The Nophish shock

•March 1, 2012 • Leave a Comment

I wrote a quite simple Firefox extension to experiment with other approaches to Phising detection. The “old” stuff is blacklists. My new concept is based on one insight: The malicious task the Phising page has to do is upload passwords to a evil server. This is the anchor for all the other actions.

These are:

  • Check a local, learned list of pages the user visits a lot
  • ask our Avira server
  • ask the user
  • …to be continued

so far for the basics. I expected about 50 users for this extension. Especially after I wrote so many warning messages about the Extension being experimental.

The cool Firefox statistics tell me, it has more than 230 users. Shock !

The reason for this explosion of user numbers is a very good press coverage


In french

On Twitter

On Softepic download site

Taknia ( most exclamations marks so far)

Some others with short abstracts and screen shots (I love feedback)

Hack Illusions

Technology News HQ

I especially love Addictive Tips

Thanks everyone for the users !

This project was a low priority project here at Avira (similar to those Google Projects)

My Moodlight 1 Skills I haz it (?)

•January 8, 2012 • Leave a Comment

My first large “look without hands” project is my Moodlight. 5 RGB lights, individually controlled. Adding to that a RGB strip on the bottom of the box (more when I get it running perfectly well).

I shortened the RGB strip (too motivated). The last segment was without the red LEDs. With my supreme hacking skillz I soldered a workaround. Aint i not smart ?


The Imp of the Perverse

•May 14, 2011 • Leave a Comment

The last few months were busy: My wedding has to be planed, I got a new job at the Avira Research team – with lots of new things to learn and do and other things (most of them sad) happend unexpectedly.

I had to postpone my Seahorse coding, cause there was not time at all.

And still: The Imp of the Perverse got me.

I just ordered an Arduino

2010 Wrap-up

•January 8, 2011 • Leave a Comment

Time for my personal wrap-up of 2010. Turns out it was bussier than I thought.

Just a short one, I wrote about most of the items here already.


Fosdem 2010:

A very interesting conference I a city I love. The first time I met some of my Co-Hackers.


Guadec 2010:

There it got more GNOME centered. I hoped to achieve a bit more, but maybe I triggered some processes and ideas. I want a malware free Linux desktop and still fear with enough market share there will be malware sooner or later. Better start securing it before that happens.


VB 2010:

Stuxnet. ’nuff said.



A restructuring in my company gave me the opportunity to go for a more Research centered job. 4 months and 5 bosses later the job turned out to be even more research centered than I thought. Now there is a R&D department and I get the chance to play with lots of cool tech (see below).


I love to travel. I spend several weeks a year in some other countries. 3 totally new countries on my list are Israel, Canada and Netherlands.

Technology to play with

I got some new technology to play with in 2010. Kindle, IPhone and Facebook are some of them. Firefox extension another one. Thanks to that I found out what JavaScript is good for 🙂


My books of the year 2010 are “Pragmatic Thinking and Learning” and the “Dresden Files”

The year of the last Südcon..

…we organized. Number 10 was the last on of the old team, now there is a fresh and new one.


Will be even better. 5 days in the new year and I already know: C++, Hadoop, Java, Javascript, Firefox Extensions and Artificial Intelligences will entertain me the next few months. Huzzah !

Facebook wins

•November 6, 2010 • Leave a Comment

I joined Facebook as an experiment. Wanted to know what all the fuzz is about. I am still not as addicted as many of my friends, but I start to understand some of the stuff going on there. Some of the things behind the curtains. Some psychology.


But to keep it simple: November the 5th is my birthday. Lots of people wished me well, sent greetings…

SMS/Phone (*): 6

Xing: 3

Mail: 2

Facebook: 16

Facebook wins

(*): My little brother did send me 25 SMS, each one containing one word. The last few SMS were (“Now”,”I”,”have”,”a””SMS”,”Flatrate”), I count this all as 1. (**)

(**): This crashed my cell phone which had full SMS memory already


I know very well that Facebook became the number 1 communication platform for many people out there. But I am really surprised by the huge amount of people using it.

New challenges

•October 27, 2010 • Leave a Comment

The last few months I started my new job as a “Security Innovator” at my company ( My first most important tasks were to create a Tech-tree/Roadmap for our new security features (create a strategy) and to gather information (intelligence).

Long story short: Get lots of information and try to grasp its meaning.

Images, diagrams and graphs help a lot.

I am very glad I did not start using Visio/Dia because the graphs changed all the time and are grown to 170 items at the moment, connected up, down, left and right. A mess.

The way I handled it was to create a JSON database where each item got a description and dependencies. A small python program creates a DOT file out of it, GraphViz does it’s magic and the result is a very large SVG and an HTML file. Huzzah !

Similar results can be gained by using matplotlib to create graphs from data. I started using Open Office, but keeping the diagrams up to date was a boring chore. More effective is to go for matplotlib and automation again. Long story short: matplotlib is very complicated, but you will need not all its features. Just use the ones which are relevant for you and be surprised how fast you can get results. Do not be intimidated.

Sorry, no more details yet. I am tired

Good night

More soon

Guadec 2010 First Stuxnet presentation ever

•October 13, 2010 • Leave a Comment


As far as I know my presentation at Guadec 2010 about desktop malware was the first presentation covering Stuxnet.

(Please tell me if you know different).

The presentation was focused on potential threats to Linux users and I used the new Malware with the shocking features to show how tricky malware got. The sample I described was not named Stuxnet at that time and only the LNK infection features and the SCADA “support” were known-but that is strange enough.

Now, months later,the Kaspersky/Symantec/Microsoft guys and lots of other researchers did dig deeper. If you have not heard about Stuxnet you should read their papers and their Blogs. Shocking stuff. But maybe you heard enough already-in this case, ignore any post about Stuxnet. Ignore this Blog

CU soon