The 27th Chaos Communication Congress ended yesterday in Berlin. This year I flew there with a small group of fellow hackers from Kiberpipa. As I'm writing this we're waiting for our airplane to land in Klagenfurt, having yet again successfully survived the dangerous conditions on the congress network and -22°C on the streets of Berlin.
It was busier than usual so I didn't manage to blog about day to day happenings like on my previous visits. However this doesn't mean that I wasn't doing and learning anything interesting there. On the contrary, compared to the previous years there was much more talking, coding, lock-picking (no soldering though) and less sleeping. I have a backlog things I would like to write about and most likely there will be a trickle of blog posts about them in the near future (depending on the backlog of things waiting for me at home and/or office) as I gradually convert my notes to something presentable. I'm pretty sure you got up-to-the minute reports of the most earth-shattering revelations through other channels.
As it is usual for the last few years the Berliner Congress Center was packed to the top. I guess the amount of congestion in the halls, saals and on the various wired and wireless (GSM, DECT and 802.11ab) networks was about comparable to 25C3 and I heard it was less crowded as 26C3 (I skipped the congress last year, so I can't say first hand). If not by that, the new ticket pre-order certainly had a noticeable effect on the waiting time to get the wrist-band entry permit. I don't think we waited longer than 5 minutes even though we were in the queue just 30 minutes before the keynote, most probably at the peak of the in-rush. Despite that the pre-order system was lovingly named pre-fail due to all the problems it had (not that I noticed thanks to lowk3y who got the tickets without the rest of us having to care about the 5 minute window in which the tickets were sold-out).
The organizers seem to be increasingly conscious of all the safety measures necessary on an event this size (around 3000 people or hundred percent capacity of the BCC). Saals were closed off when they were filled to capacity, special procedures were in place during the breaks so people were moved efficiently in and out of the rooms. I also keep wondering if the distinct lack of power sockets this year had something to do with keeping to the electrical safety codes.
In general the motto "we come in peace" came true. The closing event was quite unusual in that there were hardly any reports from the Network Operations Center about such and such attacks taking place from the congress networks or angry mails coming to the abuse email address. A paranoid person my say they were left out since the frequency of loud cheers in early morning hours was still quite high in the Hack Center. Or perhaps people took to their hearts the message from Rop Gonggrijp's keynote address who hoped most attendees have reached the level of ethical maturity where they see such actions as unacceptable.
Concerning the talks, here is a random selection of the few most memorable from the top of my head: ACTA (Jérémie Zimmermann of LQDN) and data retention in Europe was quite well covered, the latter even with a workshop. Talks about GSM and mobile technologies, from smart phone OSes to baseband processing probably had the most impact - topped by the Karsten Nohl's live demonstration of GSM voice eavesdropping. Plenty of hardware topics, from RFID to printable electronics (hacked 21 EUR printer that prints PCB masks in hot wax) and MOS 6502 reverse engineering (Michael Steil of pagetable.com). I guess you could also put the Lepht Anonym's Cybernetics for the masses talk in the hardware bag. Or is that wetware? Crypto covered new attacks on RC4/WEP, chip and PIN systems (go see Steven Murdoch's talk if you think modern smartcards are resistant to abuse). From the general security point of view there's the PDF is the new flash argument from Julia Wolf and Microsoft's adventures in analyzing Stuxnet. Last but not least, Annalee Newitz' view on the future of journalism was also very interesting.
So, to wrap it up: had a wonderful time, attended more than my usual share of talks from the society track, met a lot of people and observed that the lack of sleep and amount of social interaction are positively correlated.