We just published the so-called “Fahrplan” for 25C3. Take a look.
Tags: Events, CCC, 25C3, Schedule, FahrplanFeeds
6078 items (0 unread) in 72 feeds
-
Watchfire Application Security Insider
-
BlogSecurity
-
sirdarckcat
-
Google Online Security Blog
-
CGISecurity.com: Your Web Site and Application Security Resource
-
Switch/Twitch
-
mybeNi websecurity
-
cat slave diary
-
SecuriTeam Blogs
-
Curiouser and Curiouser
-
Alex's Corner
-
Billy (BK) Rios
-
Chris Shiflett
-
christian's weblog
-
funkatron.com
-
GNUCITIZEN
-
The Spanner
-
hackademix.net
-
Ruby on Rails Security Project
-
It's a shampoo world anyway
-
Web Security Blog
-
ha.ckers.org web application security lab
-
Yet Another Infosec Blog
-
PHP Security Blog
-
Security Thoughts
-
Sunnet Beskerming Security Advisories
-
Disenchant's Blog
-
Sylvan von Stuppe
-
Larholm.com
-
The Turkey Curse
-
Jeremiah Grossman
-
Anurag Agarwal - Application Security Evangelist
-
Ivan Ristic
-
deep inside | security & tools
-
omg.wtf.bbq.
-
BlueHat Security Briefings
-
Tactical Web Application Security
-
tssci security
-
Plynt Penetration Testing Blog
-
Michael Howard's Web Log
-
Security Retentive
-
BindShell.Net
-
Dominic White's .tHE pRODUCT
-
SecurityFocus News
-
Justice League
-
Schneier on Security
-
Rational Survivability
-
terminal23
-
1 Raindrop
-
hiredhacker.com
-
Matasano Chargen
-
-
Michael on Security - Musings on Information Security
-
Fortify blog
-
The Art of Software Security Assessment
-
GDS Security Blog
-
Vodun.org
-
Robert Penz Blog
-
Mark Curphey - SecurityBuddha.com
-
Liminal states
-
Security Ripcord
-
ModSecurity Blog
-
IBM Internet Security Systems Frequency X Blog
-
Suspekt...
Items by fukami
The Turkey Curse
-
25C3: Schedule online
Posted: November 24th, 2008, 5:20pm CST by fukami
Tags: Events CCC 25C3 Schedule Fahrplan [edit]
-
Deepsec, 25C3, CGNSec and everything else
Posted: November 6th, 2008, 3:48am CST by fukami
Tags: Events Security Deepsec OWASP 25C3 [edit]
Next week I will stay in Vienna to join Deepsec. Last year the conference was just amazing and I’m also looking forward to visit Metalab, one of my favorite hacker spaces. BeF and me will have a talk about ActionScript 3 obfuscation/de-obfuscation and other fun stuff with byte code. BeF released a new version of erlswf which is capable of disassembling AS3 and returning this disassembly as JSON. If you are interesting in those things you should check it out. BeF will hopefully blog about erlswf in detail (hinthint :)
During the last weeks I was one of the persons who looked through all the submissions (nearly 300!) for the 25C3. I was also involved into the decisions what talks will take place. I won’t tell much, but I think it will be interesting and much more focussed on technical topics rather than meta-blabla like the last years. BeF and me are going to speak about Flash stuff at 25C3 as well and we will also release a paper for the conference proceedings.
In November I will be at OWASP Germany 2008 in Frankfurt and talk about RIA security. I’m still not 100% sure what I will exactly talk about, but I think I will focus on difficulties one has to face when auditing complex RIA applications. Most people already know that I’m not a big fan of OWASP since it’s much to much vendor centric in my point of view (but, well, I don’t like to start a big rant here right now). Anyways, I’m looking forward to meet Alexios from n.runs and Martin at the conference.
