BEGIN:VCALENDAR VERSION:2.0 PRODID:-//39th Chaos Communications Congress//events in Zero CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALNAME:events in Zero BEGIN:VEVENT SUMMARY:A Tale of Two Leaks: How Hackers Breached the Great Firewall of Ch ina DTSTART:20251227T100000Z DTEND:20251227T104000Z DTSTAMP:20260406T223813Z UID:ba655198-f461-5a1b-998c-12ed49fc7aae CATEGORIES:official,Security DESCRIPTION:While probing the Great Firewall’s DNS injection system in 2 021\, we noticed something strange: Sometimes the injected responses conta ined weird garbage. After some investigation\, we realized we’d stumbled onto a memory disclosure vulnerability that would give us an unprecedente d window into the Great Firewall’s internals: Wallbleed.\n\nSo we crafte d probes that could leak up to 125 bytes per response and repeatedly sent them for two years. Five billion responses later\, the picture that emerge d was... concerning. Over 2 million HTTP cookies leaked. Nearly 27\,000 UR L parameters with passwords. SMTP commands exposing email addresses. We fo und traffic from RFC 1918 private addresses - suggesting we were seeing th e Great Firewall’s own internal network. We saw x86_64 stack frames with ASLR-enabled pointers. We even sent our own tagged traffic into China and later recovered those exact bytes in Wallbleed responses\, proving defini tively that real user traffic was being exposed.\n\nIn September 2023\, th e patching began. We watched in real-time as blocks of IP addresses stoppe d responding to our probes. But naturally the same developers that made th is error in the first place made further mistakes. Within hours\, we devel oped “Wallbleed v2” queries that still triggered the leak. The vulnera bility persisted for another six months until March 2024.\n\nGFW measureme nt research went back to business as usual until September of this year wh en an anonymous source released 600GB of leaked source code\, packages\, a nd documentation via Enlace Hacktivista. This data came from Geedge Networ ks - a company closely connected to the GFW and the related MESA lab. Geed ge Networks develops censorship software not only for the GFW but also for other repressive countries such as Pakistan\, Myanmar\, Kazakhstan\, and Ethiopia.\n\nWe will discuss some of our novel findings from the Geedge Ne tworks leak\, including new insights about how the leak relates to Wallble ed.\n\nWallbleed and the Geedge Networks leak show that censorship measure ment research can be about more than just actively probing censored networ ks. We hope this talk will be a call to arms for hackers against Internet censorship.\n\n\nMore information about Wallbleed can be found at the GFW Report:\nhttps://gfw.report/publications/ndss25/en/ LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/a-tale-of-two-lea ks-how-hackers-breached-the-great END:VEVENT BEGIN:VEVENT SUMMARY:ISDN + POTS Telephony at Congress and Camp DTSTART:20251227T105500Z DTEND:20251227T113500Z DTSTAMP:20260406T223813Z UID:382a6def-2dbb-5ba8-bde5-0bf509c5eb02 CATEGORIES:official,Hardware DESCRIPTION:Just like at this very event (39C3)\, the last few years a sma ll group of volunteers has delpoyed and operated legacy telephony networks for ISDN (digital) and POTS (analog) services at CCC-camp2023 and 38C3. A nyone on-site can obtain subscriber lines (POTS\, ISDN BRI or PRI service) and use them for a variety of services\, including telephony\, fax machin es\, modem dial-up into BBSs as well as dial-up internet access and video telephony.\n\nThese temporary event networks are not using soft-PBX or VoI P\, but are built using actual de-commissioned hardware from telecom opera tors\, including a Siemens EWSD digital telephone exchange\, Nokia EKSOS V 5 access multiplexers\, a SDH ring for transporting E1 carriers and much m ore.\n\nWhile some may enjoy this for the mere hack value\, others enjoy i t to re-live the digital communication sear of their childhood or youth. Howevre\, there is a more serious aspect to this: The preservation and res toration of early digital communications infrastructure from the 1970s to 1990s\, as well as how to operate such equipment. As part of this effort\ , we have already been able to help communications museums to fill gaps in their collections.\n\nThe talk will cover\n* the equipment used\,\n* the network hierarchy we build\,\n* the services operated\n* the lessons learn t\n* newly-written open source software for interfacing retro telcommunica tions gear LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/isdn-pots-telepho ny-at-congress-and-camp END:VEVENT BEGIN:VEVENT SUMMARY:FeTAp 611 unplugged: Taking a rotary dial phone to the mobile age DTSTART:20251227T115000Z DTEND:20251227T123000Z DTSTAMP:20260406T223813Z UID:cc16de00-c31f-5c44-a34a-615e6beba883 CATEGORIES:official,Hardware DESCRIPTION:There are people who throw away old telephones - and then ther e are those who find them in the garbage and think\, „How can a microcon troller actually read the digits from a rotary dial?“\nThis talk follows the journey of transforming a classic German FeTAp 611 rotary phone into a mobile device while keeping its vintage charm. Building on earlier retro fits\, this project aims to combine the following design goals into a mobi le version of the Fernsprechtischapparat:\n\n- Grandparents-compatible – The phone shall be easy to use by non-technical people\, showing the same look and feel as the original phones\, including details such as a dial t one.\n- easy phone switching – Switching between FeTAp and regular cellp hone shall not require unscrewing the phone to switch SIM cards.\n- standa rd components – PCB/PCBA suppliers shall be capable of manufacturing boa rds at a reasonable price.\n- device-agnostic circuit design – Adapting to different phones (e.g. W48\, FeTAp 791\, FeTAp 611) shall minimize the need for changes in the schematic. This includes a ringing voltage generat or that shall be powerful enough to drive an old W48 phone.\n\nThis talk w ill walk you through certain aspects of the German analog telephony standa rd 1TR110-1\, and the challenges faced when implementing those on a batter y-powered device with little space. It explains\n- the state machine imple mented on an STM32 microcontroller\,\n- how to connect old carbon micropho nes to modern audio electronics\,\n- designing (and avoiding mistakes in) a flyback based SMPS to generate 32V - 75V ringing voltage\,\n- how to gen erate 25 Hz AC using an H-bridge\,\n- and how to layout the PCB such that the ancient second handset connector can now be used for USB-C charging.\n \nIn the course of the development\, I discovered that the project is not only a good way to get a glimpse into various aspects of ancient and moder n types of electronics - but also into people’s reactions when such a ph one suddenly starts ringing on a flea market… :-) LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/fetap-611-unplugg ed-taking-a-rotary-dial-phone-to-the-mobile-age END:VEVENT BEGIN:VEVENT SUMMARY:Developing New Medicines in the Age of AI and Personalized Medicin e DTSTART:20251227T125000Z DTEND:20251227T133000Z DTSTAMP:20260406T223813Z UID:5cf7d973-5a94-5e8f-9f8d-8b5f4ec5bb6d CATEGORIES:official,Science DESCRIPTION:After presenting a high-level overview of the path from an ide a to the medicine that you can buy at a pharmacy\, this talk will present and discuss the following aspects of the drug discovery and development pr ocess:\n(1) The translation of an idea into a drug for a human patient fac es many critical moments along the development process. This so-called “ translational gap” is addressed through experiments in a test tube (or P etri dish)\, experimentation in lab animals\, and eventually testing in hu mans. However\, findings in a standard cell line or in a mouse do not nece ssarily reflect the complexity of biological processes in a human patient. Currently\, there are many technological advancements under way to improv e the current drug discovery and development process\, and possibly even r eplace animal studies in the future (e.g.\, organs-on-chip). Nevertheless\ , the fundamental issues surrounding translational research remain\, such as the lack of standardization\, the limitations of model systems\, and va rious underlying clinical biases.\n(2) Like in many industries today\, AI applications are introduced at multiple levels and for various purposes wi thin the drug discovery and development continuum. Often\, a lot of hope i s placed in AI-based technologies to accelerate the R&D process\, increase efficiency and productivity\, and identify new therapeutic approaches. In deed\, there are many highly useful examples\, such as the automation of i mage analysis in research\, which replaces repetitive tasks and hence free s up a lot of time for researchers to do meaningful research. However\, th ere are also many applications that are likely misguided\, because they st ill face fundamental problems in evaluating scientific knowledge. For inst ance\, the use of LLMs to summarize huge amounts of very complex and heter ogeneous scientific data relies on the accuracy\, completeness\, and repro ducibility of the available scientific data\, which is often not the case. In addition\, AI is often employed in an IT environment with questionable data security and ownership practices\, such as the storage of sensitive research data on third-party cloud platforms.