25th Chaos Communication Congress (25C3) #4

We had a hard time getting up on last day morning, too much fun the previous night :) I didn’t want to miss Luciano’s talk about the infamous OpenSSL bug in Debian. We got there early so we took this opportunity to buy this year’s hoodie, why the hell the larger size was an L I need XL :( Please, take note for the next year! Get XL, we’re usually big men!!! ;)

Well, let’s focus… :) Luciano’s talk was awesome! We had a lot of fun regardless of the fact that all of us knew the details of the bug. All the case of use were explained with a live demo, even with the hostels booking site www.hostelworld.com that is currently using a vulnerable certificate as were showed using the SSL blacklist Firefox add-on (based on the modulusblacklist.org DNS check or the 60MB locally installed database file).

We made the mistake of going to the “crafting and hacking” talk, it’s not because the talk wasn’t fun, it’s because when we tried to go to the SSL talk, we found around 20 people waiting in the entrance doors to enter the hall, after a while the organizers told us that it was packed and no more people were allowed inside :(

It’s worth to watch the video as those people has demonstrated how to exploit the collisions in the MD5 hash algorithm used in the SSL certs to generate a rogue intermediate CA certificate and sign other certificates that are took as valid by the web browsers. As a curiosity fact, all the CA exploited was rapidssl and all the computing power for the MD5-collision magic was performed using a cluster of 300 PS3 during 2 full days. Read about it, it’s a must.

25C3 was over, I can say that it was the best of all years, I had a lot of fun! and I met a lot of new people not only from Spain, but from Portugal, Germany and Austria too. These 4 days spent really fast, I went back to home with a new picklock set and a DECT card to play with ;) as well as a new project for this new year, to set up monthly meetings in Madrid, to give short talks, participate in nice projects, exchange useful information, open some locks :) or just meet and talk with all the fellow hackers out there that fancy come along.

I’m just looking forward to the next CCC, but until then… Happy Hacking! :)

Comments

• Find It

• Recently Written

  • Conferencia ISSA-Spain (Madrid)
  • The King is dead. Long live the King.
  • 26C3 #4
  • 26C3 #3
  • 26C3 #2
  • 26C3 #1
  • Merry Xmas
  • 26th Chaos Communication Congress
  • Rooted CON
  • Taking advantage of regexp for fun&profit

• Categories

  • (In)Security
  • Anime
  • Artificial Intelligence
  • Castellano
  • CodeMonkey
  • Electronics
  • English
  • Events
  • Gaming
  • Geek Puzzle
  • Geek World
  • Hardware
  • iPhone
  • IT Professional
  • Linux
  • Movies
  • Networking
  • Offline Life
  • P2P
  • Podcast
  • Robotics
  • Sci-Fi
  • Science
  • SysAdmin
  • Tv Shows
  • Uncategorized

• Monthly Archives

  • April 2010
  • January 2010
  • December 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008

Copyright © 2007 FuTuR3 :: blog • Using Dropshadow theme by Brian Gardner