During the last weeks I was one of the persons who looked through all the submissions (nearly 300!) for the 25C3. I was also involved into the decisions what talks will take place. I won’t tell much, but I think it will be interesting and much more focussed on technical topics rather than meta-blabla like the last years. BeF and me are going to speak about Flash stuff at 25C3 as well and we will also release a paper for the conference proceedings.

In November I will be at OWASP Germany 2008 in Frankfurt and talk about RIA security. I’m still not 100% sure what I will exactly talk about, but I think I will focus on difficulties one has to face when auditing complex RIA applications. Most people already know that I’m not a big fan of OWASP since it’s much to much vendor centric in my point of view (but, well, I don’t like to start a big rant here right now). Anyways, I’m looking forward to meet Alexios from n.runs and Martin at the conference.

Last month Stefan and me founded CGNSec. The idea is to meet security people and researchers from the Cologne/Bonn area to talk about unfinished ideas and projects as well as having some beers. Yesterday there was the second meeting and it was real fun. There were even some EZB guys from Frankfurt and we had some interesting conversations. I hope we will have some presentations from time to time, since there are quite some people with interesting stuff. I also hope that the MWCollect guys from Bonn are joining us next time.

Some personal notes: I got engaged with my girlfriend. Since she’ll go to Hamburg beginning of next year to join Henri Nannen Journalist School I will probably leave the Rhineland in between the next two years (well, not before she will finish). I really feel sad somehow, since I feel home here. But after her studies she will probably not coming back, so I will follow her sooner or later.

I joined a carnival society some months ago called “Beueler Stadtsoldaten”. The Rhenish Carneval is starting in a couple of days and I will have quite a couple of events where I will do some dancing (nothing to complicate really) - and I’m thinking about starting a blog or Soup where I like write about some experiences, post some photos and tell about all the dirty little things happen there. I will probably announce it using my Twitter account.

Last but not least a little advertising: End of November the book of Mario Heiderich, Christian Matthies, Johannes Dahse and me will be published by Galileo Press. It’s in German and it calls “Sichere Webanwendungen” (secure web applications). I was only responsible for everything related to Flash, so most of the work was done by the others. The nice thing is that it will be published only using my nick, not my real name :)

The next event I’m going to visit is Bluehat v7 in Seattle. I’ve never been to the States before, so I’m really excited going there - especially because Microsoft is the reason which I still find very weird. I’ll give a presentation together with Manuel Caballero about Silverlight and how it compares to Adobe Flash security-wise. Only a few of the speakers of Bluehat are already known to me. Beside Lieutenant Dan and kuza55 I’m looking forward to got to know Sowhat. We tried to invite him to one of the past Chaos Communication Congresses but it was far more complicate than we thought because of problems with the visa. I’m also looking forward to got to know Billy Rios. I guess he and Nitesh will talk about Phishing.

In May I’ll be at PH-Neutral and give a presentation together with BeF entitled “SWF and the Malware Tragedy”. The talk is about static analysis of SWF bytecode and we hopefully have some more time to look into less known SWF bytecode obfuscation techniques. BeF and me also wrote a paper with the same title which is mainly about using Erlang programming language based erlswf for SWF bytecode analysis.

There is one simple solution and it is even supplied by Adobe itself: The Flash Player Settings Manager. It’s actually a Flash movie which is able to access the file system and store the settings.

I know, it is weird that it resides on Adobes website and it is far from being perfect at all since it would be much nice to have a real interface to it.

Beside the conference there will be another nice great event in Vienna called Roböxotica, a festival for cocktail robotics. I am also looking forward to visit Metalab and meet some friends.

Last but not least we will visit Figlmüller to eat Wiener Schnitzel :)