\n(3) Until now\, the overwhe lming majority of drugs have been developed to treat large patient populat ions\, which represent a considerable market and ultimately ensure a retur n on investment. Today\, however\, most common and homogeneous diseases ca n already be managed\, often with several (generic) drugs. Slight improvem ents to current drugs do not justify a large profit margin anymore\, so th e focus of drug discovery and development is shifting toward more heteroge neous and rare diseases\, for which no or only poor treatments are availab le. Novel medicines in those disease areas hold the promise of substantial improvement for patients\; however\, these new patient (sub)populations\, and thus markets\, are much smaller\, leading to premium prices for indiv idualized therapies in order to ensure a return on investment. This paradi gm shift toward individualized therapy - referred to as precision and pers onalized medicine - is supported by the advent of novel technologies and t he accumulation of large bodies of data.\n(4) The rise of precision and pe rsonalized medicine is challenging the current business model of today’s pharmaceutical industry\, suggesting that the era of blockbuster drugs mi ght be over. Moreover\, many intellectual property rights for blockbuster drugs are going to expire in the next few years\, ending the market domina nce of a number of pharma companies and sending the current industry lands cape into turmoil. These developments will likely alter the current modus operandi of the entire biopharmaceutical development process\, and it is n ot clear how the next few years will look like. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/developing-new-me dicines-in-the-age-of-ai-and-personalized-medicine END:VEVENT BEGIN:VEVENT SUMMARY:KIM 1.5: Noch mehr Kaos In der Medizinischen Telematikinfrastruktu r (TI) DTSTART:20251227T134500Z DTEND:20251227T144500Z DTSTAMP:20260406T223813Z UID:eeb77e44-8a29-5235-960b-e50575570c5c CATEGORIES:official,Security DESCRIPTION:KIM hat sich als Dienst für medizinische E-Mails etabliert: E lektronische Arbeitsunfähigkeitsbescheinigungen (eAU)\, zahnärztliche He il- und Kostenpläne\, Laborinformationen\, und Medikamentendosierungen so llen sicher per KIM übermittelt werden. Die Sicherheit soll unauffällig und automatisiert im Hintergrund\, ohne Interaktion mit den Benutzenden ge währleistet werden. Dazu werden die Ver- und Entschlüsselung sowie die S ignierungsfunktionalitäten in einer extra Software\, dem sogenannten Clie ntmodul\, abstrahiert.\n\nIn diesem Vortrag wird das Design dieser Sicherh eits-Abstraktion und dadurch bedingte Schwachstellen\, wie das Fälschen o der Entschlüsseln von KIMs\, beleuchtet.\n\nFortsetzung von 37C3: KIM: Ka os In der Medizinischen Telematikinfrastruktur (TI) [https://media.ccc.de/ v/37c3-12030-kim_kaos_in_der_medizinischen_telematikinfrastruktur_ti] LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/kim-1-5-noch-mehr -kaos-in-der-medizinischen-telematikinfrastruktur-ti END:VEVENT BEGIN:VEVENT SUMMARY:„KI“\, Digitalisierung und Longevity als Fix für ein kaputtes Gesundheitssystem? DTSTART:20251227T150000Z DTEND:20251227T160000Z DTSTAMP:20260406T223813Z UID:4b106a63-ac7e-5c39-945a-26ce0d071897 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:In der Analyse sind sich alle einig: Das Gesundheitssystem ste ht vor großen Herausforderungen\, die von explodierenden Kosten\, wachsen den Zugangsbarrieren bis hin zum anstehenden demographischen Wandel reiche n: viele Menschen werden alt und kränker\, während gleichzeitig sehr vie le Mitarbeiter:innen des Gesundheitswesens in Rente gehen. Wir brauchen al so Lösungen fürs Gesundheitssystem\, die nachhaltig tragen und Menschenw ürde ermöglichen. \n
Während ganz unterschiedliche Lösungsansätze d iskutiert werden\, taucht ein Narrativ immer wieder auf: Dass Digitalisier ung durch massive Effizienzgewinne die bestehenden Probleme im Gesundheits wesen fixen werden: Dank „KI“ sollen Menschen weniger häufig Ärzt:in nen brauchen\, zum Beispiel\, indem durch Symptomchecker und Co vorgefilte rt wird\, wer wirklich behandelt werden muss\, und wer nicht. Manche behau pten\, dass Hausärzt:innen künftig ein vielfaches an Patient:innen behan deln könnten\, wenn nur die richtigen technischen Hilfsmittel gefunden wu rden. Und längst befinden wir uns tatsächlich in einer Realität\, in de r Chats mit LLMs an vielen Stellen zumindest Dr. Google ersetzt haben.\n\n Weitere Lösungsansätze zielen auf mehr Eigenverantwortung ab: "Longevity " ist das Trendwort in aller Munde. Ein Ansatz der „Langlebigkeit“\, d er maßgeblich durch technische \nMaßnahmen gestützt sein soll: Selbstop timierung per App\, „KI“ als individueller Gesundheitsassistent und al lerlei experimentelle Untersuchungen. Die Grundidee: Wenn Menschen länger gesund bleiben und leben\, wird das Gesundheitssystem weniger belastet\, während Menschen länger zu Gesellschaft und Wirtschaft beitragen können . Die ideologischen Grundzüge und Geschäftsmodelle der „Longevity“ k ommen aus den USA\, von Tech-Milliardären und ihren Unsterblichkeitsfanta sien bis hin zu wenig seriösen Gesundheitsinfluencer:innen\, die am Ende oft mehr schaden als dass sie zu einem größeren Wohlbefinden ihrer Kund: innen beitragen würden - und trotzdem hunderttausende auf Social Media in ihren Bann ziehen.\n\nDer Vortrag zieht Verbindungslinien zwischen naiver Technikgläubigkeit\, aktuellen Diskursen im Gesundheitswesen\, ihren fra gwürdigen ideologischen Wurzeln und der Frage\, wie wir Herausforderungen und insbesondere sozialen Ungleichheiten im Feld der Gesundheit wirklich effektiv begegnen. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/ki-digitalisierun g-und-longevity-als-fix-fur-ein-kaputtes-gesundheitssystem END:VEVENT BEGIN:VEVENT SUMMARY:Pwn2Roll: Who Needs a 595€ Remote When You Have wheelchair.py? DTSTART:20251227T161500Z DTEND:20251227T171500Z DTSTAMP:20260406T223813Z UID:4435af8f-b96a-5593-be42-47a04ba5f47e CATEGORIES:official,Hardware DESCRIPTION:This talk depicts the reverse engineering of a popular electri c wheelchair drive system - the Alber e-motion M25: a several thousand eur o assistive device that treats mobility like a SaaS subscription. Through Android app reverse engineering\, proprietary Bluetooth protocol analysis\ , hours of staring at hex dumps (instead of the void)\, and good old-fashi oned packet sniffing\, we'll expose how manufacturers artificially limit e ssential features and monetize basic human mobility.\n\nWhat you'll learn: \n\n- how a 22-character QR code sticker\, labeled as "Cyber Security Key" \, becomes AES encryption\n- why your 6000€ wheelchair drive includes an app with Google Play Billing integration for features the hardware alread y supports\n- the internals\, possibilities and features of electronics wo rth 30€ cosplaying as a 595€ medical device\n- the technical implement ation of the "pay 99.99€ or stay slow" speed limiter (6 km/h vs 8.5 km/h )\n- how nearly 2000€ in hardware and app features can be replaced by a few hundred lines of Python\n- why the 8000€ even more premium (self-dri ving) variant is literally identical hardware with a different Boolean fla g and firmware plus another (pricier) remote\n\nWe'll cover the complete m ethodology: from initial reconnaissance\, sniffing and decrypting packets to reverse-engineer the proprietary communication protocol\, to PoCs of Py thon replacements\, tools\, techniques\, and ethical considerations of rev erse engineering medical devices.\n\nThis is a story about artificial scar city\, exploitative DRM\, ethics and industry power\, and how hacker-minde d creatures should react and act to this.\n\nThis talk will be simultaneou sly interpretated into German sign language (Deutsche Gebärdensprache aka . DGS). LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/pwn2roll-who-need s-a-599-remote-when-you-have-wheelchair-py END:VEVENT BEGIN:VEVENT SUMMARY:1965 + 60 Years of Algorithmic Art with Computers DTSTART:20251227T181500Z DTEND:20251227T191500Z DTSTAMP:20260406T223813Z UID:5aaab022-3cb6-5d1a-9326-eec204bbb8f1 CATEGORIES:official,Art & Beauty DESCRIPTION:We want to look at the complex topic of art created with compu ters\, beginning with some careful and barely noticed first experiments an d emerging into an ever more diverse and creative field\, from different a ngles. In particular\, we want to focus on the dynamics of power and how t hese developments were influenced by their context - from social movements to political pressure.\n\nWe want to start with explaining how the initia l developments\, both from an artistic - concrete art - and technological - the evolution of computers and the creation of the drawing machine Zuse Z64 in Germany and film techniques in the US\, respectively - took place. We will do so in the context of the first three exhibitions that all took place in the year 1965. Their artworks were created by Georg Nees in Stutt gart\, A. Michael Noll with Béla Julesz in New York and Frieder Nake with Georg Nees\, again in Stuttgart.\n\nIn the following\, we will try to giv e an outline of further developments. We provide examples how hierachies i n art and science have developed and played a role in different events. In the domain of computer-generated art\, similar to other art\, there are t wo large influences hidden for the typical recipent of this art - gallerie s and critics. We will discuss this exemplary with early exhibitions of Fr ieder Nake being described by the FAZ and later on\, how the east-west con flict has influenced the art and its exhibitions. Among other issues\, we discuss patriarchal structures\, the commercial side of art\, how old tech is sold as revolutionary and how progress is still as connected with thre atening feelings as in the early years.