« L'union fait la force » (in French, about cybersecurity)
"Humans learn to walk by falling. Why don't we learn from cyberattacks? Are there not enough incidents?"
Discussion
Loading...
"Not learning from mistakes is part of the human nature."
A lot of catch phrases for my next slides on cybersecurity 😄
"whois is a kind of repository". Awfully wrong, of course, but I noticed that .lu don't give a lot of details via whois, even, for corporations (try whois microsoft.lu)
"It is hard to notify people of security issues. There is a standard security.txt [RFC 9116] but nobody uses it."
Correction, I do: https://www.bortzmeyer.org/.well-known/security.txt
@bortzmeyer This makes me wonder, how "Expires" plays a role regarding PGP keys? Sure, the link might be the same, but the key('s expiry) could be updated.
For instance
security,txt:
> Expires: 2030-01-01T00:00:00Z
linked PGP key (at time of writing):
> pub rsa4096 2014-02-08 [SC] [expires: 2027-09-16]
@trix Because there is other stuff in security.txt than PGP keys?
@bortzmeyer Nono, obviously the information is still valid, and technically the *link* to the PGP key is also still valid, even after an update.
Discussion about notification. Even when you get an email address, people don't reply to it / do nothing. One of the big frustrations in cybersecurity.
(On the other hand, many reports are spurious, ask @bagder )