Good morning, Lausanne! Today, first day of workshop "Ethical dilemmas in strategical and operational cybersecurity at State level".

Presentation of the project One thing is certain: we don't lack research projects in cybersecurity and policy.

Afficher le fil de discussion

Best domain name for the next speaker :

Melanie Rieback on ethics in . "We are a social company." "You probably like open source, sorry free software"

Afficher le fil de discussion

Among the clients of Radically Open Security: NGOs and other activists because they have a scary threat model but no budget, so cannot go to the commercial security companies.

Afficher le fil de discussion

Now, demo of the quotation workflow. PDF are generated with Saxon+XSLT+FO, driven by a bot. Customers of the company are in the same channel as the pentest team, the customer can "peek over the shoulder". No more black magic.

Afficher le fil de discussion

"90 % of the problems of the Internet are created by Silicon Valley companies. Do not try to copy the Silicon Valley." (I send a copy to the french governement)

Great talk by Melanie Rieback at

"Companies should not try to grow forever. They should be like trees: grow fast, then produce seeds. Eternal growth is cancer."

Afficher le fil de discussion

Now Reto Inversini and Andreas Greulich talk about "Ethical and legal problems during operations against APT groups"

"There is no swiss Internet or Google Internet. There is one Internet, and it is a common good."

Afficher le fil de discussion

"Is reverse-engineering the code of a malware a violation of intellectual property?" (All malware should be free software, anyway.)

Afficher le fil de discussion

Long discussion about trust in information sharing in cybersecurity (a very old and mostly unsolved problem). "How do you know who the friendly guy who drinks a beer with you really is?"

Afficher le fil de discussion

Now, discussion about ethics in incident response at . Should we share information with parties that may react in a wrong way? (Example given: Israel making "kinetics responses" - euphemism for "missiles" - to suspected computer crackers.)

Afficher le fil de discussion

During meetings, there was even an employee of the company insulting the security researchers that discovered the vulnerability.

Afficher le fil de discussion

Interesting ethical issue: when the security researchers fly a plane to a meeting with the vendor, to expose details on the vulnerability, who should pay?

Afficher le fil de discussion

In many hotels, the door security system is unmaintained. Installed "fire and forget" and that's all. Hard to patch.

Afficher le fil de discussion

"I think legislation [on vulnerability disclosures] is unavoidable."

"I'm a lawyer, so I agree, more legislation is always good."

Afficher le fil de discussion

"It's better to do nothing at all, rather than developing non-free software.

At least, when you do nothing, you do no harm."

Afficher le fil de discussion

One hour, but rms still did not start talking about his subject (cyberpeace)...

Afficher le fil de discussion

"A system that does not accept payments with GNU Taler is untalerable." at its best...

Afficher le fil de discussion

@PirBoazo Parfait, merci beaucoup, et ce sera en ligne « bientôt ».

@gub He also asked to disable geolocation but Mastodon strips that from pictures, anyway.

Supprimer la localisation.....

Il a pris des vacances en Suisse 🤗

@PirBoazo J'ai l'impression qu'il habite en Suisse romande. Il a fait combien de conf' en moins de 3 mois entre Genève et Lausanne ? @bortzmeyer

@PirBoazo @im Il a peut-être des clones pour l'aider ? Avec la médecine moderne, tout est possible.

Non non je confirme c'est pas un hologramme.
En chair et en os comme @bortzmeyer

Je les ai vu 🤓


@bortzmeyer @PirBoazo Faut-il encore que le procédé soit publié en GPLv3.

@bortzmeyer C'est bien normal, avant d'être découverte, la vulnérabilité n'existait pas. Comme le Nouveau Monde, m'enfin …

@im Ou alors, c'est comme le chat de Schrödinger, elle existait et elle n'existait pas ?

I pretty much try my best to avoid GAFAM. But 90% of internet comme from Silicon Valley. So does (sadly) 90% of the internet traffic

@Zykino Measuring percentage of traffic in bytes? Flows? Dollars? Importance? Of course, if you use "bytes", YouTube will dominate everything. But it's not the only metrics.

I thought about connections / unique visitors.

(Still not a reason to copy them)

@Zykino Specially since, to know the number of "unique visitors", you need to track them, which is Bad :-)

Inscrivez-vous pour prendre part à la conversation
Mastodon - Gougère Network

Le réseau social de l'avenir : Pas d'annonces, pas de surveillance institutionnelle, conception éthique et décentralisation ! Possédez vos données avec Mastodon !