Étienne H

carte des dépendances européennes

Une carte réalisée par Proton sur la dépendance des États européens aux technologies américaines

👉 proton.me/fr/busines...

Reminder to submit a proposal for NorthSec's Call for Proposals (CfP)

⏰ 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝗖𝗙𝗣 𝟮𝟬𝟮𝟲: 𝗗𝗲𝗿𝗻𝗶è𝗿𝗲 𝗰𝗵𝗮𝗻𝗰𝗲 𝗱'𝗲𝗻𝘃𝗼𝘆𝗲𝗿 𝘂𝗻𝗲 𝗽𝗿𝗼𝗽𝗼𝘀𝗶𝘁𝗶𝗼𝗻 • 𝗟𝗮𝘀𝘁 𝗖𝗵𝗮𝗻𝗰𝗲 𝘁𝗼 𝗦𝘂𝗯𝗺𝗶𝘁 𝗮 𝗣𝗿𝗼𝗽𝗼𝘀𝗮𝗹 (𝗖𝗼𝗻𝗳𝗲𝗿𝗲𝗻𝗰𝗲𝘀/𝗪𝗼𝗿𝗸𝘀𝗵𝗼𝗽𝘀/𝗩𝗶𝗹𝗹𝗮𝗴𝗲𝘀)

👉 Submit your proposal at nsec.io/cfp before February 2nd, 2026!

#NorthSec #cybersecurity #infosec #cfp

If you are a resident of California, the state now has a portal where you can demand deletion of your personal data from 500+ registered data brokers with a single request form, for free.

consumer.drop.privacy.ca.gov

How AP photographers capture infrared technology used in surveillance YouTube video by Associated Press

Anyone who’s tried to capture FaceID and the scanning that happens on your iPhone, will resonate with this video
Great to see Associated Press do this piece on capturing surveillance tech

youtu.be/D1tyEUq2u-E?...

Et si Agoratlas realisait des atlas ? *Cartographie avec les différentes communautés* Atlas de la francophonie sur Bluesky : Cartographie globale des follows Contenant Zoom + Recherche ! Puis par communauté : Statistiques globales Comptes les plus visibles Top posts Notes : Pour respecter la vie privée de chacun, les comptes et posts visibles ne sont sélectionnés que parmi les volontaires

Visuels du site "ago-carto.fr". "Pour permettre cette publication, Jonathan Tardif a créé bénévolement le site “ago-carto.fr”, a but non commercial, permettant de diffuser des études publiques “social data” via un nouveau support." "Sur celui-ci, vous pourrez voir ce qui se passe sur un réseau social à l’échelle du *réseau*, avec une vue englobant toutes les bulles de la langue étudiée. Ici pour Bluesky, mais bientôt pour Youtube, TikTok..."

Voici un atlas du Bluesky francophone.
Avec plus de 300 000 comptes répertoriés, et 2000+ volontaires visibles.

Tout visible, avec zoom et recherche, ici :
ago-carto.fr/main.html?gr...

PS: Il y aura une maj en janvier.
Si vous n'êtes pas dedans, postez une réponse sur ce post pour être volontaire.

Dura lex, sed lex.
In the EU, a large platform can't:
- pretend an account is authentic just because it paid for a verified badge
- spread harmful content
- prevent public data access for researchers

Canadian Court: OVHcloud from France must hand over user data The Ontario court has ordered OVHcloud to provide data stored in its cloud. This raises questions about digital sovereignty.

BlueSky carte de presse, on te demande d'écrire sur l'indignation dans le monde numérique 🇫🇷 rapport à une juridiction 🇨🇦 ordonnant à un acteur 🇫🇷, ici #OVH, de filer des infos ?
Avant de pomper le papier bien putaclic heise.de/en/news/Cana..., éléments de réponse 🧵

New report by 🇫🇷France's National Cyber Security Agency (@anssi-fr.bsky.social) on the threat landscape for mobile phones since 2015.
👇

www.cert.ssi.gouv.fr/uploads/CERT...

41% of Infostealer Victims Infected by Gaming-Related File - Flare Infostealers have rapidly become the star of the cybercrime show, and we found that gamers are a major target of threat actors.

Flare "found that 41.47% of people in a study [on infostealers] were infected through a gaming-related file (such as fake Roblox, etc)"

flare.io/learn/resour...

Cryptographers Held an Election. They Can’t Decrypt the Results.

Keys are hard. www.nytimes.com/2025/11/21/w...

Free password manager for cultural institutions | Proton To help defend our cultural heritage, Proton Pass Professional password manager plans are free for two years to qualifying organizations. Learn more.

The recent Louvre breach illustrated the critical need for strong security in the world’s cultural institutions.

To support cultural institutions around the world, we’re offering them 2 yrs of Proton Pass Professional for free 👇

https://proton.me/blog/free-password-manager-cultural-institutions

Quad9 | A public and free DNS service for a better security and privacy A public and free DNS service for a better security and privacy

While AI companies are allowed to slurp everything they want, Quad9 warns that legal fees are drowning DNS resolvers, which are now being targeted by copyright owners to enforce blocks on piracy sites

quad9.net/news/blog/wh...

Most to Least Common 4-Digit PIN Numbers 34m analysed from multiple data breaches

Je ne sais pas quoi faire de cette infographie donc la voici

My analysis of the leaked #GDPR overhaul proposal. Some changes are great. Some risk decreasing privacy protections.
The changes are very far‑reaching. Tread carefully! Also, some of the proposed amendments may in fact be ... not so legit. techletters.substack.com/p/techletter...

How Digital Threats Training Has Powered Innovative Cyber Investigations Around the World Alumni of GIJN's four Digital Threats training courses have produced a number of exposés on online scams and political disinformation, from India to Kenya to the Philippines.