Last month Stefan and me founded CGNSec. The idea is to meet security people and researchers from the Cologne/Bonn area to talk about unfinished ideas and projects as well as having some beers. Yesterday there was the second meeting and it was real fun. There were even some EZB guys from Frankfurt and we had some interesting conversations. I hope we will have some presentations from time to time, since there are quite some people with interesting stuff. I also hope that the MWCollect guys from Bonn are joining us next time.
Some personal notes: I got engaged with my girlfriend. Since she’ll go to Hamburg beginning of next year to join Henri Nannen Journalist School I will probably leave the Rhineland in between the next two years (well, not before she will finish). I really feel sad somehow, since I feel home here. But after her studies she will probably not coming back, so I will follow her sooner or later.
I joined a carnival society some months ago called “Beueler Stadtsoldaten”. The Rhenish Carneval is starting in a couple of days and I will have quite a couple of events where I will do some dancing (nothing to complicate really) - and I’m thinking about starting a blog or Soup where I like write about some experiences, post some photos and tell about all the dirty little things happen there. I will probably announce it using my Twitter account.
Last but not least a little advertising: End of November the book of Mario Heiderich, Christian Matthies, Johannes Dahse and me will be published by Galileo Press. It’s in German and it calls “Sichere Webanwendungen” (secure web applications). I was only responsible for everything related to Flash, so most of the work was done by the others. The nice thing is that it will be published only using my nick, not my real name :)
Tags: Events, Security, Deepsec, OWASP, 25C3, CGNSec, Beuel, Stadtsoldaten -
re:publica, Bluehat and PH-Neutral
Posted: March 26th, 2008, 5:50am CDT by fukami
Tags: Events Security republica08 Bluehat PHNeutral [edit]
The next couple of weeks I’m going to speak at some interesting and completely different events. Next week I will be at [re:publica][republica] in Berlin doing a tunneling workshop. Last year there was a screen at the entrance of re:publica showing the output of dnsniff. Some people got very pissed because of their passwords turning up in full HD quality. So Markus had the idea of this workshop and asked to do that in order to give the attendees a possibility to protect themself. The re:publica is going to be very big this year (800 attendees all together as far as I know) and a lot of old friends will show up I haven’t seen in a while.
The next event I’m going to visit is [Bluehat v7][bluehat] in Seattle. I’ve never been to the States before, so I’m really excited going there - especially because Microsoft is the reason which I still find very weird. I’ll give a presentation together with [Manuel Caballero][manuel] about [Silverlight][silverlight] and how it compares to Adobe Flash security-wise. Only a few of the speakers of Bluehat are already known to me. Beside [Lieutenant Dan][dan] and [kuza55][kuza] I’m looking forward to got to know [Sowhat][sowhat]. We tried to invite him to one of the past [Chaos Communication Congresses][c3] but it was far more complicate than we thought because of problems with the visa. I’m also looking forward to got to know [Billy Rios][bk]. I guess he and [Nitesh][nitesh] will talk about [Phishing][interview].
In May I’ll be at [PH-Neutral][phneutral] and give a presentation together with [BeF][bef] entitled “SWF and the Malware Tragedy”. The talk is about static analysis of SWF bytecode and we hopefully have some more time to look into less known SWF bytecode obfuscation techniques. BeF and me also wrote a [paper][paper] with the same title which is mainly about using Erlang programming language based [erlswf][erlswf] for SWF bytecode analysis.
