Its an exciting day for us here at #bsidesluxembourg as we’re now able to announce the #bsidesluxembourg2025 KEYNOTE!!!

The keynote address will be given by the formidable @d3sre !

We can’t wait!

Remember: We’re rebooting BSidesLUX on June 19th!!

This is it! Its on!

Save the date and polish your speaking or training skills-> call for papers, workshops, trainings, sponsors and volunteers open!

Submit: https://pretalx.com/bsidesluxembourg-2025/cfp

PS: sponsor package options available on info@bsides.lu!

#bsidesluxembourg

@claushoumann yes, we closed it in october shortly before i left nviso :) the report is still to be published (that is my one last open task there i still want to finish)

my team and i want to get some feedback on what kind of false positives in cyber security monitoring everyone is tackling and what the strategies are. we appreciate your input and your time (~ 9 minutes to complete). https://forms.office.com/e/6NC4BqGSRd thank you 🙏🏼

This year at FOSS Security Campus, @d3sre will give insights in to what happens in an organization when they have to apply patches you create and what also organizational challenges the technical teams usually face. https://program.foss-security-campus.de/fossec23/talk/8ATMKV/

@hacks4pancakes that works as well 😂

@hacks4pancakes there is food, yes. i just learned to not arrive at such events hungry in case of 'not aligned nutritional value' 😇

@hacks4pancakes yeah, that part is troubling enough. 🙈 i am looking forward to seeing you later tonight. let me know if you wanted to have a drink or bite before the social event starts?

@hacks4pancakes that is interesting, i thought it was just me who caught a sinus infection or something.. are you still around for the social event tonight?

@pinkflawd jop :) the best is when you can hack yourself healthy with the right foods.. i am at a point where i barely take supplements and i could recover pretty much all of the hormonal inbalances that were caused by my burnout in 2016 (adrenal fatigue) and my behaviour leading up to it. understanding nutritions, biology, physics, chemistry and how it all connects is beyond amazing 😁

“Brain area necessary for fluid intelligence identified.” That’s our “ability to solve problems without prior experience.” Security pros need to have high fluid intelligence just to be in this industry! https://medicalxpress.com/news/2022-12-brain-area-fluid-intelligence.html

@HalvarFlake i have the same tendency to avoid feeling my emotions, but my coping mechanism was 'keeping busy' in a more diverse sense. in my case it was caused by parents not being able to always when i would have needed it, accept my emotions so i had to learn to shut them down. (i know how hard that is for parents!) my way out or through currently is via learning 'non-violent communication' and actually trying to do things differently now.

"Charlatans in InfoSec - from Kim to Jonathan" by @secresDoge@twitter.com at @BSidesVienna@twitter.com starts in a couple of minutes.
I'll be live tweeting/tooting it in this thread! 🧵

The golden rule of vulnerability disclosure

@Newk i am more worried about all the people that actually want blackouts to occur..
i personally invested in a portable power station and solar panel which i can also use for camping. but deciding to get one yourself depends on what your actual plan would be for when a blackout happens & how long you prepare for. if you plan on getting close to family/friends or so, it does not make sense to invest in equipment that makes the stay better, but rather have some gas stored somewhere..

We need more #cyberinsurance and #cybercrime people here! Also, those with a dose of #cvss (vuln severity) and #epss (vuln exploit prediction, https://www.first.org/epss/model).

I love all of you and I want nothing but the best for each of you, particularly those on infosec.exchange. I understand that Mastodon isn't Twitter, that DMs aren’t end-to-end encrypted, that we are spread across different instances and it can be hard to find your friends, and that an instance can go away at any time, and that translating posts doesn't work correctly, and there is no native giphy support, and that some instances are overwhelmed and super slow, and that you don't think the federated model can scale to a billion users, or that it doesn't support full text search of every post and account, or that we can't comply with the GDPR, or that we don't support quote tweet style functionality, or that we shouldn't collect IP addresses, and many other things.

The fediverse is a work in progress. I've been here for going on 6 years. In that time, it's come a long, long way. That said, Mastodon is not going to appeal to everyone. The decisions I make are not going to appeal to everyone. No one is forcing you to be here. No one is forcing you to disclose your personal secrets into a network of federated servers running by volunteers and hobbyists. NB: this is not Twitter. It has some similar functionality, but it is not Twitter. Parts of it are better, IMO, and parts are not. The security community is generally among the most skilled and competent IT people the world has to offer. Mastodon is open source. Do you see where I'm going?

I set this instance up a long time ago for reasons I don't even remember. I have poured my soul into this thing because I believe in the importance of this community. I have effectively peaked in my career as a CISO and I and my family live well. I am not running this instance for fame, money, a better job, or anything other than wanting to foster a community of people that can learn from each other and make the world a better place. That's it.

As I've said in several recent interviews, I felt particularly obligated to ensure the security community had a good landing spot in the fediverse as everyone was running for the doors in Twitter. We've grown from 180 active users to about 30000 in the span of 3 weeks. I do not expect everyone to stay. Some will set up their own instances. Some will move to one of the other excellent security focused instances. Some will give up and move to on to some other social media. And that is OK. While I am super excited to see the buzz here, I don't have subscriber targets, engagement targets, retention targets, or anything else. The only metric I hold myself to is whether I think this is serving a useful purpose to the community.

I appreciate all of you, regardless of where you land. Infosec.exchange has been here for a long time and will continue to be here for you.

Algorithms aren't the enemy. Chronological feeds don't scale and the signal-to-noise ratio will plummet if this ever gets popular. The real problems with today's algorithmic feeds are non-transparency, lack of choice, and optimizing for engagement instead of healthy discourse.

Open-source is a perfect opportunity to fix all this. Have there been any efforts to create a Mastodon instance with a (community governed) ranking algorithm? Is that technically feasible? Or is the idea simply anathema?

If you don't understand the federation concept of #mastodon, just think of it as @MISPProject for memes.

@Eamon1916 when their certs expire in a month and nobody can renew them or knows do has been a solid contender. But who knows. Probably a slow degradation?