All videos

  • FSCONS 2017 - Jérémie Zimmermann - Love Against the Machine (0:48:17)
  • NUUG
  • An open discussion as an attempt at building a common understanding and a narrative around the questions of technological colonialism, the loss of control over our devices, and the need to rethink the way we liberate our computing. Computers changed over the last 20 years, from friendly machines we could understand, control and improve upon to black-boxed prisons designed at controlling us. How come we are now an increasing number to *hate* these machines, when we remember a past in which we used to passionately love them? From mobile computers (aka "smartphones") containing black-boxed baseband processors enabling remote control, and kicking the user away from properly owning his device, to generalized Intel CPUs and their "Management Engine" providing also a way for "real masters" of our machines to monitor and control all we do online, the age of the technological optimism is long gone. It is almost impossible today to buy a computer that isn't designed and built as an enemy of its user. This shift of modern computing towards "enemy machines" has a profound impact on geopolitics (think "Trump's NSA"), on power relationships (think "We know what you did online for the last 15 years") but also on our humanities and the way we relate to each other: If I cannot understand how a machine works, how will I ever improve it? How will I ever have a chance to participate in a society run by such black boxes? This open discussion will offer an attempt at a narrative to help us (re)frame the issues surrounding Free/Libre software, and the way we participate in these projects. From a purely technological perspective to a holistic vision based on understanding the ways we interact with each other, at large. Recorded by NUUG for FSCONS.
  • FSCONS 2017 - Karl Trygve Kalleberg - Taking back control of the software running on your hardware (0:43:49)
  • NUUG
  • Open technology is a fantastically appealing dream. Here in the real world, however, many of us struggle to get by with the increasingly closed platforms that define our digital life. In this talk, we discuss how to combat closed technology with open technology, through the supernerdy activity of reverse engineering.g is just a fancy name for taking things apart to understand how they work. We demonstrate how this can be done to closed-source software running on various different platforms. As part of our demonstration, we cover a handful of topics relevant for the intrepid hacktivist who wants to survive in the age of gated communities: * investigative capabilities available on closed mobile platforms (focus on Android and IOS) * trends in application sandboxing and digital rights management * gotchas of interoperating with proprietary protocols We’ll approach these topics through a series of adventures on the console, alongside our favourite traveling companion: Frida. She’s an awesome (libre!) tool for inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX. The examples throughout the talk may be somewhat technical, but taken from everyday examples most of the audience should be able to relate to. Even if programming and reverse engineering is not your thing, you still risk learning something by showing up. Recorded for FSCONS by NUUG.
  • FSCONS 2017 - Gustav Eek - Communication Infrastructure - a form of resistance (0:38:52)
  • NUUG
  • In this lecture the democratic principles of Fripost, the free email association (founded in 2010) will be presented. Infrastructure for electronic communication will be resembled with a common good (a resource). That using a critique of the public–private dichotomy, and the tragedy of the commons. I will then demonstrate how also complicated resources can (and must) be made subject to democratic control. The importance of Internet as communication medium can not be questioned. For those who take user freedom seriously it is saddening to see how the Internet has changed from being a common and highly distributed network to the increasingly privatised web we encounter today. In this lecture I will present the democratic principles of Fripost, the free email association which was founded as a reaction to that development. I will resemble infrastructure for electronic communication with a common good (a resource), and I will demonstrate how also complicated resources can (and must) be made subject to democratic control. Fripost and its foundation and democratic principals has been presented several times since its constitution in 2010, also at FSCONS. This is why the lecture also will take a different and broader stand, inspired by some recent readings. The Fripost initative will also be put in context of local struggles with global implication. In short, the idea that every resource needs an single responsible and managing owner is unsatisfactory as well as the dichotomy public–private. What is not managed can not yield profit. But some things are to important even to be managed. Naturally this touches on a critique (which has been presented many times before) of Hardin’s classical tragedy of the commons. Regarding the enclosure of the commons, management in it self causes the scarcity, The commons are not scarce resources that requires management. See ref url for further details. Recorded by NUUG for FSCONS.
  • FSCONS 2017 - Joakim Lundborg - Why we need free password managers (0:17:13)
  • NUUG
  • This talk will be about my experience building uis for the pass password manager, and some related concerns: * Why usability is a security feature *The need for free software password manages * Can this be a path to drive GPG adoption? Recorded by NUUG for FSCONS. https://github.com/cortex/gopass https://github.com/cortex/ripasso Recorded for FSCONS by NUUG.