\n\nLooking back at the beginnings\ , it is interesting to observe how artists - also with an artistic\, rathe r than technical background - worked with the limitations and overcame the m. Fortunately\, the technological entry barrier to create algorithmic art yourself has drastically decreased over time and we want to encourage you to experiment yourself!\n\nFrieder Nake is creating algorithmic drawings and doing visual research since 1964. In 1971\, he published the influenti al essay "there should be no computer art" and he has been teaching comput er graphics at the University of Bremen for decades. Enna Gerhard is pursu ing a PhD in theory of computer science and creates algorithmic drawings i n the meantime. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/1965-60-years-of- algorithmic-art-with-computers END:VEVENT BEGIN:VEVENT SUMMARY:BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secr ets DTSTART:20251227T193000Z DTEND:20251227T203000Z DTSTAMP:20260406T223813Z UID:f09b0595-daf8-52ac-89cb-5cf5e222c3dc CATEGORIES:official,Security DESCRIPTION:In Windows\, the cornerstone of data protection is BitLocker\, a Full Volume Encryption technology designed to secure sensitive data on disk. This ensures that even if an adversary gains physical access to the device\, the data remains secure and inaccessible.\n\nOne of the most crit ical aspects of any data protection feature is its ability to support reco very operations in case of failure. To enable BitLocker recovery\, signifi cant design changes were implemented in the Windows Recovery Environment ( WinRE). This led us to a pivotal question: did these changes introduce any new attack surfaces impacting BitLocker?\n\nIn this talk\, we will share our journey of researching a fascinating and mysterious component: WinRE. Our exploration begins with an overview of the WinRE architecture\, follow ed by a retrospective analysis of the attack surfaces exposed with the int roduction of BitLocker. We will then discuss our methodology for effective ly researching and exploiting these exposed attack surfaces. Our presentat ion will reveal how we identified multiple 0-day vulnerabilities and devel oped fully functional exploits\, enabling us to bypass BitLocker and extra ct all protected data in several different ways.\n\nNotably\, the findings described reside entirely in the software stack\, not requiring intrusive hardware attacks to be exploited.\n\nFinally\, we will share the insights Microsoft gained from this research and explain our approach to hardening and further securing WinRE\, which in turn strengthens BitLocker. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/bitunlocker-lever aging-windows-recovery-to-extract-bitlocker-secrets END:VEVENT BEGIN:VEVENT SUMMARY:Throwing your rights under the Omnibus - how the EU's reform agend a threatens to erase a decade of digital rights DTSTART:20251227T204500Z DTEND:20251227T214500Z DTSTAMP:20260406T223813Z UID:bc5b663a-1e48-5525-afbd-1e6895b71db0 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:The new EU Commission has an agenda. What started with the rep ort of former European Central Bank chief Mario Draghi on Europe's "compet itiveness" has quickly turned into "getting rid of bureaucracy"\, then int o "simplification"\, and finally open "deregulation". What this means is t hat a large number of European laws that were adopted in the last decade t o ensure sustanabiliy\, protect human rights along the whole supply chain\ , or to ensure our digital rights\, are watered down\, and core elements a re scrapped. \n\nIn terms of the EU's digital rulebook\, it has already st arted in May with the deletion of a core compliance element in the General Data Protection Regulation (GDPR) - the obligation to keep records of you r processing activities. While it sounds harmless - all the other rights a nd obligations still appy - it means that companies have no clue anymore w hat personal data they process\, for which purposes\, and how. \n\nA much larger revision has been proposed on 19th November 2025\, with the "omnibu s" legislation dubbed "Digital Simplification Package". This will affect r ules on data protection\, data governance\, AI\, obligations to report cyb ersecurity incidents\, and protections against cookies and other tracking technologies. Furthermore\, the EU's net neutrality rules are scheduled to be opened for reform in December by the so called Digital Networks Act.\n \nIn this talk we discuss what to expect from the new EU agenda\, who is d riving it and how to resists. Our goal is to leave you better informed and equipped to fight back against this deregulatory trend. This talk may con tain hope. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/throwing-your-rig hts-under-the-omnibus-how-the-eu-s-reform-agenda-threatens-to-erase-a-deca de-of-digital-rights END:VEVENT BEGIN:VEVENT SUMMARY:The Eyes of Photon Science: Imaging\, Simulation and the Quest to Make the Invisible Visible DTSTART:20251227T220000Z DTEND:20251227T224000Z DTSTAMP:20260406T223813Z UID:44d1ae6d-febc-5035-8379-d2030e7f59a2 CATEGORIES:official,Science DESCRIPTION:X-ray imaging detectors have come a long way in the last 15 ye ars\, turning ideas that once seemed impossible into realities. Imaging de tectors in photon science are more than just high-speed cameras. They are complex systems operating at the limits of what’s physically measurable. Understanding how they behave before\, during\, and after experiments is essential to advancing both the technology and the science it enables.\n\n In this talk\, I’ll take you inside the world of detector simulation and performance modelling. I’ll explore how tools like Monte Carlo simulati ons\, sensor response models\, and system-level performance evaluations ar e used to:\n\n- Predict detector behaviour in extreme conditions (such as MHz X-ray bursts)\, and\n- identify critical performance bottlenecks befor e production.\n\nBy linking imaging technology with simulation and modelli ng\, we can better interpret experimental data and design the next generat ion of scientific cameras. Beyond the technical aspects\, this talk reflec ts on the broader theme of how we “see” though technology\, what it me ans to make the invisible visible\, and how simulation changes not only ho w we build instruments\, but also how we understand them. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/the-eyes-of-photo n-science-imaging-simulation-and-the-quest-to-make-the-invisible-visible END:VEVENT BEGIN:VEVENT SUMMARY:Building a NOC from scratch DTSTART:20251227T225500Z DTEND:20251227T233500Z DTSTAMP:20260406T223813Z UID:ab19e1f1-ca13-531e-9d30-0ca5b0c7551c CATEGORIES:official,CCC & Community DESCRIPTION:Zum Zeitpunkt der 29. Eurofurence (also dieses Jahr) hatte das Event eine Größe erreicht\, bei der typische Event-Locations unsere spe ziellen Anforderungen nicht mal eben so erfüllen konnten. Beispielsweise ist eine aufwändige Audio/Video-Produktion Teil der Eurofurence\, welche ein IP-Netz mit hoher Bandbreite\, niederiger Latenz\, niedrigem Jitter\, Multicast-Transport und präzise Zeitsynchronisierung benötigt. Deshalb w urde dieses Jahr das _Onsite Eurofurence Network Operation Center_ _(EFNOC )_ gegründet. Unsere Aufgabe sollte es sein\, alle Anforderungen der ande ren Teams kompetent zu erfüllen wovon wir euch in diesem Vortrag etwas au s dem Nähkästchen erzählen wollen.\n\nGrob haben wir wärend der EF29 d as Team etabliert und ein Netzwerk gebaut\, welches für A/V-Produktion\, Event-Koordination und Event-Management (z.B. Security\, Ticketing) benutz t wurde. Unser persönliches Ziel war es außerdem\, ein benutzbares WLAN- Netzwerk für alle Besuchenden über dies gesamte Event-Venue hinweg zu sc haffen – also von Halle H bis zum Vorplatz.\nUnsere Architektur bestand dafür aus einem simplen Layer2-Netzwerk mit VLAN-Unterteilung\, welches v on _Arista DCS-7050TX-72Q_ mit 40Gbit/s Optiken bereitgestellt wurde. Die Aristas haben außerdem ein PTP-Signal propagiert\, welches von einer Mein berg Master-Clock gesteuert wurde. Zusätzlich war ein Linux-Server als Hy pervisor für diverse Netzwerk-Services wie DNS\, DHCP\, Monitoring und Ro uting im Einsatz.\nSo zumindest der Plan\, denn während des Events wurden wir mit der Realität und vielen „spaßigen“ Problemen konfrontiert.\ n\nUnser Talk wird sich unter anderem mit diesen technischen Problemen bes chäftigen\, allerdings den Fokus nicht nur auf die technische Darstellung legen. Stattdessen werden wir auch beleuchten\, wie wir als Team menschli ch untereinander und in der Kommunikation mit anderen Teams damit umgegang en sind. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/building-a-noc-fr om-scratch END:VEVENT BEGIN:VEVENT SUMMARY:Lightning Talks - Tag 2 DTSTART:20251228T100000Z DTEND:20251228T120000Z DTSTAMP:20260406T223813Z UID:860a362f-4666-5fe0-9f0a-8d26485f730e CATEGORIES:official,CCC & Community DESCRIPTION:- **Lightning Talks Introduction**\n- **Chaos auf der Schiene: Die Wahrheit hinter den Verspätungen** — *poschi*\n- **EventFahrplan - The 39C3 Fahrplan App for Android** — *tbsprs*\n- **Quantum computing m yths and reality** — *Moonlit*\n- **Return to attacker.com** — *Safi*\ n- **Teilchendetektor im Keller? Ich habs gemacht. Die Theorie und der Bau einer Funkenkammer** — *Rosa*\n- **What's the most secure phone?