Power will be a problem, with these swiss sockets :-( #CANVAS
Best domain name for the next speaker : https://radical.sexy/ https://botsin.space/@DNSresolver/102087551713764614
Melanie Rieback on ethics in #pentesting. "We are a social company." "You probably like open source, sorry free software"
Among the clients of Radically Open Security: NGOs and other activists because they have a scary threat model but no budget, so cannot go to the commercial security companies. #CANVAS
"90 % of the problems of the Internet are created by Silicon Valley companies. Do not try to copy the Silicon Valley." (I send a copy to the french governement)
Great talk by Melanie Rieback at
"Companies should not try to grow forever. They should be like trees: grow fast, then produce seeds. Eternal growth is cancer." #CANVAS
Now Reto Inversini and Andreas Greulich talk about "Ethical and legal problems during operations against APT groups"
"There is no swiss Internet or Google Internet. There is one Internet, and it is a common good."
Long discussion about trust in information sharing in cybersecurity (a very old and mostly unsolved problem). "How do you know who the friendly guy who drinks a beer with you really is?" #CANVAS
Now, discussion about ethics in incident response at #CANVAS. Should we share information with parties that may react in a wrong way? (Example given: Israel making "kinetics responses" - euphemism for "missiles" - to suspected computer crackers.)
Tomi Tuominen about how he managed to open twenty millions of hotel doors.
Interesting ethical issue: when the security researchers fly a plane to a meeting with the vendor, to expose details on the vulnerability, who should pay? #CANVAS
In many hotels, the door security system is unmaintained. Installed "fire and forget" and that's all. Hard to patch. #CANVAS
Very good cartoon displayed on the last slide. https://twitter.com/PatchFriday/status/1114089109813899266 #CANVAS
Richard Stallman on stage at #CANVAS "Cyberpeace requires free software"
Mastodon est un réseau social utilisant des protocoles Web ouverts et des logiciels libres. Tout comme le courriel, il est décentralisé.