With a dazzling laser show, the 26th Chaos Communication Congress (26c3) in Berlin, the last big security conference of 2009, has ended. If you haven’t been here, you might have missed fewer of the sessions than people on site, thanks to the worldwide availablility of live streams (and recordings). What you did miss was meeting all these people, though!

26c3 has simply outgrown the location it has occupied for the last few years, but this may be offset by a very successful experiment: allowing full remote access to the conference network via VPN for those who couldn’t attend. Other conferences should consider this (hey, Defcon team, are you reading this? 😉  ) as well, especially as air travel becomes less and less attractive.

During the last two days a number of the talks were on GSM security (Harald Welte, Dieter Spaar) and tracking phones (L. Aaron Kaplan). In case you missed Dan Kaminisky’s “Black Ops of PKI” earlier this year, we had another chance. Just before the closing ceremony, Frank Rieger and Ron repeated their session “Security Nightmares,” for the 10th time.

Security Nightmares was an entertaining, though a bit scary, summary of this year’s security issues and incidents, and a look at the future coupled with a wish list. Most notably, they’d like to see personal liability of executive management for the misuse of data. They call for a law for all companies to inform a customer or contact once a year about the personal data they have, what they did with it, and whom they shared it with or sold it to. The speakers repeatedly outlined the problem of data that people put online about themselves and their friends. Because pretty much all data leaks to the general public sooner or later, we need to take the utmost care when determining what to put online.

My personal rule: Don’t put anything online if you don’t want to see it on the front page of a newspaper.

I’ll finish with a quote from Security Nightmares (though I think it’s originally from Bruce Schneier): “Data is the pollution [problem] of the information age.” There’s something to think about when all the New Year’s Eve parties are over. Have a happy and secure 2010!