** — *jiska*\n- **reverse engineering a cinema camera’s peripheral port** — *3nt3*\n- **Youth Hacking 4 Freedom: the European Free Software competiti on for teenagers** — *Ana Galan*\n- **From word clouds to Word Rain: A n ew text visualisation technique** — *Maria Skeppstedt*\n- **Spaß mit Br ettspielen** — *Marco Bakera*\n- **Creative Commons Radio - I really did n't want to become a copyright activist!** — *Martin*\n- **lernOS für D ich - Selbstmanagement & persönliches Wissensmanagement leicht gemacht** — *Simon Dückert*\n- **Was man in Bluetooth Advertisements so alles fin det** — *Paul*\n- **The Sorbus Computer** — *SvOlli*\n- **AI doesn’t have to slop - Introducing an open source alternative to big-tech AI agen ts** — *Kitty*\n- **Interoperability and the Digital Markets Act: collec ting experiences from the community** — *Dario Presutti*\n- **Leveraging Security Twin for on-demand resilience assessment against high-impact att acks** — *Manuel Poisson*\n- **A seatbelt for innerHTML** — *Frederik Braun*\n- **Toxicframe - Ghost in the Switch: Vier Jahre Schweigen in der Netgate SG-2100** — *Wim Bonis*\n- **KI³Rat = Mensch x Daten x Dialog** — *ceryo / Jo Tiffe*\n- **iPod Nano Reverse Engineering** — *hug0*\n- **Interfaces For Society - Wenn Demokratie Auf Protokollen Läuft** — * Pauline Dimmek*\n- **Security problems with electronic invoices** — *Han no Böck* LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/lightning-talks-t ag-2 END:VEVENT BEGIN:VEVENT SUMMARY:Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents DTSTART:20251228T123000Z DTEND:20251228T133000Z DTSTAMP:20260406T223813Z UID:05e9ba1f-11c5-5d4e-b907-4feecc857ae5 CATEGORIES:official,Security DESCRIPTION:During the Month of AI Bugs (August 2025)\, I responsibly disc losed over two dozen security vulnerabilities across all major agentic AI coding assistants. This talk distills the most severe findings and pattern s observed.\n\nKey highlights include:\n* Critical prompt-injection exploi ts enabling zero-click data exfiltration and arbitrary remote code executi on across multiple platforms and vendor products\n* Recurring systemic fla ws such as over-reliance on LLM behavior for trust decisions\, inadequate sandboxing of tools\, and weak user-in-the-loop controls.\n* How I leverag ed AI to find some of these vulnerabilities quickly\n* The AI Kill Chain: prompt injection\, confused deputy behavior\, and automatic tool invocatio n\n* Adaptation of nation-state TTPs (e.g.\, ClickFix) into AI ClickFix te chniques that can fully compromise computer-use systems.\n* Insights about vendor responses: from quick patches and CVEs to months of silence\, or q uiet patching\n* AgentHopper will highlight how these vulnerabilities comb ined could have led to an AI Virus\n\nFinally\, the session presents pract ical mitigations and forward-looking strategies to reduce the growing atta ck surface of probabilistic\, autonomous AI systems. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/agentic-probllms- exploiting-ai-computer-use-and-coding-agents END:VEVENT BEGIN:VEVENT SUMMARY:Live\, Die\, Repeat: The fight against data retention and boundles s access to data DTSTART:20251228T134500Z DTEND:20251228T142500Z DTSTAMP:20260406T223813Z UID:693e18d6-e777-596b-a21d-dd9e9f0282e6 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:The Specter of Data Retention is back in the political arena\, both as a harmonized\, EU-wide approach as well as being part of the coal ition agreement of the new German national government. Other countries hav e already recently implemented new data retention laws\, i.e. Belgium or D enmark. \nIn parallel\, access to all types of stored data – and not onl y data stored under a data retention regime – by law enforcement has bee n radically reformed by groundbreaking new legislation\, undermining both exiting national safeguards as well as protections implemented by business es aiming for a higher standard in cyber security and data protection. \n The talk will give an overview on recent developments for a harmonized “ minimum” approach to data retention under the Polish and Danish EU presi dency as well as the new German legislation currently under consideration. \nIt will introduce the upcoming international release mechanisms for sto red data under the e-evidence legislation\, the 2nd protocol to the EU cyb ercrime convention as well as future threats from the UN cybercrime conven tion. \nIt will address how a cross-border request for information works i n practice\, which types of data can be requested by whom\, and who will b e responsible for the few remaining safeguards – including an analysis o f the threat model and potential “side channel” attacks by cybercrime to gain access to basically all data stored by and with service providers. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/live-die-repeat-t he-fight-against-data-retention-and-boundless-access-to-data END:VEVENT BEGIN:VEVENT SUMMARY:Amateurfunk im All – Kontakt mit Fram2 DTSTART:20251228T144000Z DTEND:20251228T152000Z DTSTAMP:20260406T223813Z UID:0df52094-ee30-5d05-bf48-573a5eae1a8d CATEGORIES:official,Hardware DESCRIPTION:Schon kurz nachdem die ersten Satelliten den Weltraum eroberte n\, waren auch Amateurfunkende dabei und brachten ihr Hobby in dieses Feld ein. Auch bei Fram2\, der ersten bemannten Mission\, die beide Polarregio nen überflog\, war der Sprechfunkkontakt mit einer Universität fest eing eplant.\n\nDer studentische Funkclub "AFuTUB" (https://dk0tu.de) an der TU Berlin hat die Crew der Fram2 angefunkt – mit einem experimentellen Fun ksetup\, das für viele von uns Neuland war.\n\nWir geben Einblicke in zwe i intensive Wochen Planung\, Koordination und Aufbau\, den Betrieb einer ( improvisierten) Bodenstation\, sprechen über technische Hürden\, Antenne ndesign und Organisation – und wie wir schließlich mit der Astronautin Rabea Rogge im Weltraum gefunkt haben. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/amateurfunk-im-al l-kontakt-mit-fram2 END:VEVENT BEGIN:VEVENT SUMMARY:Lessons from Building an Open-Architecture Secure Element DTSTART:20251228T153500Z DTEND:20251228T161500Z DTSTAMP:20260406T223813Z UID:0c6e2d25-7014-5aaf-9c6a-b4347f0ff85c CATEGORIES:official,Hardware DESCRIPTION:This talk shares our engineering experience from designing and implementing an open-architecture secure element — a type of chip that is traditionally closed and opaque. We’ll outline the practical conseque nces of choosing openness as part of the security model: how it affected h ardware architecture\, firmware design\, verification\, and development wo rkflows.\nThe session dives into concrete technical areas including the se cure boot chain\, attestation and update flow\, key storage isolation\, an d the testing and fuzzing infrastructure used to validate the design. It a lso covers the boundaries of openness — where third-party IP\, export co ntrol\, or certification requirements force certain blocks to remain close d — and how we document and mitigate those limits.\nWe’ll present anon ymized examples of external security evaluations\, show how responsible di sclosure and transparent fixes improved resilience\, and reflect on what “community-driven security” means in a hardware context. Attendees sho uld leave with a clearer view of what it takes to make security verifiable at the silicon level — and why that process is never finished. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/lessons-from-buil ding-an-open-architecture-secure-element END:VEVENT BEGIN:VEVENT SUMMARY:Variable Fonts — It Was Never About File Size DTSTART:20251228T163500Z DTEND:20251228T171500Z DTSTAMP:20260406T223813Z UID:62a4c15d-6efb-5d85-b41d-5363e08ebeae CATEGORIES:official,Art & Beauty DESCRIPTION:When the OpenType 1.8 specification introduced variable fonts in 2016\, the idea was simple: combine all weights and styles of a font fa mily into one file and save file size and therefore bandwidth. Yet in 2025 \, variable fonts have become a platform for artistic and technical explor ation far beyond their initial goal.\n\nThis talk follows that transformat ion from the inside. It starts with a short history of flexible font techn ologies — Adobe’s Multiple Master and Apple’s TrueType GX formats of the 1990s (I am just mentioning the company names as they were the publis hers of these technologies) — and how they failed to become standards. I t then shows why variable fonts succeeded: many designers today are more t ech savvy and know some basic HTML\, CSS and maybe even some JavaScript. A nd at the same time all major browsers and almost all design apps support variable fonts by now.\n\nFrom there\, I present a series of first-hand p rojects where typography met code:\n– TypoLabs (2017)\, whose identity u sed a custom variable font animating between extremes of weight and width → the variable font family became the (probably forever) unpublished var iable font family Denman\;\n– Marjoree (2024)\, a pair of variable patte rn fonts based on hexagonal and pentagonal tilings that explore legibility and repetition\;\n– Kario (2025)\, a duplex variable font powering the 39C3 identity\, with uniwidth weights\, optical-size adjustments\, and typ ographic Easter eggs\;\n– and Bronco (2017?)\, an experiment using the a rbitrary-axis model for interpolation to escape the cube-shaped multiple m aster design space of traditional variable fonts.