SF STORY PREMISE:

SETI program decodes an alien signal clearly targeting us.

Hi! We see you're still facing the Great Filter! We want to help! Based on your anatomy per broadcasts we decoded, here is a blueprint for a device that will solve your problem!

Humans: decode blueprint.

It's for an improved guillotine.

NorthSec 2026 speaker lineup is here ...and it's our best yet!

31 talks & workshops. Two days in Montréal. Tickets going fast (get yours by April 1st to secure a badge and a t-shirts). 👇

𝗧𝗮𝗹𝗸𝘀:
• Guillaume Valadon & Gaetan — Private Key Leaks in the Wild: Insights from Certificate Transparency
• Philippe Pépos Petitclerc — A systematic approach to evading antivirus software
• Émilio Gonzalez — Increasing detection engineering maturity with detection as code
• François Labrèche — A Needle in a Haystack: Identifying an Infostealer Attack Through Trillions of Events in a Large-scale Modern SOC
• Wietze — Trust me, I'm a Shortcut - new LNK abuse methods
• Reza Sharifi — Internet Blackout 2026 in Iran — Next-Level Internet Censorship: A Technical Breakdown of Techniques and Tactics
• Andrew Buchanan, Max CM & Connor Laidlaw — Commit, Push, Compromise: Attacking Modern GitHub Orgs
• Dirk-jan Mollema & Sanne Maasakkers — Researchers vs. Threat Actors in Cloud Attacks
• Jeremy Miller — Measuring AI Ability to Complete Long Cybersecurity Tasks
• Manu Jose — The Merchant of Venice: Trading Latency for Security at Scale
• Joshua Prager & Ben Schroeder — Mapping Deception Solutions with BloodHound OpenGraph
• Christian Paquin — Doxxing-proof authentic digital media: trust the asset, protect the source
• Robbe Van Roey — Hacking Browsers: The Easy Way
• Ron Bowes — Adventures in Process Injection (How I Accidentally Built a Debugger - Again!)
• Xavier Facélina — Le futur s'invente avant-hier
• Charl-Alexandre Le Brun & Simon Lachkar — The OpenGraph diary: Attack path management applied to Ansible
• François Proulx — Living Off The Pipeline: Defensive Research, Weaponized
• Pierre-Nicolas Allard-Coutu — Stolen Laptops: Defeating DMA Countermeasures
• Philippe Marchand — Cybermenaces géopolitiques au Canada: État des lieux et perspectives stratégiques
• Kristine Barbara — From Experts to Everyone: Democratizing Threat Modeling at Ubisoft
• Chirag Savla — When Serverless Becomes a Foothold: Abusing Azure Function Apps in Modern Cloud Environments
• Brad Edwards — APTL: An Open Source Agentic Purple Team Lab
• Maxime Arquilliere & Coline C — Sold to the highest bidder: the escalation of ADINT from geolocation tracking to intrusion vector
• Sébastien Dudek — Hacking 5G: From Radio Security to the APIs

𝗪𝗼𝗿𝗸𝘀𝗵𝗼𝗽𝘀:
• Logan Maclaren & Lewis Moore — Command & Conquer: A hands-on C2 primer for aspiring Red & Blue teamers
• Santiago Abastante — AWS Security - The Purple Team Way
• Faan Rossouw — Agentic AI for Threat Hunting
• Ben Gardiner — Hardware RE: a gentle intro
• Tammy Harper — The Ransomware Negotiation Lab
• Mark El-Khoury — DIY Continuous Security: Practical Security Engineering
• Ashley Manraj & Philippe Dugré (zer0x64) — Breaking and Hardening the Cloud: Advanced Hooking and Shellcoding in a Hardened Environment

#NorthSec #cfp #infosec #cybersecurity

The root problem with a lot of Fediverse moderation is a problem that is well known the reputation-system literature:

If the cost of creating a new identity is zero then a reputation system cannot usefully express a lower reputation than that of a new user.

A malicious actor can always create an account on a different instance, or spin up a new instance on a throw-away domain. The cost is negligible. This means that any attempt to find bad users and moderate them is doomed from the start. Unless detecting a bad user is instant, there is always a gap between a new fresh identity existing in the system and it being marked as such.

A system that expects to actually work at scale has to operate in the opposite direction: assume new users are malicious and provide a reputation system for allowing them to build trust. Unfortunately, this is in almost direct opposition to the desire to make the onboarding experience frictionless.

A model where new users are restricted from the things that make harassment easy (sending DMs, posting in other users’ threads) until they have established a reputation (other people in good standing have boosted their posts or followed them) might work.

A small set of people are merging changes to various Linux components to make sure every application knows your birth date.

This is being done rapidly by people with questionable justifications and being merged with no youth and few marginalized people involved.

https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/176#0b07c0cc4d49be119f65cdb2037440f56eed647a

RE: https://social.treehouse.systems/@wwahammy/116264430375745593

US government in 1996: strong encryption is a munition and you can go to prison for years if you export

FOSS engineers: hey so only use this if you're in the US but we'll give instructions for how to do it otherwise 😉

California in 2026: we're passing a law that allows the AG to sue OS providers in civil court if they don't implement age verification in order to restrict Apple, Google, Facebook and the worst companies in the world.

FOSS Engineers: OMG THEY MIGHT COME AFTER OUR LINUX LAPTOP VENDORS WHO HAVE LIKE 3 TOTAL CUSTOMERS WE SHOULD HAVE IMPLEMENTED AGE GATING YESTERDAY I PROMISE WE'RE NOT CHALLENGING YOUR AUTHORITY GOVERNOR NEWSOM

RE: https://social.treehouse.systems/@wwahammy/116264430375745593

thinking abt the timeline where the linux baddies got tshirts made that say ILLEGAL IN CALIFORNIA and MUST BE 18 TO READ THIS SHIRT like where is the fuck you make me attitude here

More systemd shit, sorry... But the more I look at this project the worse it gets.

The reaction to a very balanced, polite, "yeah don't like this PR because [thought-through reasons]" comment?

PEH! Who let the plebs in? Lock the thread quickly before any dissent starts!

Seems like it is infested with cunts, honestly...

So, in the #PHP ecosystem, people can build a package like roave/security-advisories, which has a huge list of "conflict" dependencies.

These don't say "install this as a dependency", but instead "I'm incompatible with that dependency in that version". And the versions listed there are those with known security vulnerabilities, effectively preventing you from installing them, which is good.

Is there something similar in the #Python ecosystem? Is it even possible?

https://github.com/Roave/SecurityAdvisories/blob/latest/composer.json

Afroman: Lemon Pound Cake.

https://www.youtube.com/watch?v=9xxK5yyecRo