network of independent media and media makers aims to address this urgent issue. But AnderNieuws.Net itself also got stuck, because no one can implement the needed facilities for the web site...At this moment the only perspective for many media initiatives seems to be the long road through official funding, sponsoring, complicated contracts with stagiairs, etc., just to get some programming done, resulting in unacceptable delays and loss of independence.I'll explain the model and strategy of AnderNieuws.Net, which can be applicable to many countries. AnderNieuws.Net (still) wants to develop many tools and facilities, needed to promote professionalism and efficiency with the independent media. More at http://andernieuws.net/englishAfterwards I'll be at the door, recruiting technicians and programmers who really want to make a difference.}

English, Lecture, Track

• Boyd Noorda

Impact of new technologies goes far, far beyond IT

^{Information technologies have visibly changed society during the last decadeand will create even more fundamental changes in the coming years. There arehowever new area's of technological innovation that will generate even morefundamental changes in the way we live. Bio-technologies and bionics have thepotential to change our healty lifespan and the perception of what 'healty'means anyway. Nanotechnology is an exploding field of research that attemptsto create the abilty to manipulate individual atoms and molecules to creatematerials and electromechanical systems. These systems and materials combinethe best properties of living systems and classical technologies.Nanotechnology has the potential to do for the material world what Internethas done for information; the end of scarcity.The combinations of these three domains of R&D will have many consequencesthat need to be discussed by as many informed people as possible.}

English, Lecture, Track

• Arjen Kamphuis

^{The dispatch system during the G8 nprotests in Edinburgh: how to manage an enormous influx of rumours and news, using an IMC, IRC, mobile phones, SMS, open psoting websites and a worldwide network of online-editors}

English, Lecture, Track

• Clara