  • FSCONS 2017 - Bradley Kuhn - The Crumbling Intellectual Infrastructure of Free Software & Free Culture Licensing (0:50:44)
  • NUUG
  • The license-importance-divide seems almost generational: the older generation cares about licenses and the younger generation does not. Yet, the historical focus on licensing in Free Software and Free Culture, while occasionally prone to pedantry to a degree only software developers can love, stemmed from serious governance considerations regarding how community members interact. Most importantly, a license choice of the project bears more heavily than any other decision on the inherent power dynamics that occur within a Free Software or Free Culture community. This talk explores both the historical motivations and modern reactions to licensing matters, and digs deep into understanding how the plethora of policy decisions around licensing, including not just the main license choice, but also CLAs, CAAs, promise documents, and even license bullying tactics, have impacted Open Source, Free Software, and Free Culture communities for both good and ill. The structure of Free licensing, which formed the bedrock for Free Software and Free Culture, remains more fragile than most people realize. With the advent of for-profit corporate interest in leveraging community-created freely licensed works, a fervor of excited community response to such interest has weakened community social structures. These structures, which historically supplemented the legally-backed licensing infrastructure to assure community resilience. Changes in both cultural perception and licensing education will likely be necessary to help rebuild these crumbling foundations. Recorded for FSCONS by NUUG.
  • FSCONS 2017 - Petter Joelson - Digidem Lab -- bringing together hackers and activists for social change (0:38:35)
  • NUUG
  • We live in a turbulent time, where many countries in Europe face the long term effects of austerity, the rising threat of right wing populism and a lack of or deteriorating trust in political process or impact. But in places like Iceland and Spain this trend has partly been countered thanks to collaboration between social movements and the civic tech community, by creating new forms of direct democratic participation with digital tools. In the workshop we explore successful examples of digital democracy projects and their relevance to our Nordic countries. How can we change the political landscape by a more extensive engagement in new technology for participation and how do we best collaborate between hackers and social movements? Digidem Lab is a new space in Gothenburg, Sweden, where young people come together to develop tech products for participation, as well as promoting and building on existing tools. We work in cooperation with social movements and bring together young activists, developers, designers and anyone who believes another world is possible. We believe new forms of participation need to come from below and spread to all sectors of society.
  • FSCONS 2017 - Patrice Riemens - Cryptocurrency meets Universal Basic Income (0:41:30)
  • NUUG
  • The concept of an Universal, unconditional Basic Income (UBI) is getting increasing traction in many political and economic circles, this in view of the major ('disruptive') changes society in general and the 'labor market' in particular are set to experience in the (very) near future. Though in its essence absurdly simple - the name says it all - UBI forms a complex tangle of issues, and is the subject of fierce debate. Demands for UBI are an outcome of a general discontent with the present dispensation and especially the role of finance in it. UBI also narrowly connects with the rise of a new - 'and dangerous' social class-in-forming (-Guy Standing): the 'Precariat.' Some developers of cryptocurrencies, often also members of the precariat themselves (even if the upper tier of it) -- being by definition adverse to the existing forms of (fiat) money, by now the private property of 'banksters' -- view UBI as being a uniquely appropriate platform to push thru the monetary transformation they envisage, by advocating to pay it out in (their) cryptocurrency . One of these cryptocurrencies, Duniter (1,2), even makes its own existence more or less contingent upon the existence of UBI. I am not so sure this is a good idea, and this has to do with the still unresolved, and, immo, quite fundamental problems with the 'usability' of cryptocurrencies with the population at large, and the likewise largely unresolved economic issues with the concept of cryptocurrency itself in general. Since doubt expresses uncertainty and a wish to discuss, I want to format my talk, just like I did when I discussed Bitcoin at the Göteborg FSCONS in 2015, as a dialogue with the audience, and then especially with the potentially 'tech solutionist' component in it. (1) https://duniter.org/en/presentation/ (2) http://basicincome.org/news/2017/01/interview-time-digital-basic-income/ Recorded for FSCONS by NUUG.
  • FSCONS 2017 - Vladan Joler - Networks of Metal, Sweat and Neurons (0:50:59)
  • NUUG
  • We will explore how they defined new forms of labor, exploitation and generation of enormous amount of wealth and power for their owners creating a deep economic gap between the ones who own and control the means of production and others who often live below the poverty line. We will explore different forms of immaterial labor, but also forms of hard physical labor and exploitation hidden behind fractal supply chains and invisible infrastructures of contemporary capitalism. Recorded for FSCONS by NUUG.
