... is over and I had lots of fun, met interesting new people and long-time-no-see "old" friends and had interesting discussions. I went to 2 presentations, the first by Jürg Stucker about namics' internal multi-blog platform, quite interesting, as we currently build something similar for one of our customers (which was present, as well :) )

The second presentation was by blog.benbit.ch about XSS or as he put it "Wie man sich mit einem Blog unbeliebt macht." (in English: "how to make oneself unpopular with a blog"). While he's completely right that XSS is a dangerously underrated security issue and should be taken much more seriously (we blogged about it more than 2 years ago), his tone, arrogance ("at least one third in here will hate me now") and technical half-knowledge was none the less a little bit annoying. One of his solution "don't use auto-login" for example just raises the entry-barrier for exploiting XSS issues, but usually doesn't help anything to prevent them at all. But at least he didn't claim he's a technical expert, so I can't really blame him for that. Nevertheless an entertaining presentation and certainly opened up the eyes of a lot of people in that room, so mission accomplished :)

Now last but not least, a big thanks to the organizers, a well done "unconference", I'll be happy to come again next time.

More pictures by me at flickr and by the others and tons of blogposts.

stejan @ 29.03.2007 12:11 CEST
Did you know that blog.benbit.ch doesn't blog anymore ;o)

Swiss @ 11.09.2007 10:31 CEST
hey , Christian , You're right - "XSS is a dangerously underrated security issue and should be taken much more seriously ".