Posts Tagged ‘conference’

« Older Entries

IRISS Conference 2009

Sunday, November 22nd, 2009

I had the joy to attend the first annual IRISS Conference 2009 which is a for free conference held by IRISS, the Irish CERT.

It was about cybercrime in general and there were speaker from e.g. SANS, IRISS -the local cert- or Team Cymru which I already enjoyed at DNF CERT Conf at the beginning of the year.

One talk I attended was by a local polices cybercrime investigation team. He basically talked about the goodness of creating movement profiles with GSM data and ISP keeping IP to customer data to catch criminals…

Then we participated in HackEire, a Capture the Flag style contest. We ran second. Not too bad for our sucky preparation and the fact that we spent more than an hour to make a Mac share its 3G uplink with two Linux Notebooks over (encrypted -didn’t work-) WiFi. The game network was 10.0.1.0/23 and the Mac automatically and not changable was 10.0.2.0/24. Although the networks overlapped by one bit I expected it to work for the majority of the packets being sent. But we failed. Hard. So hard, that the Mac couldn’t take part in the game anymore… I need to polish either my understanding of networking or my passion for hating Apple.

This CtF, however, was a bit different since there was one virtual network for everyone. I.e. no team had an own server or an own virtual network. There were four machines which were supposed to be owned in a given order. That wasn’t immediately clear and there were many tarpits to waste a lot of time. I.e. a Kernel in a supposed-to-be vulnerable version which is not exploitable, or a separate PHP user for the Webserver with a locked down home directory, tempting you to mess around with PHP scripts to investigate.

And the end of the day, the contest was about collecting secret keys to decrypt a file afterwards. The secret keys were more or less obviously lying around once the machine has been pwned. Passphrases to that secret keys were either user passwords or otherwise easily guessable strings.

The Machines were:

  1. Linux Webserver. To be 0wned with a password being served on a page from the webserver. A bit obfuscated though, so that one had to use the source. Once SSHed to that host, secrings were lying around in ~/gnupg/. Also, weird processes were running that connected to a strange host outside the network (4) to send a password over the wire.
  2. BIND on windows (sic!). To be pwned via the conficker exploit. Also, one should crack a users password using THCs Hydra.
  3. Linux Mailserver. With SSH Server only visible when coming from (1). Log in with password from (2). Machine was running an old kernel, thus sooner or later you g0t root. Then search for keyring in home directories. Also, crack the shadow using a John that’s capable of cracking SHA256 (i.e. not the most recent version shipped with Ubuntu).
  4. “hidden” DB server on Windows, only connectable from (1). You could find that machine by looking at the network interfaces of (1). You’d see that it has a second interface with a different IP thus inviting you to scan the new subnet. Luckily, there was an smbclient on (1) and with credentials from (1), one could enumerate all users (smbclient -L). Then, with the other credentials found on (1), connect and get keyring as well as final encrypted file.

That final file could be decrypted using keys and passphrases obtained earlier. Out came an ELF binary that looked, smelled and quacked like “ls”. However, it contained a steganographically hidden text file. Using a standard stego tool shipped with Backtrack, it’s possible to obtain the very final CSV file.

I not only liked the fact that they posted hints on the wall every now and then, but also that they actively walked around, talking to the teams and helped them actually achieving stuff. In fact, I wouldn’t even have thought about transferring zones from that BIND instance using AXFR or checking the machines whether they have an smbclient installed.

While we were playing, I bricked my sudo by trying to add a line without knowing the syntax. I couldn’t do sudo nano /etc/sudoers afterwards as it couldn’t parse the file, effectively leaving me without root access. I think I’ll better use visudo now…

Tags: , , ,
Posted in lang:en, life | No Comments »

jOEpardy at Easterhegg09

Friday, October 30th, 2009

I held a jOEpardy session at Easterhegg09! I guess, you know what a Jeopardy is, if not, have a look at the Wikipedia :-P

The people were entertained and hopefully learned something ;-) Sadly, the hardware didn’t really work :( The buzzer were somewhat broken so that we actually had to try to see (with our eyes) who pushed the button first. Funnily enough, I *did* test the setup extensively just 10 minutes before the gig! Very weird.

The Questions can be found here: Round 1, Round 2, Round 3, Round 4. But it doesn’t make much sense without the jOEpardy software, unless you parse the XML on your own.

