25th Chaos Communication Congress - "Nothing to hide"


The Chaos Computer Club (CCC) is a Germany based hacker organization, one of the biggest and most influential. Since its foundation on 1981 they have contributed to the evolution of computer security, freedom of information, development of the hacker ethics and hacker culture!

I have always been fascinated by the diversity of the CCC activities, projects and achievements .

The 25th annual conference organized by the Chaos Computer Club, Chaos Communication Congress  took place from 27 to 30 Dec 2008 in Berlin, Germany.
As always, there was a great plethora of lectures and workshops on a multitude of topics, including computer security, hacking, privacy, science, art, society and culture.

For all of us that couldn't make it to Berlin, there are the online proceedings and papers . Not all of the presentations can be found, but one can further search their author's blogs or project pages and make his way.

Several presentations/workshops that I've found extremely interesting so far:

MD5 considered harmful today Highly skilled and motivated team created their own legitimate and trusted Certificate Authority with which they can sign certificates! By exploiting MD5 vulnerabilities, they have made RapidSSL sign a certificate for them whose signature also verifies a CA=YES certificate. They have prooved a vulnerability in the PKI (Public key Infrastructure) that can be used to facilitate MITM (Man-in-the-Middle) attacks against SSL-ed communications. Explained in details in their well written  paper on http://www.win.tue.nl/hashclash/rogue-ca/

This paper seems to attract more coverage than any other presented on the conference.

Predictable RNG in the vulnerable Debian OpenSSL package

Security and anonymity vulnerabilities in Tor

Rapid Prototype Your Life
  Ultra-geek must-read stuff!

Climate Change - State of the Science


FOSDEM 2009: Free and Open Source Developers' European Meeting


Fosdem 2009!


Just received the call for participation for FOSDEM 2009 from one of the organizers. FOSDEM is THE event to visit.

 If you're a developer, you'll have the chance to attend some awesome presentations from the people that create major open source programs, such as GNOME, KDE, Firefox, plus meet these people, discuss and exchange opinions!

If you're not a developer, but interested in open source software, trust me after two days in FOSDEM you'll make it your first priority to become a developer, or focus on another activity around open source software (like translations, graphics, system administration, propaganda, obviously coding isn't the only necessary in the open source software ecosystem)!

Finally if you're not interested in open source, and just want to get an idea what it is about, you'll be amazed to see a few thousands of people discussing passionately about it, and you will have the chance to see this software in action, as there is plenty of equipment and the teams behind the software willing to solve all your questions. And what a better way to get introduced to Firefox, or Fedora Linux, or OpenOffice, by talking to these project's communities, that will be there, with plenty of computers for demonstration reasons!

Entrance to FOSDEM is free of charge and help is provided to newcomers from the big organizing team, which is populated by volunteers.

I'd dare to say FOSDEM is one of the ultimate computer related events, not only for people interested in open source, but also practically everyone that works with computers or studies computer science. CS university classes should sponsor their students to attend this two days event, happening every year at Brussels. Also, IT companies could do this, sponsor people to travel in Brussels for two days to attend the event.

If you are involved on an open source project, maybe you should consider into presenting it at FOSDEM! Lightning talks (15 minute talks) is the correct place for this. Not only your project will get some publicity, you might also attract developers to join the project, which is something more or less all open source projects are in continuous need of! And what a better place to brainstorm about your project, than a place were a few thousands of developers are hanging around for two days!

If you've heard of FOSDEM and willing to pay a visit, just do it, this will be worth it 100%. It might be a little early to organize a trip at the moment (FOSDEM is taking place in Brussels, 7 and 8 February), but if you're willing to arrange a talk for your project, there are some deadlines, so better register now.

At http://archive.fosdem.org/2008/ you can find the archives of FOSDEM 2008. Slides, presentations, videos, photos and all material from last year's FOSDEM!

[Read More]


Security event @ Athens Digital Week

As part of Athens digital week , a security session is going to take place on Saturday 18, from 18:00 to 20:00!

Athens digital week is a six days technology event (13 to 18 october) that happens in Gazi, Athens. Many talks and happenings will take place these days, across different disciplines and areas, such as space, visual arts, open source and robotics to name a few. If you live in Athens, definitely have a look at the program .

At the security session I am going to give a 20 minute talk on web security, the title of the presentation is "Web security, past & future" and in case you are interested you can find it here . This talk will focus on several issues that are important to IT security, at least in my opinion. I tried hard to include content that not so security savvy people can follow, while those keen on the field will find interesting as well. Hope you'll enjoy the slides and/or presentation and will be happy to see you there!