\n\nThe talk then moves f rom history to speculation. Early head-tracking experiments once tried to adjust a variable font’s optical size based on reader position — produ cing total chaos as text reshaped itself while being read. On the other ha nd this playful chaos marks the moment when things become truly interestin g: connecting a font axis to live data\, to mouse movement\, to sound\, to network input — anything that makes type responsive and alive. That’s the kind of misbehavior I want to talk about — not breaking for the sak e of breaking\, but using technology the “wrong” way to see what happe ns.\n\nThe talk will mix images\, a lot of short videos\, and a bit of beh ind-the-scenes insight into font development. It’s about what happens wh en design tools meet code\, and how that intersection keeps typography ali ve and unpredictable.\n\nLink list of variable font experiments:\nhttps:// kario.showmefonts.com/\nhttps://marjoree.showmefonts.com/\nhttps://www.bro nco.varfont.com/\nhttps://www.denman.varfont.com/\nhttps://www.seraphs.var font.com/ \n+ 39C3 visual identity LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/variable-fonts-it -was-never-about-file-size END:VEVENT BEGIN:VEVENT SUMMARY:Amtsgeheimnis raus\, Datenhalde rein: was die Informationsfreiheit in Österreich bringt DTSTART:20251228T181500Z DTEND:20251228T185500Z DTSTAMP:20260406T223813Z UID:7557e54c-89e9-530d-aafb-8736570661d4 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Die Kampagne – wie aus "binnen zwei Wochen" mehr als elf Jah re wurden\nDie Strategien – die man übernehmen kann\nDer Vergleich – wie ist Österreichische IFG im Vergleich zum Deutschen\, und ist das der richtige\nDie (besten) Preisträger – aus mehr als zehn Jahren des Schm ähpreises "Mauer des Schweigens"\nDie Datenhalde – mit Aufruf\, was aus dem Datenberg zu machen LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/amtsgeheimnis-rau s-datenhalde-rein-was-die-informationsfreiheit-in-osterreich-bringt END:VEVENT BEGIN:VEVENT SUMMARY:Prometheus: Reverse-Engineering Overwatch DTSTART:20251228T191000Z DTEND:20251228T195000Z DTSTAMP:20260406T223813Z UID:d08f6f41-a731-57f7-ba40-8f38464f2dcd CATEGORIES:official,Hardware DESCRIPTION:Hey you! Yes you! Do you want to pay for a game which gets for cibly taken away from you after only six years? Do you want to buy lootbox es in order to unlock cosmetics faster in the game you „own“?\n\nOverw atch 1 was released in 2016 to critical acclaim and millions of sales glob ally. It has permanently changed the hero-shooter landscape which was in m uch need of a fresh new game and playstyle. After a few hard years plagued with infrequent updates\, long overdue hero nerfs / reworks and broken pr omises\, Overwatch 1 was finally taken offline on October 3\, 2022.\n\nEve r since I started playing Overwatch I was fascinated by the game and it’ s proprietary engine\, Tank. Not much is known about it\, only that core c omponents were reused from the cancelled Blizzard IP\, Titan. It’s a sha me that this game (engine) is not getting the recognition it deserves. Fro m the entity-component architecture to the deterministic graph based scrip ting engine which handles (almost) everything which happens ingame\, it is a truly refreshing take on networking and game programming rarely seen in games. So\, considering this\, building a game server from scratch can’ t be that hard\, riiiight?\n\nJoin me in this documentation of my gradual descent into madness while I (jokingly) roast Overwatch developers for cod e which they probably do not even remember that theyve written 10+ years a go :)\n\nAll research presented in this talk was done on the first archive d\, still publicly available version which I could find\, 0.8.0.0 Beta (0. 8.24919)\, which got uploaded to archive.org. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/prometheus-revers e-engineering-overwatch END:VEVENT BEGIN:VEVENT SUMMARY:Wie wir alte Flipperautomaten am Leben erhalten DTSTART:20251228T200500Z DTEND:20251228T204500Z DTSTAMP:20260406T223813Z UID:1511188c-92ca-5002-b411-591b5f848e14 CATEGORIES:official,Hardware DESCRIPTION:Der Vortrag gibt einen Einblick in die verschiedenen Generatio nen von Flippern und deren Technik. Angefangen von elektromechanischen Ger äten aus den frühen Sechzigern\, über erste Prozessorsteuerungen\, bis hin zu modernsten computergesteuerten Automaten mit Bussystemen. Jede Gene ration hat ihre technischen Eigenheiten\, ihre typischen Fehlermuster und Schwachstellen. \nIn öffentlichen Räumen sind heutzutage kaum mehr Flipp er anzutreffen. Das liegt insbesondere daran\, dass deren Wartung aufwänd ig ist\, weil durch die mechanische Beanspruchung häufig Fehler auftreten . Bereits kleinste technische Probleme können den Spielspaß zunichte mac hen.\nDas Finden und Beheben von Fehlern erfordert viel Erfahrung – und manchmal Kreativität\, insbesondere wenn alte Bauteile nicht mehr verfüg bar sind oder kaum Dokumentation vorhanden ist. Technisch ist Sachverstand auf vielen Ebenen erforderlich\, vom Schaltplanlesen über Löten und ele ktronische Messtechnik\, bis hin zu mechanischem Know-how.\nDie Community der Flipper-Enthusiasten ist allerdings groß und kooperativ\, sodass auch private Sammler ihre Flipper am Laufen halten können. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/wie-wir-alte-flip perautomaten-am-leben-erhalten END:VEVENT BEGIN:VEVENT SUMMARY:How To Minimize Bugs in Cryptography Code DTSTART:20251228T210500Z DTEND:20251228T214500Z DTSTAMP:20260406T223813Z UID:3f442497-4f90-5868-ac13-3f4b0f857c59 CATEGORIES:official,Security DESCRIPTION:Over the last 10 years or so\, using mathematical proof assist ants and other formal-logic tools for cryptography code has gone from a re latively new idea to standard practice. I've been lucky enough to have a f ront-row seat to that transformation\, having started doing formal-methods research in 2015 and then switched to a focus on cryptography implementat ion since 2021. Code from my master's thesis project\, ["fiat-crypto"](htt ps://github.com/mit-plv/fiat-crypto)\, is [included](https://andres.system s/fiat-crypto-adoption.html) in every major browser as well as AWS\, Cloud flare\, Linux\, OpenBSD\, and standard crypto libraries for Go\, Zig\, and Rust (RustCrypto\, dalek). In addition to verifying code correctness\, de signers of high-level protocols like Signal's recently announced post-quan tum ratchet increasingly use mathematical tools (ProVerif in Signal's case ) to check their work.\n\nDespite the growing popularity of these formal t echniques and their relevance to personal information security\, few peopl e are aware of them\, and they maintain a reputation for being hard to lea rn and esoteric. I'd like to demystify the topic and show examples of how anyone can use proof assistants in small\, standalone ways as part of the coding or design process. My hope is that next time a colleague asks for r eview of a complex high-speed bit-twiddling algorithm\, instead of staring at the code line-by-line\, attendees of my talk will know they can write a computer-checked proof to confirm or deny that the algorithm achieves it s intended result. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/how-to-minimize-b ugs-in-cryptography-code END:VEVENT BEGIN:VEVENT SUMMARY:When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own W eapons DTSTART:20251228T220000Z DTEND:20251228T224000Z DTSTAMP:20260406T223813Z UID:9c5f59ba-255e-5446-9b31-13eebef85810 CATEGORIES:official,Security DESCRIPTION:Our journey began with a simple question: why are so many peop le losing money to fake convenience store delivery websites? The answer le d us through two distinct criminal architectures\, both exhibiting charact eristics of large language model–assisted development.\n\nCase 1 ran on PHP with backup artifacts exposing implementation details and query manipu lation opportunities. The installation package itself contained pre-existi ng access mechanisms—whether this was developer insurance or criminal-on -criminal sabotage remains unclear. We leveraged initial access to bypass security restrictions using protocol-level manipulation and extracted giga bytes of operational data.\n\nCase 2 featured authentication bypass vulner abilities that granted direct administrative access. The backend structure revealed copy-pasted code patterns without proper security implementation .\n\nThroughout both systems\, we observed telltale signs of AI-generated code: verbose documentation in unexpected languages\, inconsistent coding patterns\, textbook-like naming conventions\, and theoretical security imp lementations. Even the UI revealed LLM fingerprints—overly polished comp onent layouts\, placeholder text patterns\, and design choices that felt d istinctly "tutorial-like." These weren't experienced developers—they wer e operators deploying what LLMs gave them without understanding the intern als.\n\nThe irony? We used AI extensively too: for data parsing\, pattern recognition\, attack surface mapping\, and intelligence queries. The diffe rence was intentionality—we understood what the output meant.\n\nUsing o pen-source intelligence platforms and carefully crafted fingerprints\, we mapped over a hundred active domains following similar patterns. Each one shared the same architecture\, the same weaknesses\, the same developer mi stakes. This repeatability became our advantage. When scammers can redeplo y infrastructure in days\, you don't attack individual sites—you automat e the entire reconnaissance-to-evidence pipeline.