The software is a Java Application which was initially written by TriPhoenix! I haven’t written Java for a long time and I have to admit, that writing Java with Eclipse is actually fun! Eclipse is so smart and tightly integrated in the build process that it’s quite easy to write, build and debug. I wish there was such a good IDE for C or Python. Sadly, I think that Java Code is bloated although <2.500 LoC for a jOEpardy is not too bad I’d say :-)

I actually thought I could release the jOEpardy code by now (and thus waited with this post…), but I still have to resolve copyright questions.

Tags: , , , ,
Posted in CCC, lang:en | No Comments »

Datenspuren 2009 – Call for Participation

Tuesday, September 1st, 2009

Die Datenspuren in Dresden gehen wider erwarten in eine neue Runde! Es ist schoen zu sehen, dass sich ein neues Organisationsteam im C3D2 Umfeld geformt hat und die gemuetliche Konferenz ans Laufen bringt. Obwohl ich selber noch nie da war, soll es eine ueberschaubare Konferenz sein, die sich weniger um Technik, als um praktische Datenvermeidung und Risiken der glaesernen Gesellschaft dreht. “Hands off – Privacy on” lautet das diesjaehrige Motto: Finger weg von den Grundrechten; der eigenen Privatsphäre bewusst werden.

Datenspuren 2009 Flyer Front

Datenspuren 2009 Flyer Front

Wenn du also am 03.10.2009 und 04.10.2009 nichts vor hast, bist du herzlich eingeladen nach Dresden in die Scheune zu kommen! Der Eintritt ist frei.

Auch darfst du ueber das Pentabarf deinen Vortrag oder Workshop einreichen, die Schwerpunkte sollen dieses Jahr sein:

  • Datenspuren im täglichen Leben
  • Missbrauch von Daten
  • Rechtslage
  • Sicherheit und Prävention
  • Digital Resistance
  • Hacking
  • Technikfolgenabschätzung
  • Informationsfreiheit
  • Aufklärung und Diskurs
Datenspuren 2009 Flyer Back

Datenspuren 2009 Flyer Back

Tags: , , , ,
Posted in CCC, lang:de | No Comments »

Back from HAR2009

Thursday, August 20th, 2009

I have just arrived from HAR2009 which was a very awesome event! We were camping for 5 days, drinking beer and attending lectures. Some of us visited Workshops, but sadly I didn’t. I probably was too busy attending talks and visiting the Toasti booth ;-)
Har2009 Logo

The CCC has built up a great Dome as well as a big tent for hacking. CCCHH brought Milliways, the last pub at the end of the universe and it was a really cool place to hang out. There were many people from different countries which made it really interesting and enjoyable to just be there. Last but not least, the beer was great ;-)

Others have brought a GSM Network! How awesome is that?! Harald Welte and his fellow GSM-Tent members have set up the “42″ Network and we were able to place as many (internal) phone calls and SMS as we liked. Of course, we started to script that ;-) So I found out, that sending an SMS via a serial connection to my phones modem is as simple as the following lines:

import serial
import time
 
DEVICE = '/dev/ttyACM0'
 
def send_sms(nr, msg):
    ser = serial.Serial(DEVICE, 115200, timeout=1)
    ser.write('AT\r')
    line = ser.readline()
    line = ser.readline()
    assert line == "OK\r\n"
 
    ser.write('AT+CMGF=1\r')
    line = ser.readline()
    line = ser.readline()
    assert line == "OK\r\n"
 
    ser.write('AT+CMGS="%s"\r' % nr)
    ser.write('%s\n' % msg)
    ser.write(chr(26))
    time.sleep(3)
    lines = ser.readlines()
    print lines
    ser.close()

Sadly, I couldn’t hack more with the GSM network because it was shut down rather early and I didn’t use my computer much during the lecture time. So next time I’ll try to reproduce the Curse of Silence and play around with PDU SMS.

So I have been to a lot of interesting villages and I met some interesting people but sadly GNOME people couldn’t make it. Maybe we’ll have a GNOME Village next time… :) If you are interested in how the camp looked, watch this impressions movie or click through the media.

The next CCCamp will probably be in two years and according to rumours it’ll happen in Finowfurt again. I’m really looking forward to that event!

Tags: , , ,
Posted in CCC, lang:en | 1 Comment »

BufferOverflow Workshop at EasterHegg09

Sunday, August 16th, 2009

During Easterhegg I held a workshop together with hc. It was about Buffer Overflows, which used to be the most common security vulnerability a couple of years ago.

