Cupfighter.net

By Felix FX Lindner (Twitter: @41414141, fx@recurity-lab.com)

Image from http://de.wikipedia.org/wiki/Blitzableiter

Felix’s talk is about defending against Flash based web application exploits

This talk is about a tool he developed called “Blitzableiter” (Lightning rod) can be found at http://blitzableiter.recurity.com/. Felix is very much looking for feedback.

Felix has been playing offense for quite some time, but is now playing defense, which he said turns out to be harder then offense.

The motivation for Felix’ work comes form the German government agency BSI who found out that Adobe Flash is way behind the security curve in comparison to other technology.
Read more…

By Max Kelly – CSO of Facebook

Max Keller moved from running a forensics lab to being the Chief Security Officer of Facebook.

Hit ticket slide is “Security – The facebook way”

Axiom 10: “That feature can be used in a way that you didn’t tink of. Try and find out what it is.”

This rule came into existence when they set up their new service friend finder. Which allows you to upload your address list and check if people where on facebook. It turned out that this service was using a lot of CPU because spammers used the service to validate the existence of email addresses to make their spam lists more valuable.
Read more…

The Black Hat organization has graciously facilitated Cupfighter.net to cover Black Hat Europe, currently underway in Barcelona Spain.

Yesterday and today are filled with trainings and Wednessday and Thursday are reserved for the briefings which will be covered by cupfighter.net

Hopefully I will be able to give you pretty quick coverage as I previously did at Black Hat USA, Defcon, Hacking at Random and Confidence 2009.02.

Read more…