\n\nThis talk demonstrate s practical techniques for mass-scale fraud infrastructure fingerprinting\ , operational security considerations when investigating active criminal o perations\, and methods to recognize AI-generated code patterns that revea l threat actor sophistication. We'll discuss the ethical boundaries of cou nter-fraud operations and evidence preservation for law enforcement\, alon g with automation strategies for sustainable threat intelligence when adve rsaries rebuild faster than you can report. The demonstration will show ho w to go from a single suspicious domain to a network map of 100+ sites and thousands of victim records—using tools available to any researcher.\n\ nThis isn't a story about elite hackers versus criminal masterminds. It's about two groups equally reliant on AI vibing their way through technical problems—one for fraud\, one for justice. The skill barrier has collapse d. The question now is: who has better context\, better ethics\, and bette r coffee? LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/when-vibe-scammer s-met-vibe-hackers-pwning-phaas-with-their-own-weapons END:VEVENT BEGIN:VEVENT SUMMARY:The Small Packet of Bits That Can Save (or Destabilize) a City DTSTART:20251228T225500Z DTEND:20251228T233500Z DTSTAMP:20260406T223813Z UID:0cc2fd2c-93de-5cb0-b10d-56e901b4acc4 CATEGORIES:official,Security DESCRIPTION:In this talk\, we’ll begin by contextualizing the importance of the seismic alert in Mexico City\, a system born from the devastating 1985 earthquake. We’ll examine how it was designed\, how it works\, and why it carries such a deep psychological impact.\n\nFrom there\, we’ll e xplore the history and design of Weather Radio and the SAME protocol\, loo king at how messages are transmitted and encoded through this technology\, and how it was later adapted for SASMEX. \n\nI’ll also share my persona l experience building compatible receivers\, from early open-source experi ments that inspired local manufacturers to create government-certified dev ices\, to developing a receiver as part of my undergraduate thesis.\n\nWe ’ll analyze how simplicity\, one of the key strengths of these systems\, also introduces certain risks\, and how these trade-offs emerge when deal ing with accessibility\, interoperability\, and security in system design. \n\nFinally\, I’ll demonstrate how to receive\, decode\, and encode thes e alert messages\, and discuss how\, with the right equipment\, it’s pos sible to generate such alert signals. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/the-small-packet- of-bits-that-can-save-or-destabilize-a-city END:VEVENT BEGIN:VEVENT SUMMARY:Lightning Talks - Tag 3 DTSTART:20251229T100000Z DTEND:20251229T120000Z DTSTAMP:20260406T223813Z UID:7fe75d23-5966-5dca-a736-e7664a475be3 CATEGORIES:official,CCC & Community DESCRIPTION:- **Lightning Talks Introduction**\n- **"Oma\, erzähl mir von der Zukunft" oder: Wie wir weiter interessante Sachen machen\, ohne den P laneten zu ruinieren 🌱** — *EstherD*\n- **Don't abuse the ecosystem: against overloading "ecosystem'** — *michele*\n- **The Climatepoetry.or g video tool** — *Magnus Ahltorp*\n- **Neo-Kolonialismus & Katzenbilder - Installation zur Lieferkette von GenAI** — *Rike*\n- **Build social in ventories with StashSphere** — *Maximilian Güntner*\n- **Invitation to the Fermentation Camp "Kvas 2026"** — *algoldor*\n- **Stretching nginx t o its limits: a music player in the config file** — *Eloy*\n- **2D Graph ics Creation with Graphite - How to Build a Hackable Graphics Editor** — *Dennis Kobert*\n- **The Modulator: a Custom Controller for Live Music Pe rformance** — *Jakob Kilian*\n- **Find hot electronic devices for cheap using Lock-In Thermography** — *Clemens Grünewald*\n- **Those Who Contr ol** — *Andreas Haupt*\n- **SearchWing - Search&Rescue Drones** — *sea rchwing team*\n- **Reducing E-Waste With The Reverse Engineering Toolkit** — *Raaf*\n- **Genetic engineering with CRISPR/Cas9: how far are we toda y from biopunk?** — *Dmytro Danylchuk*\n- **Discovering the Orphan Sourc e Village** — *Martin Hamilton*\n- **kicoil - generate planar coils in a ny shape for PCBs and ICs** — *jaseg*\n- **Trade Offer: Pentest Data for CTF Points** — *Sebastian*\n- **Soziologische Gabentheorie - Grundlage für die Bewertung von Social Media?** — *sozialwelten*\n- **Hacking ID3 MP3 Metadata** — *Danilo Erazo*\n- **ICANN HAZ .MEOW? How we're (trying to) make a TLD out of sheer audacity** — *dotMeow (Aris\, Ela\, LJ\, Wo rdloc)*\n- **Shitty Robots** — *Neo*\n- **UNIX v4** — *aap*\n- **WissK omm Wiki - Bibliothek für Videos und Podcasts** — *TimBorgNetzWerk*\n- **Lightning** — *Vi* LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/lightning-talks-t ag-3 END:VEVENT BEGIN:VEVENT SUMMARY:Watch Your Kids: Inside a Children's Smartwatch DTSTART:20251229T125000Z DTEND:20251229T133000Z DTSTAMP:20260406T223813Z UID:b51eb883-55db-5e30-9685-f7726b4da4d1 CATEGORIES:official,Security DESCRIPTION:Smartwatches for children have entered the mainstream: Adverti sed on the subway and sold by your cell provider\, manufacturers are charg ing premium prices comparable to an entry-level Apple watch.\n\nIn exchang e\, parents are promised peace of mind: A safe\, gentle introduction into the world of technology — and a way to call\, text\, and locate their ch ild at any time.\n\nBut how much are the vendor's promises of safety\, pri vacy\, GDPR compliance\, apps made in Europe and cloud servers in Germany actually worth?\n\nWe take you along the process of hacking one of the mos t popular children's watches out there\, from gaining initial access to ru nning our own code on the watch. Along the way\, we find critical security issues at every turn. Our PoC attacks allow us to read and write messages \, virtually abduct arbitrary children\, and take control over any given w atch.\n\nFinally\, we'll also talk about disclosure\, funny ideas of what passes as a security fix\, and how we can use what we found to build somet hing better. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/watch-your-kids-i nside-a-children-s-smartwatch END:VEVENT BEGIN:VEVENT SUMMARY:Making the Magic Leap past NVIDIA's secure bootchain and breaking some Tesla Autopilots along the way DTSTART:20251229T134500Z DTEND:20251229T144500Z DTSTAMP:20260406T223813Z UID:b98918cb-489e-5f5e-aa06-26753cb48418 CATEGORIES:official,Security DESCRIPTION:In mid 2024\, a friend approached me about Magic Leap making t heir TX2 based XR headsets little more than a paperweight by disabling the mandatory activation servers. I morally dislike this\, companies shouldn' t turn functional devices into e-waste just because they want to sell newe r devices.\n\nAfter obtaining one\, and poking at the Fastboot implementat ion\, I discovered it was based off NVIDIA's Fastboot implementation\, whi ch is source available. I found a vulnerability in the NVIDIA provided sou rce code in how it unpacks SparseFS images (named sparsehax)\, and success fully blindly exploited the modified implementation on the Magic Leap One. I also found a vulnerability in it that allowed gaining persistence via h ow it loads the kernel DTB (named dtbhax).\n\nStill unsatisfied with this\ , I used fault injection to dump the BootROM from a Tegra X2 devkit.\n\nIn the BootROM I discovered a vulnerability in the USB recovery mode. Exploi ting this vulnerability proved difficult due to only having access to memo ry from the perspective of the USB controller. I will explain what was tri ed\, why it didn't work\, and how I eventually got code execution at the h ighest privilege level via it. \n\nAs I will demonstrate\, this exploit al so functions on Tesla's autopilot hardware. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/making-the-magic- leap-past-nvidia-s-secure-bootchain-and-breaking-some-tesla-autopilots-alo ng-the-way END:VEVENT BEGIN:VEVENT SUMMARY:APT Down and the mystery of the burning data centers DTSTART:20251229T150000Z DTEND:20251229T160000Z DTSTAMP:20260406T223813Z UID:11d5c612-0e50-500b-b071-c4ba0dd076cd CATEGORIES:official,Security DESCRIPTION:In August 2025 Phrack published the dump of an APT member's wo rkstation. The attacker was most likely Chinese\, working on targets align ed with North Korea's doctrine. The dump was full of exploits\, attacker t ools and loot. Data from government networks\, cell carriers and telcos\, including server databases and loads or private keys stemming from the gov ernment PKI. The attacker had maintained a steady foothold in various targ ets in South Korea and Taiwan before accidentally "losing" their workstati on.\n\nThe dump sparked a government investigation\, and big corporations like LG\, Lotte and Korea Telecom were asked to explain themselves. The go vernment also mandated an on-site audit in the data center where the hacks had taken place. On the day of the audit\, some li-ion batteries in the d ata center mysteriously caught fire. The blaze destroyed close to 100 serv ers (which had no backup) and plunged public service in South Korea into d isarray. \nShortly after\, the Lotte data center burned as well - the corp oration had been victim of a breach recently\, albeit by a different threa t actor. In the beginning of October\, one of the officers examining the g overnment data center fire tragically died by his own hand.\n\nThe talk ai ms to revisit this mysterious sequence of events that was started by an ar ticle in Phrack #72. It doesn't hope to give answers or a solution\, but n arrates a story that could be from a spy thriller. Caution: Conspiracies a nd technical gore could be present.