We gave a talk explaining the basic concepts of processes and how they work on x86 machines. This was heavily packed with information and I really think we couldn’t make everything clear in the first run. But as it was planned as workshop, we intended to give people stuff they can chew on ;-) Basically, we took stuff from the excellent Phrack article  Smashing the Stack for Fun and Profit which is nearly 13 years old by now.

As modern operating systems protect themselves against the consequences of buffer overflows, we prepared a virtual machine with QEmu/KVM so that exploits will work. It’s an old debian woody with an SSH daemon and build essentials.

Of course I have changed the image in the last minutes, because I wanted to improve it. And of course something went terribly wrong: The root filesystem was corrupted and fsck deleted important files, leaving the image in a useless state. We had to port my changes back to the old image.

Of course, we wanted to distribute the ~1GB image among our workshop guests. As we expected 50 people to show up and didn’t want to stress the WiFi so much, I intended to use BitTorrent, but it’s not as easy and smart as it could be: We are NATted, so using an external tracker would FAIL. Also, it can’t multicast the packets, which would perfectly make sense if many people start to download the torrent in the same network. We ended up having a usb pendrive and a thttpd serving the tarred image. Not very smart or efficient.

After the people ran that images, they couldn’t login with SSH due to a mysterious heisenbug. I suspect our last-minutes changes to be the culprit but I can’t provide a more technical error description. The SSH daemon worked quite well *in* the image, but as soon as you wanted QEmu to redirect the traffic into the machine, it FAILed: The connection was established, but no data was transferred. Could be a bug in QEmu as well.
The people either worked through the QEmu widget or set up a TUN device to get the network up and running…
That pissed some people off which then left. We ended up with 20 people trying to hack themselves :)

We prepared examples in the image, some of them copied from Gera, e.g.:

/* stack1.c                                     *
 * specially crafted to feed your brain by gera */

int main() {
	int cookie;
	char buf[80];

	printf("buf: %08x cookie: %08xn", &buf, &cookie);
	gets(buf);

	if (cookie == 0x41424344)
		printf("you win!n");
}

The people were supposed to make the program print “you win!”. If you know, how a stack works, it’s actually simple. Do you know, what input you have to feed in order to win!?
Oh, you don’t want to compile this program with anything other than -O0 because the compiler rearranges the variables on the stack so that you can’t overwrite the integer…

In the end, I think I am satisifed with the workshop, although things could have worked better. We had pretty smart people which were really curious how stuff works. They have learned a lot and I guess they had fun with that as well :)

Tags: , , , ,
Posted in CCC, lang:en | No Comments »

Gran Canaria Desktop Summit

Thursday, July 16th, 2009

The GCDS has just finished and I think it was a great and successful conference. It was the first joint aKademy + GUADEC conference and I feel it turned out quite well. We could have had more explicit collaboration or more attention on the “other” talks, but I think the people have to get used to the fact that there are people with different approaches who you can talk to. Let’s hope it’ll be a joint convention next year as well (I always wanted to spend a week or two in Finland…).

The registration process was a bit weird, because the organizers wanted to know private data without even trying to make clear what they are used for. In fact, the only thing I could see (even from a retro perspective) is to collect the data. As I’ve stated in a mail buried in this thread, I don’t really like that for several reasons and I hope that the next organization committee will not collect absolutely necessary data.

The first day began with a RMS keynote for me. I expected it to be really bad because for some reason the people say that RMS’ talks are boring, stubborn and repetitive. I’ve never heard a RMS talk before and I couldn’t apply any of these critics onto his talk. In fact, I really liked and enjoyed it, although it was not necessarily pleasant to listen because he disagrees with our decisions: He doesn’t like to see new applications to be written in C# because the Software Freedom Law Center doesn’t think that the Community Promise guarantees that Microsoft will not charge patent fees. I am not into that topic but I believe that the SFLC does a good job. And I also trust the SFLC more than I trust Microsoft. So it’s not about patents in general (which should be abolished anyway) but rather about not putting too many weight onto our Desktop so that we can get rid of C# apps easily in case of fire^W ugly patent stuff. And I don’t know what’s not clear about that: As the risk seems to be there and we want to have a free desktop in the future, we have to watch out now to not fall into a Bitkeeper trap.

