Enjoy when humans are using machines in unexpected ways. I break stuff and I do stuff.
The other side is at @a (photography, art and free software at large)
#infosec #opensource #threatintelligence #fedi22 #threatintel #searchable
| Website | https://www.foo.be |
| GitHub | https://github.com/adulau |
| Matrix | @adulau:matrix.circl.lu |
| ORCID | https://orcid.org/0000-0002-5437-4652 |
| PGP FP | 6BB5 6353 1D99 F112 4C00 8C4F 815D 4786 1ECB 73D5 |
| Other Mastodon | https://paperbay.org/@a |
Influence
Le réveil sonna comme une dague entre les omoplates. Un son perçant qui vous sort de la torpeur de la nuit. Un son sec, brutal, programmé pour arracher les vivants au sommeil plutôt que les en tirer doucement.
Scott écrasa le bouton d’un geste lourd, la tête encore engluée dans un brouillard épais. Quatre heures du matin. Une heure indécente, même pour lui.
par @a
🌊 https://sillon-fictionnel.club/post/influence/
📚 https://sillon-fictionnel.club/images/influence.pdf
Another cut in CISA budget for 2027, 707 million less.
🔗 https://www.whitehouse.gov/wp-content/uploads/2026/04/budget_fy2027.pdf
For hackathon.lu, I was initially unsure what my main project would be, but I ultimately decided to focus on implementing the future GCVE BCP-10.
GCVE-BCP-10: Improved Common Platform Enumeration for GCVE
The idea is combine it with the cpe-guesser and have a registry to facilitate the interaction with the CPE values to handle vendor and product references.
#gcve #cve #cpe #opensource #cybersecurity
🔗 Draft https://discourse.ossbase.org/t/gcve-bcp-10-improved-common-platform-enumeration-for-gcve/1042
🔗 Hackathon https://hackathon.lu/
GCVE-BCP-10: Improved Common Platform Enumeration for GCVE Document ID: GCVE-BCP-10 Title: Improved Common Platform Enumeration for GCVE Status: Draft Category: Best Current Practice Updates: CPE-compatible naming and match semantics Author: GCVE.eu Intended use: Platform and product identification, applicability matching, vendor management, and synonym handling in the GCVE ecosystem Abstract This document specifies an improved platform enumeration format for GCVE. The format is intentionally ...
By the way, if you want to join us at hackathon.lu 14-15 April 2026 and work on some cool stuff, don’t hesitate to join us.
I have some free vouchers for the registration, ping me.
We are happy to announce the release of MISP v2.5.36, which includes new geolocation and map visualisation capabilities, the continued development of the Overmind UI, a new interactive CLI shell UI, important security fixes, and installer improvements.
RE: https://infosec.exchange/@adulau/116322184098315128
aspirational security is when you focus on future threats to avoid dealing with the failure to address current ones.
in the words of the TED poet, what makes you beleive that we will get there by doing the same things that got us here?
@adulau Quantum Computing is the new block chain.
But let's face it: It's easier to babble about fuzzy threats than do something about existing ones, be this in IT-Security or Climate change. The former makes you important in a linkedin sense, the later is actually hard work.
If someone comes to me today preaching about “post-quantum” security issues, I’ll remind them of the current state of security: the npm ecosystem gets abused daily, CI pipelines run left and right with full access to cloud services, so-called security devices like F5 and Ivanti are exposed (and compromised) to the internet, mailboxes get compromised just to change an IBAN in a PDF, and a simple phone call is still enough to get someone to hand over an MFA code.
But yes, by all means, let’s focus on post-quantum threats while handing AI tools SSH access like it’s a feature, not a confession.
le sillon fictionnel
OCTADE
Aristotelis Tzafalias
Maxime Verac
Serge Droz