La French Connection: Episode 0x200 (LIVE) - 31 mars 2022 - En direct pour le 200e!

31 mars 2022 - En direct pour le 200e!





Merci à notre partenaire Teleport!

https://securite.fm/img/teleport2.png" />

Shamelessplug


13 Octobre - Conférence LePoint - Colloque National Cybersécurité 2022 -Secteur Municipal
Hackfest Shop
Join Hackfest/La French Connection Discord
5 mai - Canadian women in cybersecurity


Shownotes and Links

La Friends Connection


Samuel Dussault
Marc Ouellet


Nouvelles


http://blog.o0o.nu/2010/06/cve-2010-1622.htm">Après Log4J, un nouveau-vieux RCE dans le framework Spring !
Les PMEs canadiennes inquiètes du risque des cyberattaques

Autre article du JdQ


US and Canada reinstate cybercrime forum to prevent Russian cyber-attacks

The nations will share information to identify and implement options to strengthen sectors of economies that are increasingly targeted by criminals and to implement effective responses.
This includes the adoption of best practices on cyber hygiene and providing stakeholders with the tools needed to “effectively and rapidly” report cyber incidents.


Ubiquity poursuit Krebs on Security en diffamation
L’équipe de Jean Charest victime d’une supercherie informatique
Crédit d’impôt de 500 $: déjà des arnaqueurs à l’œuvre
This Ukrainian hacker is spreading chaos in russia
Inquiétude sur l’influence Russe et Chinoise sur les comités de standards techniques
20220329 - Hackers send almost 4,000 fake job offer emails every day: report
WIRED has reviewed leaked messages from the Conti group that provide an unrivaled view into its operations and expose the ruthless nature of one of the world’s most successful ransomware gangs.
‘Dangerous’ EU web authentication plan threatens to undercut browser-led certification system, detractors claim

An EU proposal to force browsers to accept web certificates created by the bloc risks “upsetting a carefully curated set of rules and technologies that undergird almost all privacy and security online”, according to a leading cybersecurity expert.
eIDAS mandated the creation of Qualified Website Authentication Certificates (QWACs), which essentially vouch for a website’s professed identity. As such, the scheme purports to protect users from malicious domains parading as legitimate platforms and therefore malware, surveillance, identity theft, and financial crime.
Google (developer of Chrome), Mozilla (Firefox), Microsoft (Edge and IE), and Apple (Safari) all run ‘root programs’ that validate CAs’ compliance around issuance practices. CAs that fall below the required standards can be removed.
By contrast, QWACs are issued by ‘Trust Service Providers’ (TSPs) that are approved, not by browsers, but by the governments of EU member states.




Sujet d’opinion


Appel d’offre avec le plus bas soumissionaire … une garderie bid sur un test d’intrusion!


IrResponsible disclosure / OPSEC FAIL


Numérisation des données dans le réseau de l’éducation: les CSS ne sont pas prêts
Le centre de services scolaires de la Vallée des cerfs a encore son site d’élections de 2014

Et son template de sites d’écoles
Et son cPanel


Le centre de services scolaires au Coeur-des-Vallées a des vieilles versions de test de Moodle exposées


Crew


Patrick Mathieu
Jacques Sauvé
Gabrielle Joni Verreault
Guillaume Morissette
Richer Dinelle
Franck
Vanessa


Crédits


Montage audio par Hackfest Communication
Musique par Ego Killer - Open Source - Bad Habits
Locaux virtuels par Streamyard et CleanFeed