Exactly 38 days ago today the Berlin daily newspaper TAZ listed an inconspicuous ad with the title tuwat.txt. That one speaks today still about this small announcement from a local newspaper is among other things because of that which developed from it likewise because it is today still just as current as before 38 years. [Read more…] about Memorial to the anniversary of tuwat.txt and the Chaos Computer Club
The latest firmware update is intended to close a security hole in Logitech hardware devices that allows access to wireless keyboards or mice. However, the update did not completely close this vulnerability. [Read more…] about Logitech Hardware – Vulnerability still Exploitable!
At the end of August, hackers and technology enthusiasts from the Chaos Computer Club met at the Mildenberg Brickworks Park for the Chaos Communication Camp, which takes place every four years. Between tent cities and network routers in Dixieklos, the so-called “data clos”, many workshops and lectures took place this time, typical for CCC.
The hacker camp at the Chaos Communication Camp
For 20 years now the Chaos Computer Club has organized a summer camp every four years. This took place for the second time already in the brickworks park Mildenberg in Brandenburg. Besides many projects of the local CCC Hackerspaces like automatic wafer-, donut- and cocktail-machines or an internal CCC-Post there was a lot of discussion and knowledge transfer. This is usually done in lectures which can be streamed live or afterwards.
Privacy Breakdowns at Chaos Communication Camp
The first recommendation on our part is a lecture by Stefan Brink, Data Protection Officer of the State of Baden Würtenberg, and Alvar Freude, Speaker for Technical Data Protection and Freedom of Information of the State of Baden Würtenberg, entitled “Achtung, Datenpannen! – The big data protection and DSGVO show”. This lecture, which is partly very humorous, conveys the basics of data protection in a simple way. Special emphasis is placed on the technical implementation of DSGVO requirements. For example, it is explained how personal data should be stored in encrypted form. In the past, we have also reported on some of the major glitches in the implementation of the basic data protection regulation. Here you will find further information on the topics mentioned:
- GDPiRate: Side channel attack reveals DSGVO vulnerabilities
Rethinking in the critical infrastructure
One topic that has been much discussed in the IT security industry in recent years is the BSI Criticism Ordinance of 2016, which defines which nine infrastructures represent the indispensable foundations of society and how they must handle their IT security.
Exactly with this topic area the second lecture recommendation of us concerns itself. The lecture with the title “#Defensive statt #Offensive am Beispiel von KRITIS” by Manuel Atug the Head of the working group Kritis deals with the current trend to invest more money in offensive IT security than in defensive. The implications for the Kritis sector in Germany and the extent to which this will lead to an arms race among market participants will be highlighted.
Hacking of networked buildings on the Chaos Communication Camp
The third and last lecture recommended by us is the lecture “IT security in networked buildings” by the security researcher Simeon of the University of Rostock. Using the example of the industry standard and field bus protocol KNX, this lecture shows how building automation is conceived and which weaknesses and security gaps are concealed in it. The security researcher will show how personal information can be derived from harmless sensor activity data. Finally, recommendations for action are discussed which can be applied to already installed building automation systems in order to increase safety.
Communication of knowledge at the Chaos Communication Camp
In addition to the three lectures recommended by us, there were over 100 further lectures on various topics at this year’s Chaos Communication Camp. Therefore we can recommend you to have a look at the whole lecture program after reviewing the above mentioned lectures. This can be found at https://media.ccc.de/c/camp2019.
Translated with www.DeepL.com/Translator
At the beginning of October, the IT security industry will meet at it-sa 2019 – and this year AWARE7 GmbH will also be present. Own booth, Live Hacking Shows & an experience project for the increase of IT security awareness. Visit us at booth 10.0-520! [Read more…] about AWARE7 GmbH at the it-sa 2019!
One data leak on Facebook follows the next – it won’t be quiet around the social network group. Now 419 million phone numbers of accounts have been published. The unencrypted data is linked to the Facebook ID and can thus be clearly assigned. [Read more…] about Data leak on Facebook: 419 million public phone numbers!