We had yesterday the great pleasure and honor to inaugurate our PECE instance with a conference of Prof. Kim Fortun, Department Chair in the University …
Troopers: a con to make the world a safer – and funnier – place
David Bozzini and I experienced another international security conference, taking a new step in our investigation of the customs and codes of the infosec community. …
Les batailles d’Internet
Philippe de Grosbois. 2018. Les batailles d’internet. Assauts et résistances à l’ère du capitalisme numérique. Ecosociété. 263 p. ISBN: 978-2-89719-365-2 Voici un ouvrage que j’ai …
Chaos works, and it worked pretty good in Leipzig
From December 27 to 30 the 35c3 took place in Leipzig. 35c3 stands for the 35th Chaos Communication Congress organized by the Chaos Computer Club …
Coming back from London after BH2018
Here are some raw thoughts on our second immersion in a computer security conference (or simply con, in the field’s “native language”): Black Hat Europe …
Research Poster!
réalisé par Thomas Grand @ Atelier XL, Geneva
First steps in the field
This is Black Alps 2018 conference in Yverdon-Les-Bains in Switzerland, our first step in the field. Black Alps is “an event enabling to discuss the latest threats, mitigations and advances in cyber security”. For us, it is a privileged site where we can meet cyber security experts from Switzerland and abroad. For them, it is one of the numerous moments to socialize and meet with their peers.
Advocacy for digital life
Enquiries related to advocacy initiatives will reveal another “afterlife” of
vulnerabilities analyzing how computer (in)security is mobilized, translated and embedded into ethical and political claims and controversies related to digital rights and governance.
Operational security
Researching operational forums will lead us to understand how a vulnerability is described, assigned as a risk factor and publicized by entities such as Computer Emergency Response Teams (CERTs) to professionals in IT departments where “patches” and upgrades are implemented according to a strategy, organizational constraints and specifc technical complexities.
The practice of vulnerability disclosure
Computer vulnerability disclosures can take various forms. They are complex social processes composed of several steps and are highly sensitive in nature. They can lead to legal actions against the security researchers who discovery the vulnerability, compromise the reputation of the vendors who are asked to “patch” their products and of course, they can temporarily increase the vulnerability of computer systems and even compromise the data of millions of users. We are interested in researching the socio-cultural organization and negotiation of these disclosures over the last several years to highlight the socio-technical and ethical dynamics in the computer security arena that includes security researchers, vendors and various intermediaries.