FEDIDEVS

38C3 2024

Dive into 29 insightful Mastodon posts from 38C3 2024 by Jared Naude on Day 1 featuring key discussions, trending topics, and highlights from the conference.

Add your voice to the conversation by posting with the #38C3 hashtag on Mastodon.

About 38C3 2024

The 38th Chaos Communication Congress (38C3) takes place in Hamburg on 27–30 Dec 2024, and is the 2024 edition of the annual four-day conference on technology, society and utopia organized by the Chaos Computer Club (CCC) and volunteers.

Filter by most active accounts

Filter by conference day

Info

Day 1 (3803)

Jared Naude (140)

Jared Naude @[email protected]

Dec. 27, 2024

We've not been trained for this: life after the Newag DRM disclosure by Michał Kowalczyk (@redford), q3k, Jakub Stepniewicz #38c3

18 11 1

Jared Naude @[email protected]

Dec. 27, 2024

The third challenge is selective disclosure where a user can choose which data is sent however when it comes to digital signatures, the data cannot be edited or changed. The fourth challenge is unlinkability, where transactions cannot be chained together to track / profile people. #38c3

0 0 1

Jared Naude @[email protected]

Dec. 27, 2024

There are many use cases like opening a bank account to using SAAS services. The law has already been passed but should be implemented by 2026, however there are some issues. #38c3

0 0 1

Jared Naude @[email protected]

Dec. 27, 2024

EU Governments as part of eIDAS will be offering wallets to citizens that will have many capabilities to allow signing documents, identifying yourself among others. #38c3

1 0 1

Jared Naude @[email protected]

Dec. 27, 2024

ACE up the sleeve: Hacking into Apple's new USB-C Controller by @stacksmashing #38c3

1 0 1

Jared Naude @[email protected]

Dec. 27, 2024

The manufacturer showed several misleading photos during their presentation and even included photos of trains that were in a different workshop which had no relevance to the discussion. Nothing was mentioned about the software locks. #38c3

5 0 1

Jared Naude @[email protected]

Dec. 27, 2024

Classic signatures where built for machines and not people. Machines don't care about privacy but people do. Cryptographers were asked about the options to solve this problem. Anonymous credentials could be used to solve this problem through zero knowledge proofs (ZKP). The use of ZKP can enable the proof of data without revealing the underlying data. For example, you can prove that you are older than 18 without revealing your date of birth. #38c3

1 1 1

Jared Naude @[email protected]

Dec. 27, 2024

One of the issues is over asking, relying parties must register public use cases around what data they need. However, the EU wants to leave it to members to decide what will happen. The user must be warned what data will be shared. #38c3

0 0 1

Jared Naude @[email protected]

Dec. 27, 2024

The second issue is unobservability where tracking an profiling can take place. The eIDAS can enable surveillance depending on how it is implemented. If the private keys are local, there is not much metadata that needs to be sent. However, if this is handled by government HSMs, this can enable surveillance through the use of metadata. #38c3

0 0 1

Jared Naude @[email protected]

Dec. 27, 2024

The team reported the findings to the authorities. Deloitte also assisted with the audit. In December 2023, the team went public in Worsaw and then at 37c3 in Hamburg. #38c3

9 0 1