OK, I will make this short because a gazillion of other people will probably blog about the 22C3 for several days or weeks to come... Today (last day) I only attended one talk — Bluetooth Hacking - The State of The Art. Funny stuff you can do with Bluetooth...
All in all it was a great conference. Get the proceedings or browse the list of talks (most of them have PDFs attached) for more details. Videos of all talks should be available anytime soon (I hope!).
Oh, and the 22C3 is probably the only event where you will see such signs (attached to walls by the congress staff!)...
Nice. Very nice. The Xbox-Linux / Free60 team around Michael Steil has published a paper / wiki page called 17 Mistakes Microsoft Made in the Xbox Security System. I'm currently reading the paper, but I'm not quite through yet (the PDF is 13 pages long). It contains a very detailed analysis of the 17 types of mistakes Microsoft made (they made most of them multiple times)...
The paper and the findings will be presented at the 22C3 in Berlin — this is one of the lectures I will definately be attending, that's for sure!
Quoting from the article:
"[Conclusion: ]The security system of the Xbox has been a complete failure.".
Also nice: the earlier (now obsolete) version of the paper was called The Hidden Boot Code of the Xbox — or "How to fit three bugs in 512 bytes of security code" ;-)
Heise (and many other sources) report that the EU parliament has voted for the abysmal data retention directive, simply ignoring objections from the industry and the civil society.
Please, someone go out and
sue the shit out of the fucking idiots who are responsible for this kindly remind the responsible politicians that this directive is a really bad idea!
Update 2005-12-15: OK, so I might have overreacted. My first answer to the accusations would probably be (abusing an unrelated quote from Jonathan McDowell): "I exaggerate for effect". But honestly, while it's not as bad as 1984, I really do think that this law will bring us all a big step nearer to a 1984-type horror scenario.
Nessus 3.0 (a popular security vulnerability scanner) has been released, and the license was changed from the GPL to a closed-source license. Goodbye Nessus, hello Porz-Wahn, hello OpenVAS, hello Sussen.
Update 2005-12-13: Added Sussen.
Oops. Engadget reports that Play-Doh fingers can fool 90% of all fingerprint scanners. This is nothing really new. The remarkable thing is that more and more companies and government organizations rely on such biometric authentication. Now, they all have been told about the problems, but nobody seems to want to listen...