I also don’t agree with travis or lefty who think the reference to an EMACS virgin is sexist or mixing different topics (software freedom and religion in this case) is unhealthy. RMS clearly referred to the Christian church and it’s habits, so if there is anything bad, it’s to be search in these circles. Also, virtually everyone has cheered after RMS’ performance. And I wouldn’t go that far and call all the audience sexist. Actually, I dislike the idea of (computer) engineers answering sociologists questions for the same reason I don’t ask a sociologist in case of computer trouble (I like it, when they think, talk and discuss about it though). From an intersectional point of view, I’d ask whether the strong focus on women is actually sexist, because there is clearly more than one domain we have minorities in. Take Blacks, Jews, Disabled or Queers or people with an inside out belly button for example. By constantly reciting that women are a minority, we could actually harden this situation instead of making it disappear. I could actually write a paper about it, as I need one for university anyway to finish my Gender Studies.

The parties were all awesome, thanks to Canonical, Nokia, Igalia and Collabora who really know how to throw a good party. I wonder why Google didn’t show up though.

I also have to thank the GNOME foundation for sponsoring my trip to Gran Canaria! It’s really good to see that my contributions are valued and that I can improve them by attending various talks and sessions. This year was especially useful because we could attend the KDE peoples sessions. I especially enjoyed being at the KDE bugsquad sessions to share and improve ideas.
Sponsored by GNOME!

Although I took some photos, I won’t upload them to flicker, but the people seem to tag their photos with “gcds” or “guadec”. I have looked through a couple of them and they seem to be all good. But I couldn’t make it through all of them as there are way too many.

Two major drawbacks were the relocation of the conference and the Internet connectivity during the event: We moved from the rather central Alfredo Kraus Auditorium to the suburban University on the fourth day or so. That was inconvenient because it took ages to get there. The Internet thing is totally unrelated to the organizers, but left a bad taste anyway. The uplink was totally broken with a packet loss with up to 75% in “So6-0-0-0-grtmadno1.red.telefonica-wholesale.net”.

I’m looking forward to next years GUADEC or maybe “TDS”… :-)

Tags: , , , , , ,
Posted in GNOME, lang:en | Comments Off

Bugsquadding Talk on GCDS

Friday, July 10th, 2009

I just had my talk with Pedro and I think it went quite well.

We talked about how to do QA in GNOME and how to use our tools properly. There were about 30 people listening and discussing with us. It was a great honour to meet the bugsquad heros like Philip, Akhil and guenther. Thanks to Andre to look over our slides.

Besides telling about our infrastructure, we slightly discussed alternative ways to access our bug database: There seems to be DeskZilla and Mylyn to work with bugzilla through the XML-RPC API. I haven’t tried Deskzilla yet (the GNOME key link is broken atm), but Cosimo says it doesn’t work with the GNOME bugzilla probably because it’s heavily patched. I wonder when we’ll migrate to Bugzilla-3…
I tried Mylin but it unfortunately doesn’t work either :( You can query and show the bugs but you can’t update them. It’s a pity because I think that webinterfaces suck in general and our GNOME bugzilla in special.

Although the intended target group wasn’t there, we managed to recruit triagers :) Let’s hope they’ll stay with us for a while. You can find the bugsquad-slides.

I followed the KDE Bugsquad BoF and we discussed several things. They seem to have more fundamental problems than we do, especially getting the bugzilla used by the developers. I collected a couple of ideas: Given that you can’t edit bugs right away if you just have created an account, would it be good to automatically set editing right once a user has commit permissions on the VCS? What about a bugsquad (micro) blog to keep the community informed and involved? It could be a good idea to have kind of a monthly digest which will be sent around. I also envy the KDE Bugdays which apparently are a lot of work, but also potentially recruits new bug triagers. Maybe one could write an webapp for managing the work involved…

Tags: , , , , , ,
Posted in GNOME, lang:en | 2 Comments »

mrmcd0×8 – Call for Participation

Monday, July 6th, 2009

Die MetaRheinMain ChaosDays gehen in eine neue Runde *yay*! Ich werd’ wohl dieses Jahr nicht koennen, aber ich war ja nun auch schon oft genug dort ;-) Wenn du einen Vortrag oder einen Workshop einreichen willst, benutze bitte das Pentabarf. Ein Grund, etwas einzureichen (oder um einfach nur hinzugehen) ist das Pornophonique Konzert! Wirklich empfehlenswert.

c&p von der offiziellen Seite:

Der CCCMZ, C3F2M, CCC Mannheim, oqlt, der IT Stammtisch Darmstadt und CDA laden zu den achten MetaRheinMain ChaosDays ein.

