sysosmaster

@sysosmaster@infosec.exchange
50 Followers
157 Following
685 Posts
Me Pagehttps://me.lawri.nl/
sysosmasterJun 17
PancakesCon Infosec ConferenceJun 17

Hello friends, and thanks for your patience!

We are pleased to announce #PancakesCon 6: Family Brunch will occur on September 21, 2025! Here are some important dates to remember:

Call for Volunteers Opens: 28 June, 2025
Call for Volunteers Closes: 28 August, 2025

Call for Papers Opens: 26 July, 2025
Call for Papers Closes: 9 August, 2025
Call for Papers Results Provided By: 23 August, 2025

Call for Sponsors Opens: 28 June, 2025

Links to all the above will be posted on our social channels and Slack!

Show threadsysosmasterJun 7
@ChocChipSec don’t commercial entities already require to publicly denote where they are, who they are and what registration they have? 🤔
sysosmasterJun 7
@TweekFawkes what’s next? Vibe coders that are going to add backdoors to their code becouse they do not understand how to code anymore…. O wait, that already happened…..
Show threadsysosmasterJun 7
@andyblum @drupal as long as the D.O .still promotes slack over Drupalchat.me I am not interested.
Show threadsysosmasterJun 5

@fabi1cazenave personally I have good experiences with Hedgedoc.

Maybe give that a try.

sysosmasterJun 5

3rd plenair session on #NCDT2025

PDF is not evil. Ignorance is.
By: Lacobien Riezebosch.

A view that while interesting, seems to ignore security problems inherent with PDF’s and its nature as an Adobe originating Standard. (Which while the PDF 2.0 is an ISO standard can’t truly shake)

Also, we should use more FOSS for PDF’s since getting those compliant is easier than trying to get BigTech to “consider” changing their ways.

Show threadsysosmasterJun 5

@fabi1cazenave
Depands: is the login information something like a mTLS certificate. Than definitely yes. (Preferably you would still want to use individual credentials, but sharing such a secret is less of an issue).

Is the login information something like a user name and password, preferably not. But not everyone has their stuff in order where they can support multiple users per account. It should still always be available exclusively through a password manager.

And the same goes for 2FA codes, if they need to be shared it should be stored in a password manager.

This is much more about how to deal with the day to day world of imperfect security practices… and less with “is this smart / ok?”.

You must consider that sharing credentials like this does mean that whenever the set of people with access changes (specifically a removal) requires a credential reset. Or you haven’t removed access at all.

sysosmasterJun 5

Just saw the Keynote of @erikKroes
On #NCDT2025 , he has some interesting ideas on how to anchor accessibility in your organisation.

I don’t know if I fully agree with them, but we first need to have such a thing before we can start improving it to become better (imho).

#ncdt #netherlands

sysosmasterJun 5

It has started. The 10th edition of the “National Congress Digitale”.

Let’s share knowledge on how to make (digital) content accessible for all users.
#NCDT #NCDT2025 #netherlands #a11y

Show threadsysosmasterJun 4

@os_sci wat echt belangrijk is, is dat wij (collective) controle hebben over onze data en onze software.

Dit betekent dat we moeten diversificeren en moeten stoppen met “single vendor” lock-ins accepteren.

Onze overheid, welke ons aller belang vertegenwoordigt, moet derhalve dus ervoor zorgen dat zo veel mogelijk er geen aanhankelijkheid bestaat op 1 leverancier. En dat de Data & computer gebeurt op onze, of onze buurlanden hún grondgebied (als in, op Europese grond). Zodat wij er altijd bij kunnen en het ook niet zomaar toegang ontzegd kan worden (*kuch* “ICC & M$” *kuch*).

Dus verspreid het nieuws, deel juist nu je (professionele) mening. En laat zien wat nodig is.

(En dat geld voor ons allen, niet specifiek voor de OS SCI)