Sören Bleikertz
31 Dec 2009


The 26C3 was a unique event as usual bringing together a wide variety of interesting people. It is a good opportunity to meet people in person, who you have not seen through out the year. The Congress is getting more popular each year – this year it was sold out after the first day – and it is getting very crowded with long queues before the lecture halls. This is definitely a drawback, but I can understand that it is difficult to find a new location for such a huge organizational event. However, I have to say that the organization improved compared to last year and it felt actually less crowded than last year.

First Day

Now I want to comment on some talks I have attended, although I did not attend as many as I wanted. On the first day, GSM: SRSLY? was definitely one of the highlights, because they announced the finished computation of the rainbow tables for the A5/1 and made them publicly available (which can be found here). They planned to do a workshop on the fourth day where you could bring encrypted GSM data and they wanted to try to decrypt it, but unfortunately I was cancelled due to legal reasons.

Another interesting talk was UNBILD – Pictures and Non-Pictures by an artist, who intentionally provoked the authorities in cases of unsubstantiated counter terrorism rules. For example, he took pictures of embassies and the construction site of an intelligence agency building, and the authorities tried to shut him down, which only succeeded due to the right of the police men on their own pictures. The sign that photography is not allowed at US embassies is not backed by German law and merely a request by the US authorities. However, his actions caused troubles when he obtained a scholarship for doing art in the US, because he first got questioned by US authorities when arriving at the airport and the FBI showed up at his work place. The FBI appearance actually caused the loss of his work place, appartement and therefore his scholarship, although there was no actual accusation.

The last talk I attended on the first day was cat /proc/sys/net/ipv4/fuckups by fabs, who showed an interesting scenario where a set of vulnerabilities – harmless on their own – can contribute to a successfull attack when combined. Especially the vulnerabilities in the device drivers are interesting.

Second Day

The firs talk I attended on the second day was Defending the Poor by FX. He presented the ugliness of ActionScript and the corresponding VM, e.g. appending a version-number to API method names. He also presented a tool called Blitzableiter, which performs static analysis on SWF files and potential security problems.

The second talk was Exciting Tales of Journalists Getting Spied on, Arrested and Deported, where a journalist presented different “war stories” from other journalist. For example, in one case the laptop of a journalist was “accidentally” shot with a handgun, however the hard disk stayed intact.

The final event for the day was Hacker Jeopardy, which was entertaining as usual.

Third Day

I attended Using OpenBSC for fuzzing of GSM handsets by Harald Welte, who presented his work on OpenBSC (a software implementation of a GSM base station controller) and motivated us for looking into GSM protocol stack security. He mentions that the protocol stacks in GSM handsets and base stations haven’t been investigated by security people as closely as for example TCP/IP, but should contain a lot of problems, because it is only a handful of vendors providing protocol stack implementations, the implementations are proprietary and closed, and during testing of OpenBSC many phones freezed accidentally. OpenBSC will soon have a mechanism to inject messages by third party applications, e.g. a fuzzer, which should make things interesting. Personally I have to say that I am really impressed by the work done in the OpenBTS and OpenBSC projects. They implemented the infrastructure for running a functional GSM network as open source software within the last few years.

Fnord-Jahresrückblick 2009 was entertaining as usual (and crowded as usual). Furthermore, I attended Black Ops Of PKI by Dan Kaminsky, who is always an interesting and entertaining speaker, but the talk itself was not that impressive compared to his previous talks. A few interesting points from the talk are: Preimage attack on a MD2 signature of a root certificate, NUL termination in CNs (which caused quite some trouble in various tools verifying SSL certificates), several CNs in a cert (where IE fails), and ambiguous OIDs in ASN.1 leading to troubles.

Fourth Day

Unfortunately, I wasn’t able to attend any talks on the fourth day, but I will definitely watch the recordings of Security Nightmares, which is always fun to watch.


See you at the 27C3!