27C3

[hirez]

... Looks to have been a bit of a stormer.

Here's the list of talks.

Here's the list of mirrors for video download.

Rop's keynote is well worth the half-hour. He's right about Wikileaks, Anonymous and Defcon, and is just a good chap. Text version here.

Other stuff I shall be viewing when it gets encoded and uploaded:

Contemporary Profiling of

Comments

[steer]

Doh -- https and no valid certificate -- from the sort of place which should be sticklers for that kind of thing.

Interesting keynote.

[hirez]

You're assuming a 'valid' root CA is worth something. This was demonstrated not to be the case at a previous CCC.

(That comes across as too po-faced. IIRC there is a sensible reason why CCC and Hxx don't bother with a cert signed by one of the roots distributed in popular browsers.)

[steer]

You're thinking of things like the null character attacks? Isn't that fixed? It was pretty minor (not to disrespect Kaminsky who does good work). Or is there some other attack I don't know of.

[hirez]

Well, there's this thing: http://www.gnucitizen.org/blog/thoughts-on-the-certificate-authority-attack-presented-at-ccc/

Or it could be that cacert.org are a good bunch of chaps.