Tags: Events, Security, re-publica08, Bluehat, PH-Neutral, Flash, Silverlight, SektionEins, FlashSec[republica]: http://re-publica.de/08/
[bluehat]: http://blogs.technet.com/bluehat/
[manuel]: http://www.cracking.com.ar/
[dan]: http://doxpara.com/
[kuza]: http://kuza55.blogspot.com/
[sowhat]: http://secway.org/
[c3]: https://events.ccc.de/congress/
[bk]: http://xs-sniper.com/blog/
[interview]: http://www.net-security.org/article.php?id=1110
[bef]: http://pentaphase.de/
[paper]: https://www.flashsec.org/mediawiki/images/5/57/SWF_and_the_Malware_Tragedy.pdf
[erlswf]: http://code.google.com/p/erlswf/
[phneutral]: http://ph-neutral.darklab.org/
[silverlight]: http://silverlight.net/
[nitesh]: http://dhanjani.com/ -
Controlling access to Local Shared Objects aka Flash Cookies
Posted: December 6th, 2007, 1:05pm CST by fukami
Tags: xcorpitx..by hacked by xcorpitx...by [edit]
[LSO][LSO], also known as Flash Cookies or Flash Shared Objects, are somewhat nasty: There are persistent across browsers, don’t get deleted on browser exit nor is there an obvious way for viewing and managing them. One possibility is to use [NoScript][NoScript], disable Flash entirely or disable read/write access to the directories where they get stored is another. But I personally find it interesting to see what sites are actually using those cookies for tracking. So a good solution for this specific issue would something to take back control and have an overview over those sites without giving them access to LSOs.
There is one simple solution and it is even supplied by [Adobe][Adobe] itself: The [Flash Player Settings Manager][Flash Player Settings Manager]. It’s actually a Flash movie which is able to access the file system and store the settings.
I know, it is weird that it resides on Adobes website and it is far from being perfect at all since it would be much nice to have a real interface to it.
[Flash Player Settings Manager]: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html
Tags: flash, adobe, lso, shared_object, security, tracking, cookie, persistent
[LSO]: https://www.flashsec.org/wiki/Shared_Objects
[NoScript]: http://noscript.net/
[Adobe]: http://www.adobe.com/ -
Deepsec in Vienna
Posted: November 19th, 2007, 6:08am CST by fukami
Tags: xcorpitx..by hacked by xcorpitx...by [edit]
This week my workmate [Stefan][stefan] and me are going to join [Deepsec][deepsec], an “in-depth security conference” in Vienna. Deepsec looks very promising to me since there are a lot of talks I like to attend to, like the talks from Halvar Flake, Dave Aitel, Martin Johns, Alexander Kornbrust, David Litchfield or from Melanie Rieback. I will also give a talk, once again on Adobe Flash Security.
Beside the conference there will be another nice great event in Vienna called [Roböxotica][roboexotica], a festival for cocktail robotics. I am also looking forward to visit [Metalab][metalab] and meet some friends.
Last but not least we will visit [Figlmüller][figlmueller] to eat Wiener Schnitzel :)
[figlmueller]: http://www.figlmueller.at/
Tags: deepsec, vienna, wien, security, event, roboexotica, metalab, sektioneins
[metalab]: http://metalab.at/
[deepsec]: http://www.deepsec.net/
[stefan]: http://blog.php-security.org/
[roboexotica]: http://www.roboexotica.org/ -
Reminder: 24C3 CFP ends in 3 days
Posted: October 9th, 2007, 6:38am CDT by fukami
Tags: [edit]
-
202c: BSI charged for distributing John with BOSS
Posted: September 17th, 2007, 8:45am CDT by fukami
Tags: [edit]
TecChannel filed a charge against German BSI. BSI stands for “Bundesamt für Sicherheit in der Informationstechnik” (Federal Office for Information Security) and they are the central IT security service provider for the German government. The reason for the charge is BSIs distribution of BOSS (BSI OSS Security Suite), which is basically a Live CD containing Open Source security tools such as Nessus and John the Ripper.
It will be interesting to see what happens.
Tags: BSI, 202c, Hackertools, John, Nessus, Security, Sicherheit, BOSS -
(Non-)use of IT and racism
Posted: September 14th, 2007, 9:25am CDT by fukami
Tags: [edit]
A couple of days ago we had a nice discussion at Netzladen about all the politicians deciding about IT-related topics without using computers themself. Thomas from the FAU came up with this little analogy:
Those politicians are just like racists: They fear what they don’t know.
Very good point!
Tags: 202c, trojans, bka, online search