  • FSCONS 2017 - Maria Xynou - Collect evidence of Internet Censorship (1:07:18)
  • NUUG
  • Since 2012, the Open Observatory of Network Interference (OONI) project has been invesnsorship around the world. OONI's network measurement software has shed light on many scary, yet interein how information controls are being deployed. From Deep Packet Inspection (DPI) technology being used to block media websites during heavy political protests, to country-wide internet blackouts during elections and other events. This talk will highlight some of the most striking internet censorship events that have been detected by OONI over the last years, and will include a discussion of their relation and relevance to social and political events. This talk will also explain how you can take action to uncover evidence of internet censorship in your country and beyond. Recorded by NUUG for FSCONS.
  • When exploits are blind - Chris Dale (0:49:11)
  • NUUG
  • Demonstration based presentation. Only intro and outro powerpoint slides. Demonstrate user enumeration using timing attacks. Especially prominent when companies have implemented bcrypt/scrypt/pbkdf#2. Attack vector which is very useful in many cases today, notably against Lync/Skype4B installations today. Further password spray into a solution. Discover, analyze and fully exploit reverse-shell command injection. How to find these across large systems? How dose vulnerability scanners work, and how do they detect this? Introduction to Burp Collaborator. Introduction to script for merging attack data into hundreds of Burp Collaborators. Discover, analyze and fully exploit blind SQL Injection. Demonstrating Burp Intruder cluster bomb attack to enumerate out table data. Recorded at the OWASP Norway Day by NUUG.
  • Modern Web Application Vulnerabilities - Erlend Oftedal (0:44:04)
  • NUUG
  • With the emerging popularity of bug bounty programs, lesser known and even brand new vulnerability classes are gaining popularity. This talk will give a walk-though of some of these vulnerabilities, how they occur in modern web applications and how they can be found and fixed. Recorded at the OWASP Norway Day by NUUG.
  • The State of Your Supply Chain - Andrew Martin (1:03:21)
  • NUUG
  • Container security often focuses on runtime best-practices whilst neglecting delivery of the software in the supply chain. Application, library, and OS vulnerabilities are a likely route to data exfiltration, and emerging technologies in the container ecosystem offer a new opportunity to mitigate this risk. Treating containers as immutable artefacts and injecting configuration allows us to "upgrade" images by rebuilding and shipping whole software bundles, avoiding configuration drift and state inconsistencies. This makes it possible to constantly patch software, and to easily enforce governance of artefacts both pre- and post-deployment. In this talk we detail an ideal, security-hardened container supply chain, describe the current state of the ecosystem, and dig into specific tools. Grafeas, Kritis, in-toto, Clair, Micro Scanner, TUF, and Notary are covered, and we demo how to gate container image pipelines and deployments on cryptographically verified supply chain metadata. Recorded at the OWASP Norway Day by NUUG
  • Machine Learning for Security - Alan Saied (0:47:37)
  • NUUG
  • The ability to mathematically classify patterns, predict events and/or identify abnormalities within a wide range of data is known as Machine Learning. For the purpose of this conference , we explain the power of data and how it can be used with Machine Learning models to identify abnormal behaviour within complex environments. We also explain the ingredients and the steps required to build a Machine Learning models to serve security tasks. This will further be followed by its complications in terms of false positives, accuracy of detection and validity of model and how this can be improved. Recorded at the OWASP Norway Day by NUUG.
  • Linux Security APIs and the Chromium Sandbox - Patricia Aas (0:53:47)
  • NUUG
  • The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk. Recorded at the OWASP Norway Day by NUUG.
  • Venn av Nøff (0:06:08)
  • Empo AS
  • Det er høst og tid for Nasse Nøff å komme inn i varmen etter en lang sesong ute i hagen. Søndag 2.november hadde foreningen Venn av Nøff sin årlige innbæring. I tillegg blir det utdeling av NÆ!-prisen. Følg med.
  • What We’ve Learned From Billions of Security Reports - Scott Helme (0:59:29)
  • NUUG
  • Running one of the largest security reporting platforms of its kind, we handle billions of security reports for our customers every single month. Come and learn how we've scaled from handling 10,000 reports per month to 10,000 reports per second and the many evolutions our infrastructure has gone through. Alongside that come and see how, with our bird’s-eye view of such a diverse ecosystem, we’ve helped identify malware in a multinational organisation, had a malicious browser plugin taken down and much more! Recorded at the OWASP Norway Day by NUUG.