\n[TW: Suicide\, self-harm] LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/apt-down-and-the- mystery-of-the-burning-data-centers END:VEVENT BEGIN:VEVENT SUMMARY:Wer liegt hier wem auf der Tasche? Genug mit dem Bürgergeld-Fetis ch. Stürmt die Paläste! DTSTART:20251229T161500Z DTEND:20251229T171500Z DTSTAMP:20260406T223813Z UID:1e0b17f8-d1e2-5d75-b052-811b8f722b38 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Die neue Grundsicherung trumpft Hartz IV in seiner Grausamkeit und ist ein Damoklesschwert über Erwerbslosen und allen\, die Lohnarbeit machen. Zugleich nimmt die Zahl der Milliardäre und Mulitmillionäre ste tig zu. Finanzbetrug durch Überreiche wird mehr oder weniger tatenlos zug esehen\, während das Phantom des Bürgergeld-Totalverweigerers seit Jahre n durch die Medien getrieben wird. \n\nWie der Angriff auf den Sozialstaat sich auf die Betroffenen in der Praxis auswirkt und was wir als Zivilgese llschaft tun können\, um nicht nur tatenlos zusehen zu müssen\, darum ge ht es in diesem Talk. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/wer-liegt-hier-we m-auf-der-tasche-genug-mit-dem-burgergeld-fetisch-sturmt-die-palaste END:VEVENT BEGIN:VEVENT SUMMARY:Transkultureller Hack auf die klassische Musikszene – Vortrag un d Konzert DTSTART:20251229T181500Z DTEND:20251229T194500Z DTSTAMP:20260406T223813Z UID:cc2dc346-c1fc-58ad-a723-8472c9a8e5d1 CATEGORIES:official,Art & Beauty DESCRIPTION:Das transkulturelle Bridges Kammerorchester hackt die klassisc he Musikszene: es bringt Musizierende mit und ohne Flucht- und Migrationsb iografie zusammen und integriert Instrumente und Musikstile in die europä ische Orchestertradition\, die dort traditionell nicht vorgesehen sind. Ne ben klassischen Orchesterinstrumenten spielen Instrumente wie Oud\, Tar\, Tiple\, Kaval\, Kamanche\, Shudraga\, Daf und Riq zentrale Rollen.\n\nIhre Musik komponieren die Orchestermitglieder überwiegend selbst. Auch das i st ein Hack auf die klassische Musikszene\, die bisher überwiegend Werke verstorbener männlicher Komponisten interpretiert. So steht die Musik des Bridges Kammerorchester für Vielfalt und Selbstbestimmung und macht die Diversität der in Deutschland lebenden Gesellschaft hörbar. \nIm Vortrag zeigen Mitglieder des Bridges Kammerorchesters anhand von Erfahrungen und Hörbeispielen – live und per Video – wie sie die klassische Musiksze ne hacken. Sie geben Einblicke in ihren kollektiven\, heterogenen Komposit ionsprozess\, berichten von Freiheiten\, Herausforderungen und Erfahrungen mit Publikum und Veranstaltern. Persönliche Migrationsgeschichten verdeu tlichen\, wie diese die musikalische Perspektive und Identität des Orches ters prägen. Anschließend folgt ein Konzert\, das die Vielfalt ihrer Mus ik erlebbar macht.\n\n*Eine Aufzeichnung dieser Session ist verfügbar [au f dem YouTube-Kanal von Bridges](https://youtu.be/R0kzNxpKaJQ).* LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/transkultureller- hack-auf-die-klassische-musikszene-vortrag-und-konzert END:VEVENT BEGIN:VEVENT SUMMARY:Race conditions\, transactions and free parking DTSTART:20251229T200500Z DTEND:20251229T204500Z DTSTAMP:20260406T223813Z UID:28fc102e-a38e-51b2-a48b-530b0d0e49a9 CATEGORIES:official,Security DESCRIPTION:After the [Air France-KLM dataleak](https://media.ccc.de/v/37c 3-lightningtalks-58027-air-france-klm-6-char-short-code) I kept repeating this was not a real hack\, and confessed I always wanted to hack a system based on triggering race conditions because the lack of proper transaction s.\nThis was way easier than expected. In this talk I will show how just a dding `$ seq 0 9 | xargs -I@ -P10 ..` can break some systems\, and how to write safe database transactions that prevent abuse.\n\nIn this talk I wil l explain what race conditions are. Many examples of how and why code will fail. How to properly create a database transaction. The result of abusin g this in real life (e.g. free parking). LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/race-conditions-t ransactions-and-free-parking END:VEVENT BEGIN:VEVENT SUMMARY:Light in the Dark(net) DTSTART:20251229T210500Z DTEND:20251229T214500Z DTSTAMP:20260406T223813Z UID:414813ee-69f4-56ee-a013-f887f26d91d6 CATEGORIES:official,Science DESCRIPTION:Onion services can be considered one of the most controversial aspects of the Tor network\, because they allow the anonymous hosting of services\, which has enabled the creation of illegal services which are di fficult for law enforcement to shut down. Defenders argue that this is a p rice worth paying to ensure free speech for people who could otherwise not speak up or run their own services. \n\nThis obviously raises the questio n what onion services are being actually used for in practice. Many resear chers have tried to answer this question in the past. Based on their work we already know a few things: \n\n- 9% of all Websites on the Darknet are marketplaces [1]\n- 2.7% of all Websites on the Darknet are marketplaces [ 2]\n- 50% of all Websites on the Darknet are marketplaces [3]\n- 8.4% of a ll Websites on the Darknet are marketplaces [4]\n- 27% of all Websites on the Darknet are marketplaces [5]\n- 34.8% of all Websites on the Darknet a re marketplaces [6]\n\nNo\, this is not a copy and paste error\, all of th e above statements can be found in peer-reviewed scientific publications. All of these results are valid on their own and constitute valuable contri butions to science\, but it does not take an expert to notice the contradi ctions in their findings. \nThe reasons for these inconsistencies are the main topic of this talk. We will discuss the information available to res earchers and the limitations originating from it. Challenges and current d isagreements when it comes to interpreting available data will be addresse d along with common misrepresentations of research results. We will highli ght how the choice of data sources can predetermine the final result befor e a study has even begun\, how minor changes to definitions can lead to co mpletely different results and how important context is when interpreting data. \n\nArmed with this knowledge\, we can tackle the challenge to find out what we know about the Darknet\, what we might figure out in the futur e\, what we can reasonably assume but will never be able to prove\, and wh at we will (hopefully) never know. \n\n----------------------------------- ------\nSources\n[1] https://doi.org/10.1049/iet-ifs.2015.0121\n[2] https: //doi.org/10.1016/j.future.2024.03.025\n[3] https://doi.org/10.1145/360016 0.3600167\n[4] https://doi.org/10.1109/INFOCOM53939.2023.10229057\n[5] htt ps://doi.org/10.1109/ICDCSW.2014.20\n[6] https://doi.org/10.1080/00396338. 2016.1142085 LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/light-in-the-dark -net END:VEVENT BEGIN:VEVENT SUMMARY:Human microservices at the Dutch Railways: modern architecture\, a ncient hardware? DTSTART:20251229T220000Z DTEND:20251229T230000Z DTSTAMP:20260406T223813Z UID:f894f246-6bd4-5750-a66b-d073e37b7acd CATEGORIES:official,Hardware DESCRIPTION:When a train breaks down in the Netherlands\, a system of inte rconnected humans is shifted into gear. The current state of that system h as been developed for over 80 years and as such should be seen as an archi tectural marvel. Even though there is nowadays a significant amount of sof tware involved in the process\, the people involved are still very much ne cessary.\n\nThis talk describes the processes and roles involved in the Du tch railway day to day operations. We will start at a broken down train on a busy track and work our way towards solutions including dragging the tr ain\, evacuating travelers and redirecting other trains on that trajectory . We will explore this from a software developer's perspective. We will co nsider the people involved as an ancient form of hardware\, and the protoc ols between them as software. We will also go over the more modern additio ns to the system: phone lines and software running on actual computers.\n\ nAfter our investigation you will have a new understanding of the complexi ty of running a railway network. And we will ask ourselves: is this an out dated system that needs to be digitized? Or is this actually a modern syst em with microservices and a "human in the loop"? LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/human-microservic es-at-the-dutch-railways-modern-architecture-ancient-hardware END:VEVENT BEGIN:VEVENT SUMMARY:Spectre in the real world: Leaking your private data from the clou d with CPU vulnerabilities DTSTART:20251229T231500Z DTEND:20251229T235500Z DTSTAMP:20260406T223813Z UID:f1e6f4e2-875f-573c-9e68-8dfd52e29225 CATEGORIES:official,Security DESCRIPTION:Seven years ago\, Spectre and Meltdown were announced. These t wo vulnerabilities showed that instructions executed by the CPU might acci dentally access secret data. This secret data can contain files cached fro m disk\, cryptographic keys\, private information\, or anything else that might be stored in memory. An attacker can use Spectre to learn the value of that secret data\, even though the attacker is not supposed to have acc ess to it. \n\nEven though this sounds problematic\, there is a reason why these type of vulnerabilities haven't had a significant real-world impact . Mitigations make it much harder to pull off\, and an attacker needs a fo rm of remote code execution anyway to trigger the relevant CPU instruction s. If an attacker can already execute arbitrary code\, then Spectre is pro bably not what you should be worried about. For regular users\, these CPU vulnerabilities are likely not that much of a threat.