Die MetaRheinMain Chaosdays 0×8 sind ein jährlich stattfindender Kongress, der dieses Jahr unter dem Motto “Zurueck zum Thema” mit den Themenschwerpunkten Journalismus, Gesellschaft und Technik vom c3f2m Frankfurt, CCCmz (Mainz/Wiesbaden), der Hochschulgruppe Chaos Darmstadt, dem AK Vorrat und weiteren regionalen Gruppen im Rhein-Main-Neckargebiet organisiert wird. Die MRMCDs finden dieses Jahr vom 04.09-06.09.2009 an der Technischen Universität Darmstadt statt. Drei Tage lang werden Vorträge, Diskussionen und ein Hackcenter geboten.

Die Vorträge und Workshops richten sich mit Themen sowohl an die breite Öffentlichkeit, als auch an spezialisierte Interessen. Auf diese Weise soll die wissenschaftliche Anbindung und der Bezug zum aktuellen öffentlichen Diskurs gewahrt werden. Folgende Schwerpunkte bilden das Rückgrat der Veranstaltung:

  • Journalismus
  • Gesellschaft
  • Technik

Darunter fallen z. B.: Wahlmaschinen, Überwachung, Kryptographie, IT-Sicherheit, Biometrie, Vorratsdatenspeicherung, BKA-Gesetz, Elektronische Gesundheitskarte, Auswirkung der Weiterentwicklung von Technik auf die Gesellschaft, Chaos Kultur, Projekt- und Selbstmanagement.

Tags: , , ,
Posted in CCC, lang:de | Comments Off

16th DFN CERT Workshop 2009

Tuesday, June 30th, 2009

Again, I had the great pleasure to attend the annual DFN Workshop which takes place in the Conference Center Hamburg (ever thought about, why they haven’t called it “Konferenz Zentrum”?).

dfn-cert logo

It’s more “tieish” than a Chaos Communication Congress but it’s still comfortable being there. Most people have a strong academic background so they were used to jeans and pullovers as well ;-)

The first person to speak was a Dr. Neil Long from Team Camry and he spoke about the underground economy. They claim to research and investigate in that area and make deals with the criminals. He showed IRC logs most of the time and it was quite funny to see how the people interact with each other. They actually do speak 1337 and even I had a tough time reading their conversation ;-) He explained in great detail how the underground is organized. He claimed, that there are specialists for everything, everywhere. Programmers, Exploit-writers, Webhosts, Credit Card stealers, yadda yadda. Everything has it’s price and that is paid through various online money trasferring systems.

The next guy talked about Exploit Toolkits for the Web. He named various kits, like MPack, IcePack, NeoSploit, FirePack or UniquePack. They basically allow you to create a drive-by download site and deploy a given payload. The programs itself are split up into two parts. A server part which actually exploits a browser and makes it download and execute a loader program which in turn downloads the second stage – the real malware to be run on the victims machine. The other part is a binary to create that first-stage program. I spent some time in searching for those toolkits and downloaded some of them. That required me to learn some Russian ;-)
This first-stage part opens an interesting attack vector to the wannabe hackers: Many Web Exploit Toolkits were infected with malware themselves. Because you have to run a strange smelling binary to create your first-stage excutable, you might run foreign malware yourself. I actually don’t understand, why this loader thing is such a big issue. I assume you could deploy your malware in first place without having it loaded through a staging program.

The next interesting talk was given by the smart guys from Red Team Pentesting, which is a pretty interesting company actually. Former students founded that company and they do professional Pentesting. I have to admit, that I envy them a little. It must be a great job with a lot of interesting stuff to see. Anyay, they talked about jBoss insecurities. It seems that jBoss comes with development configuration and the people don’t change them to productive values but blindly bind their server to the network. It turns out that you can get shell access through nearly a handful ways, even if a smart administrator has locked some ways down. Also, many corporate or governmental site are driven by a jBoss server and -which is the interesting part- have a weak configuration. They have an interesting statistic that shows that only 8% of the JBoss servers out there are reasonably secure.

How secure is the JBoss Web?

How secure is the JBoss Web?