I have been doing trainings to journalists on digital investigations with @gijn.org since 2023, and they just published a article on several investigations that used skills journalists learned in these sessions
gijn.org/stories/inve...

cyber for good media : le premier programme pour protéger les journalistes indépendants et de la PQR face à la menace informatique et informationnelle.

#VIGINUM et Advens lancent Cyber for Good Media, un programme dédié aux journalistes pour renforcer leurs compétences en cybersécurité et en lutte contre la menace informationnelle.

🗞️ Intéressé ? Les inscriptions sont ouvertes jusqu'au 5 décembre (15 places disponibles)
➡️ cyberforgood.org/fr/media/

Databroker Files: Targeting the EU Precise locations and revealing movement patterns: the mobile phone location data of millions of people in the EU is up for sale. Collected supposedly only for advertising purposes, this data can also...

Scoop: We obtained vast amounts of European mobile phone location data from data brokers. It was allegedly collected for advertising purposes only, but can be used to spy on high-ranking EU officials & NATO staff in Brussels. The Commission is 'concerned' & issued new security guidance to its staff.

Databroker Files: Datenhändler verkaufen metergenaue Standortdaten von EU-Personal Exakte Ortungen, verräterische Bewegungsmuster: Die Handy-Standortdaten von Millionen Menschen in der EU stehen zum Verkauf. Angeblich nur zu Werbezwecken erhoben, lassen sich die Daten auch für Spion...

Für den neusten Teil der #DatabrokerFiles haben @roofjoke.netzpolitik.org & ich 278 Millionen Handy-Standortdaten aus Belgien ausgewertet – erhoben nur für Werbezwecke 🤡

Wieder fanden wir Bewegungsprofile bis zur Privatadresse, u.a. von EU-Spitzenpersonal.

1/x

netzpolitik.org/2025/databro...

🛡️ ENISA Threat Landscape 2025 is out

Based on nearly 4,900 incidents across Europe, #ENISA maps a fast-evolving #cyberenvironment:

▶️ #ransomware decentralisation
▶️ #AI-driven #phishing
▶️ state-aligned espionage
▶️ industrialised #cybercrime.

Full report: www.enisa.europa.eu/publications...

OPEN LETTER to the Minister of Artificial Intelligence and Digital Innovation from civil society organizations and individuals opposing "National Sprint" consultation on AI strategy - BC Civil Liberti... The Honourable Mélanie JolyMinister of IndustryHouse of CommonsOttawa, OntarioK1A 0A6 The Honourable Evan SolomonMinister of Artificial Intelligence and Digital InnovationHouse of CommonsOttawa, Ontar...

Along with numerous orgs and individuals, I have signed on to an Open Letter to the 🇨🇦 Minister of AI raising serious concerns about the government's approach to AI strategy.

Details are here 👇

bccla.org/policy-submi...

OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically OpenAI’s GPT-5 Aardvark scans, exploits, and patches software flaws autonomously—marking a leap in AI-driven cybersecurity.

"OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code."

thehackernews.com/2025/10/open...

Canada isn't doing its part to stop AI government surveillance, UofT director says Ronald Deibert says the ability of governments and criminal actors to surveil and target people is growing in scope thanks to AI. Read more.

Everyone is talking about AI. It's obviously having a transformative impact across all sectors of society.

So how should the Canadian government approach it?

My interview with Yvonne Lau for the @financialpost.com

financialpost.com/technology/c...

New physical attacks are quickly diluting secure enclave defenses from Nvidia, AMD, and Intel On-chip TEEs withstand rooted OSes but fall instantly to cheap physical attacks.

"A trio of novel physical attacks raises new questions about the true security offered by these TEES and the exaggerated promises and misconceptions coming from the big and small players using them."

arstechnica.com/security/202...

Why ad blockers are a top security and privacy defense for everyone Ad blockers can help defend against some of the top hacks, scams, and surveillance today. Here are some of the best ad blockers that you can use.

In case you haven't had enough cyber for one day...

I'm re-upping my deep-dive blog on why ad-blockers are critical for your online security and privacy, and what threats they can help defend against. Plus, I run through some of the best ad blockers out there, for your browser and beyond.

How Starcloud Is Bringing Data Centers to Outer Space The NVIDIA Inception startup projects that space-based data centers will offer 10x lower energy costs and reduce the need for energy consumption on Earth.

Nvidia dit maintenant vouloir construire des centres de données pour l'IA dans l'espace, avec des panneaux solaires de 4km par 4km.

J'espère que les médias ne couvriront pas ceci avec crédulité, c'est absolument une farce. Ce n'est pas sérieux!

Security Bulletins  |  Customer Care  |  Google Cloud

Google Cloud Platform was vulnerable to a HTTP desync attack leading to "responses being misrouted between recipients for certain third-party models". Aka your LLM response goes to someone else. The Expect header strikes again!
Context: http1mustdie.com
cloud.google.com/support/bull...

🧵 Signal introduit une avancée majeure pour son protocole de chiffrement : le Sparse Post Quantum Ratchet (SPQR), Ce mécanisme renforce le Signal Protocol face aux futures attaques quantiques, tout en conservant ses garanties existantes de secret antérieur (FS) et sécurité post-compromission (PCS).

NOW: US court permanently bans Pegasus spyware maker from hacking WhatsApp.

NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.

Bad news for NSO. Huge competitive disadvantage for the notorious company.

Big additional win for WhatsApp 1 /

Recon 2025 - The Finer Details of LSA Credential Recovery YouTube video by Recon Conference

@reconmtl.bsky.social has uploaded the majority of the 2025 talks, including my talk on LSA. You can check it out at the below link if you'd like.

Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...