\n\nHowever\, that is not the case for public cloud providers. Their business model is to provi de *remote code execution as a service*\, and to rent out shared hardware resources as efficiently as possible. Customers run their system in an see mingly isolated virtual machine on top of shared physical hardware. Becaus e customers can run anything they want on these systems\, public cloud pro viders must treat these workloads as untrusted. They have to assume the wo rst case scenario\, i.e. that an attacker is deliberately trying violate t he confidentiality\, integrity or availability of their systems\, and\, by extension\, their customers' systems. For transient execution vulnerabili ties like Spectre\, that means that they enable all reasonable mitigations \, and some more.\n\nIn this talk\, we show that transient execution attac ks can be used on real-world systems\, despite the deployed software mitig ations. We demonstrate this by silently leaking secret data from another v irtual machine at a major global cloud provider\, defeating virtual machin e isolation without leaving a trace. Additionally\, we'll discuss our coor dinated disclosure process\, the currently deployed mitigations and how fu ture mitigations could address the issue. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/spectre-in-the-re al-world-leaking-your-private-data-from-the-cloud-with-cpu-vulnerabilities END:VEVENT BEGIN:VEVENT SUMMARY:I Hated All The Cross-Stitch Software So I Made My Own: My Derange d Outsider Software Suite For Making Deranged Outsider Art DTSTART:20251230T100000Z DTEND:20251230T104000Z DTSTAMP:20260406T223813Z UID:c43046a1-bac9-54d3-a551-d86630e7ab3b CATEGORIES:official,Art & Beauty DESCRIPTION:Designing cross-stitch patterns\, I got frustrated with all th e programs which expected me to click around a canvas setting individual p ixels. I wanted a cross-stitch design software suite that I could drive wi th a Makefile\, which could give me an interactive interface for stitching or compile them to PDF. In short\, I wanted to say `echo "shutdown -h now " | embellish --border | export pattern --pdf` and get a design worthy of stitching on a pillow.\n\nSo\, I made the thing I wanted. I'll discuss the many yak shaves along the way (proprietary file format reverse-engineerin g\, OAuth2\, what 'color' even means\, unikernel hosting\, and more). I'll talk a bit about the joy of making something so you can make something\, and how it feels to craft software that is unapologetically personal. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/i-hated-all-the-c ross-stitch-software-so-i-made-my-own-my-deranged-outsider-software-suite- for-making-deranged-outsider-art END:VEVENT BEGIN:VEVENT SUMMARY:“End Of 10”: How the FOSS Community is Combatting Software-Dri ven Resource and Energy Consumption DTSTART:20251230T105500Z DTEND:20251230T113500Z DTSTAMP:20260406T223813Z UID:910e5f22-945b-5196-8e21-246acbcaadd3 CATEGORIES:official,CCC & Community DESCRIPTION:This is a talk about digital sustainability and the role softw are plays in hardware longevity. At the 38C3\, the End Of 10 campaign held a workshop to co-ordinate contributions across FOSS communities. Many peo ple currently involved started contributing after this workshop\, includin g 2 of the 3 presenters. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/end-of-10-how-the -foss-community-is-combatting-software-drive-resource-and-energy-consumpti on END:VEVENT BEGIN:VEVENT SUMMARY:Fossile Industrie liebt KI! DTSTART:20251230T115000Z DTEND:20251230T123000Z DTSTAMP:20260406T223813Z UID:49ceb68c-bcbe-592f-9c62-b1085f657190 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Obwohl die negativen Klimaauswirkungen generativer KI immer de utlicher werden\, sollen in ganz Europa Großrechenzentren gebaut werden u nd Deutschland „KI-Nation“ werden\, was ungeahnte „Wirtschaftskräft e freisetzen soll“ – zumindest\, wenn es nach der Bundesregierung geht .\n\nDer Ausbau der Recheninfrastruktur für generative KI benötigt viel Energie\, Wasser und Ressourcen\, was global zu Umweltschäden führt. Pro gnosen für die EU zeigen\, dass der Energieverbrauch in Zukunft so groß werden könnte\, dass der Ausbau der erneuerbaren Energien nicht mithalten kann – doch die fossile Industrie steht bereits in den Startlöchern.\n \nDer Hype um generative KI liefert ihnen die perfekte Begründung für de n Ausbau fossiler Infrastruktur- mitten in der eskalierenden Klimakrise. T ech- und Fossilkonzerne investieren massiv in neue Gaskraftwerke für ener giehungrige Rechenzentren. Dabei ist der wirtschaftliche Nutzen und die W ertschöpfung durch die Technologie weiterhin unklar.\nKlar ist: wir erleb en derzeit eine fossile Gegenoffensive im Gewand digitaler Versprechen. Au f Kosten des Klimas und der Zukunft.\n\nDieser Vortrag schließt an den Ta lk "Klimaschädlich by Design" vom 38C3 an und gibt Updates zu Entwicklung en in Deutschland und Europa. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/fossile-industrie -liebt-ki END:VEVENT BEGIN:VEVENT SUMMARY:We\, the EU\, and 1064 Danes decided to look into YouTube: A story about how the EU gave us a law\, 1064 Danes gave us their YouTube histori es\, and reality gave us a headache DTSTART:20251230T125000Z DTEND:20251230T133000Z DTSTAMP:20260406T223813Z UID:d397c338-c631-5a03-a335-e3043d49188c CATEGORIES:official,Science DESCRIPTION:**Talk Description**\nIn this talk\, we explore what happens w hen the European Union’s data access laws meet the practical realities o f platform research. The talk opens with a shared introduction\, where Dav id and LK set the stage: why social media platforms like YouTube matter fo r democracy and what the EU has done to make them more transparent.\n\nLK will then provide a short introduction into the legally mandated ways we c an currently use to access platform data: from the GDPR’s right of acces s\, the research data access provisions in the DSA\, to the portability ob ligations into the DMA. But access is not the same as insight\, a lesson D avid learned the hard way. Along with his team he invited over a thousand Danes to make use of their GDPR-right to their own data and donate their Y ouTube watch histories\, searches\, subscriptions and comments. Using the DSA\, the team then obtained meta-data on the millions of videos the data donors had interacted with. The goal: Seeing what the digital data traces YouTube collects from its users can tell us about the platform’s effect on people’s lives and society. Are the data carrying indicators of polar ization\, loneliness\, political extremism or any of the numerous other ai ls of society that YouTube has been suspected to cause? However\, the data are difficult to get a hold of\, messy\, not properly annotated\, and par sing them requires an almost archeological mindset. Together\, we will pee k behind the Youtube curtain\, shine a light on what platform data actuall y looks like\, and sketch out what can and cannot be learned from them. \n \nAll around Europe\, researchers are currently facing similar challenges\ , parsing cryptic user and platform data from Facebook and TikTok to porn sites and Zalando. The platforms implement the data access laws to achieve minimal compliance but not to provide meaningful transparency. Data gathe red by the DSA40 Data Access Collaboratory shows that application forms va ry widely\, researchers are rejected for non-compliant reasons\, and appli cations artificially stalled. Other researchers have shown that the data r eceived through some of the APIs is incomplete and inaccurate. In short: t here is a lot of space for improvement. But we do not need to wait for inv estigations into platform compliance to conclude.. The basic conditions fo r democratic oversight have been set\, which means that theoretically vari ous legal ways into the platforms exist for citizens\, researchers and civ il society. The question that remains is which levers to use to practicall y realise as much of this potential as possible. \n\n**About the Presenter s**\nDavid Wegmann is a PhD student at Aarhus University\, Denmark. He res earches social media and its societal effects using data science. As part of DATALAB\, he led the analysis of donated data for “Data donation as a method for investigating trends and challenges in digital media landscape s at national scale: The Danish population’s use of YouTube as an illust rative case” by Bechmann and colleagues (2025).\n\nLK Seiling coordinate s the DSA40 Data Access Collaboratory\, where they research the implementa tion of the DSA’s data access provisions. At the Weizenbaum Institute Be rlin\, they are also looking into research engineering and data access as well as technologically mediated risks for individuals\, society\, and sci ence. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/we-the-eu-and-106 4-danes-decided-to-look-into-youtube-a-story-about-how-the-eu-gave-us-a-la w-1064-danes-gave-us-their-youtube-histories-and-reality-ga END:VEVENT BEGIN:VEVENT SUMMARY:Infrastructure Review DTSTART:20251230T134500Z DTEND:20251230T144500Z DTSTAMP:20260406T223813Z UID:323248d0-1bcf-5440-a8b3-9d35d40fb06d CATEGORIES:official,CCC & Community DESCRIPTION:39c3 is a big challenge to run\, install power\, network conne ctivity and other services in a short time and tear down everything even f aster. This is a behind the scenes of the event infrastructure\, what work ed well and what might not have worked as expected. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/infrastructure-re view END:VEVENT END:VCALENDAR