(shameless plug) Here is his talk description, and his materials will be on-line next week after this talk. https://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Roth

Whoops.. the file should be there now.

At Black Hat D.C. last month Prajakta Jagdale spoke about HP developing this tool in her presentation:

"Blinded by Flash: Widespread Security Risks Flash Developers Don't See"

From the presentations description:
"In this presentation I will examine the Flash framework and then delve into the Flash security model and the transitions it has undergone over the years. To explore the avenues of compromise in the security model, I will use a test Flash application and demonstrate various attack vectors including Cross-Site Request Forgery, data injection and script injection. During this demonstration, I will explain the associated threats in detail and discuss means to mitigate these threats. Even though the test application validates the attack surface, the question remains: how many applications actually deployed are vulnerable to these threats? I will answer this question by providing astonishing statistics about vulnerable, real world applications I was able to find using simple Google queries."

The pdf of her presentation is here:
https://www.blackhat.com/presentations/bh-dc/Jagdale/BlackHat-DC-09-Jagdale-Blinded-by-Flash.pdf

Matt Yoder spoke at DEF CON 16 on this very problem, his talk was called "The Death Envelope: A Medieval Solution to a 21st Century Problem" His speech isn't on-line yet, but his presentation materials are here:
https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-yoder.pdf

Here is what the talk was all about:

While many aftercare solutions and recommendations cover "average American" needs, none have tackled, full-on, the needs of the rapidly growing high tech segment of the population. As the amount of passwords and other secret "brainspace-only" information grows for many, many, individuals, it becomes obvious that a solution is needed for the dispensation of this information in the event of one's death or extreme disablement. It turns out that this solution may be the humble paper envelope.

This talk begins to examine an approach to handle this problem, offering many suggestions, from the extremely reliable low-tech end, through hybrid and high tech solutions to the problem. It covers, as well, recommendations for what to include in one's envelope, and how to ensure its safety, security, and integrity. It also discusses why a wax stamp, sealed by a signet ring, no less, may still offer the best envelope tamper detection that exists.

Quick note: This article is a spin off of what Eric had to say during the most recent Black Hat Webcast, where Jeremiah Grossman was talking about clickjacking and other related browser issues. Eric made a lot of sense talking about plug ins and addons being the cross platform low hanging fruit.

Listen and watch the webinar to hear what he had to say and keep everything in context:
http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2

Or download the .m4b audio file when we get it online next week here:
https://www.blackhat.com/html/webinars/webinars-index.html