I was actually bored by just one talk. It was about GRID Firewalls. While the topic is interesting in general, the guy made me fall asleep :- That’s a pity, because I believe he knew what he was talking about and had valuable information to deliver, especially due to his strong emphasis on practical problems. Maybe he can get his talk accepted next year and improve his talking skills.

After the first day, we visited the Groeninger Braukeller which was a real blast! They have one of the finest beers I know of. Also the food in there is delicious. It’s a perfect atmosphere to get together and discuss the talks you’ve just listened to. I also took the chance to meet old friends which I haven’t seen for a while.

Probably due to the massive amount of food and beer, I couldn’t sleep well that night and I thus was very tired the second day. I’ve listened to the talks but I couldn’t make it to the ModSecurity workshop :( It’s really annoying, because I actually wanted to attend that session! I do use ModSecurity at some projects and I think it’s a good tool. A reallife-relevant workshop would have been great.

So, if you have nothing else to do on 2009-02-09, consider coming to Hamburg and enjoy the 17th DFN Workshop!

Tags: , , ,
Posted in lang:en, life | Comments Off

Bericht zur KIF

Friday, June 12th, 2009

Ein kurzer Nachtrag zur Pressemitteilung, die ich ungern so im Raum stehen lassen moechte. Zum einen gibt es genug Kritik am Grundgesetz selber und zum anderen sind ein paar Worte zur Dortmunder KIF nötig.

KIF37.0 Logo

Ein zusammenfassender Bericht zur KIF befindet sich im FSR Blog. Ich habe nicht das Gefuehl, dass dem noch mehr hinzuzufuegen ist. Der ist zwar nicht so schoen zu lesen, wie der vom letzten Mal, aber fuer Erst-KIFfels gut geeignet um einen Eindruck zu bekommen.

Zum organisiatorischen vor Ort: Die Dortmunder Orga war ziemlich unentspannt. Ueberhaupt scheint es in Dortmund einen Regel-Fanatismus zu geben: Beim Betreten eines Busses muss mensch zu jeder Zeit sein Ticket vorzeigen, der Busfahrer haelt auch mitten in der Nacht nicht ausnahmsweise mal an einer Zwischenhaltestelle an und im Schwimmbad muss mensch nicht nur beim Betreten, sondern auch beim Verlassen seine Zugangsberechtigungskarte vorzeigen. Das hat uns in unserer Demo-Vorbereitungs-Phase ziemlich behindert: Weil wir die Rechner nicht mal eben auf dem Tisch verschieben konnten, die Tackernadeln wohl ein extrem wertvolles Gut waren und es insgesamt irgendwie schlechtes Karma gab, haben wir viel von unserer Vorbereitungs-Zeit mit dem Finden von Alternativplaenen verbrannt. Besonders geaergert hat mich, dass die Orgas eine schriftliche (sic!) Bestaetigung der (muendlich angemeldeten) Demo haben wollten. Nur um sicherzugehen, dass das alles rechtens sei. Weil ich mit den Polizisten vor Ort, also in der Innenstadt, verabredet war, bot ich an, dass ja ein Orga mitkommen koenne, weil so ein Gespraech von Polzist zu Anmelder beweist ja wohl ziemlich gut, dass alles mit rechten Dingen zugeht. Aber darauf wollte man sich aus unbekannten Gruenden nicht einlassen.

Demo in der Stadt

Ob die Grundrechtsdemo ueberhaupt so schlau war, ist eine interessante Frage. Zwar wird unser Grundgesetz viel gelobt und gepriesen, aber es gibt durchauch kritische Stimmen, die unser Grundgesetz aus verschiedenen Gruenden schlecht finden. Zur Geschichte unseres GGs gibt es bei Telepolis einen informativen Artikel. Zur spannenden Kritik schreibt das Magazin auch und ich finde, es gibt wirklich einige interessante Punkte. Ich koennte diese jetzt aufzaehlen und windige Akademiker machen das wohl auch so, aber ich glaube, dass die original Zitate die beste Quelle des Wissens sind :P

Trotz der Kritik finde ich, dass die Bewusstseinsschaffung gut und wichtig war. Unser Grundgesetz mag zwar nicht das Beste sein, aber ohne verbriefte Grundrechte moechte ich lieber nicht leben.

Tags: , , ,
Posted in lang:de, uni | Comments Off

« Older Entries