After a while, my blog finally received love it deserved. The biggest change is that I migrated the blog from Octopress to Hugo, which is a fast static site generator written in Go. The overall feeling stayed the same, but the blog maintenance is much easier for me. I am still finding my way around Hugo, but so far it works nicely. Another change is that this site is being hosted on Github Pages.
I arrived at CCH in the afternoon and headed directly for NOC Review talk. Guys did really wonderful job, although the Wifi was a problem. I really liked some network facts: ~70 access points, great signal coverage 3059 concurrent wireless clients connected during peaks traffic usage of 8.2 Gbps 40% of traffic being IPv6 Video can be found here. The 29C3 was really nice experience and I will definitely return back to 30C3.
Third day of the Congress was filled with some number of interesting talks I visited. I started with a talk, in which I was interested the most - An Overview of Secure Name Resolution - DNSSEC, DNSCurve and Namecoin. Speaker gave great introduction into DNSSEC and also talked about its deployment rate. He also spoke DNSSEC’s use in amplification attacks and suitable countermeasures. DNSCurve and Namecoin was discussed as well. From this talk, it is clear that DNSSEC is the way forward.
I started this day with visiting talk by Axel Arnbak titled Certificate Authority Collapse. Axel talked about the current model being completely broken (nothing new in the security community) and that the change is needed. He described the DigiNotar incident. The European Union wants to address this issue by regulations, which do more harm than good. If the CA model is broken, it should be fixed technically and not by law.
29c3 is my first Congress I visited. It returned to Hamburg after 8 years of being held in Berlin and is located at the Conference Center Hamburg (CCH). First day’s talk were mostly non-technical ones. Not my department by Jacob Appelbaum proposed that people should develop more software like Tor or similiar tools. The second talk titled Enemies of the State: What Happens When Telling the Truth about Secret US Government Power Becomes a Crime was about breaking the US constitution by the US goverment and the rise of spying practices after 11th September 2001 covered as the fight against the terrorism.
DNSSEC is an amazing piece of technology. DNSSEC data is digitally signed. The validating DNS server can check if the data it receives is identical to those on the authoritative DNS server. This helps us mitigate DNS cache poisoning. I have signed my domain back in January 2012, signing my zone by hand. However, I forgot to resign my zone and the zone signature expired making it unresolvable. This made me wonder how could I automatize the whole process.