...stuff I do and things I like...

In a couple of days I'm travelling to Darmstadt to attend the CAST-Workshop on Embedded Security to talk about our embedded systems security lab.

So I survived Black Hat and Defcon, it was great fun, f**ing expensive and totally exhausting but totally worth it. Saw a bunch of talks at Black Hat some of which where cool stuff but others sadly where not worth it. Defcon was way too crowded. 12K people I was told. Therefore I couldn't attend any talk :-( Talking to cool (new) people made up for it.

Now I'm at Stanford for a couple of days. Many things planed but ping me if you want to chat.

Today Tobias Engel presented his SMS exploit for Symbian S60. The exploit basically prevents the attacked phone from receiving any SMS. F-Secure has a nice writeup on their blog over here: Curse of Silence, a Symbian S60 SMS Exploit

Update: get the advisory and demo video from: http://berlin.ccc.de/~tobias/cos/

Day three was really hard core, many good talks such as howto run your own GSM network, RFID Security, DECT In-Security, Cisco exploits and attacks using office documents. Of course I couldn't see all of them but the videos of most talks are already available.

My NFC talk went quite nice I think. Also I kind of went overtime (+20 minutes), since I didn't get thrown of the stage I just continued :-)

Day four was very short for me since we already left at 2 o'clock to catch our flight. I only attended the Debian RNG talk which was very nice, good demos and fun slides.

All in all the congress was just awesome. Also it was way to crowed the first two days.

Happy new year everybody!

I saw Harald's talk on smartphone hardware which was quite interesting. I also saw Ben's talk since we had nice seats in Saal 1 the talk was nice too :-)

I got some nice feedback for my talk, thanks everybody!. Also I think I spent too much time on the boring introduction. Next time I will remove some slides instead of planning to skip them.

the first day of 25C3 has been great fun. I attended 3 talks: PLC (the power line stuff), 202c, iPhone dev-team, and SS7. I must say the SS7 talk was the best. The iPhone talk was boring (maybe they showed something interesting in the last 10 minutes but I left before the end).

The congress is really packed with people, they sold all tickets on the first day (3800).

Good night.

the conference was in Frankfurt at a nice hotel. The food was good and the event seemed to be organized quite well. But unfortunately the conference was not technical enough in my opinion. The organizers actually said that this is going to be the German OWASP theme: not be too technical and focus more on management/organizational aspects. This is rather sad in my opinion - since I'm just starting with the whole web security stuff now. (Of course I've played with web security many years ago but this was really just for fun and not professional.)

Lets see if there is going to be a OWASP Germany conference in 2009 and how technical it will be.

the Fahrplan (schedule) finally got published tonight, also it is not complete yet but this is normal. After having to cancel my talk last year (for time reasons) I'm going to do two talks this year. I'll do my Symbian talk from BlackHat Japan and my NFC talk from EuSecWest. Both talks will be updated of course.

So far I'm pretty happy with the time slots I got. Also being selected for speaking in Saal1 (the really big room) is awesome.

BlackHat Japan was a lot of fun, I met many new people who do really cool security stuff. I had the chance to hangout with Jeroen van Beek and he got to clone my German ePassport. He made a copy (on to a smart card - he didn't make me a new passport) for myself that doesn't contain the fingerprint record. Really awesome. I also had the chance to talk to Charlie Miller about iPhone security. All in all I had a really good time.

later today I'll board a plane to Tokyo for BlackHat. This time I'm really traveling light. I only take my MSI Wind netbook, my Nokia N810, my Nokia 6131 NFC, and my iPhone. It may sound a lot to you but all the stuff combined is just slightly over 2KG. In comparison my old T42p alone is heavier (not including the power supply).

For those of you who use Twitter can follow me there.

today I visited FrOSCon for the first time. My impression is very mixed. The location is quite nice, the admission fee is low (5 Euros) and the talks are mixed.

I visited the OpenVZ talk which was OK but not great. The iPhone talk was garbage or worse. The guy didn't have a clue. He didn't talk about free/open software he did a 35 minute iPhone tour. I wished he would have covered the free SDK that exists since the first iPhone was released. ARG I'm pissed about this what a waste of time. The OpenMoko talk was interesting, I saw many talks about OpenMoko and the Neo device and every time they tell you a little more.

The actual reason for me going to FrOSCon was the keynote by Andrew Tannenbaum (the MINIX guy). His talk about MINIX 3 was interesting and funny.

All in all a nice day - also we only stayed until 4pm.

I'm going to do a talk on my InfoPanel project.

Event website is at: MRMCD111

at the Cast Workshop SmartCards und Bezahlsysteme here in Darmstadt. Looking forward to visit my employer of my undergrad days (Fraunhofer IGD).

I'll be at ph-neutral this weekend ;-]

nothing more to say :-)

Yesterday I spent the day at Embedded World in Nuernbeg. Embedded World is quite small (no comparison with CeBIT) so it was not very crowed and therefore not too stressful. I really like small computers so I had a good time looking at stuff you only know from catalogues or web-shops. Some of the designs were even smaller then I thought. Since yesterday was the last day of the exhibition the exhibitors seem to be more generous with giveaways so I got some cool stuff for free. Maybe it is like this on every day of Embedded World.