{"postID":137163108,"cachedAt":717352513.89782202,"updatedAt":717352513.89782,"content":{"type":"doc","content":[{"type":"captionedImage","content":[{"type":"image2","attrs":{"topImage":false,"srcNoWatermark":null,"bytes":206823,"href":null,"belowTheFold":false,"fullscreen":null,"src":"https:\/\/substack-post-media.s3.amazonaws.com\/public\/images\/e04c510b-8d0b-4b32-8c97-3375a1dcf926_797x623.png","type":"image\/png","title":null,"width":797,"internalRedirect":null,"height":623,"imageSize":null,"resizeWidth":null,"alt":null}},{"type":"caption","content":[{"type":"text","text":"La "},{"type":"text","text":"mascotte","marks":[{"type":"link","attrs":{"class":null,"href":"https:\/\/100soft.shop\/products\/dumpster-fire-vinyl-figure","target":"_blank","rel":"noopener noreferrer nofollow"}}]},{"type":"text","text":" du zeitgeist."}]}]},{"type":"paragraph","content":[{"type":"text","text":"Semaine effervescente pour les nouvelles en lien avec le théâtre de la sécurité (ou l’absence de). C’est rarement bon signe ça mais je dirais que les updates de iOS et Android qui viennent sont définitivement une bonne chose côté vie privée des citoyens."}]},{"type":"paragraph","content":[{"type":"text","text":"Côté C-18, il y a bien sûr eu "},{"type":"text","text":"ZuckHub","marks":[{"type":"link","attrs":{"target":"_blank","class":null,"rel":"noopener noreferrer nofollow","href":"https:\/\/zuckhub.ca\/"}}]},{"type":"text","text":" mais je ne reviendrai pas la-dessus puisque pas mal "},{"type":"text","text":"l’ensemble","marks":[{"type":"link","attrs":{"target":"_blank","class":null,"href":"https:\/\/ici.radio-canada.ca\/nouvelle\/2012030\/site-outil-zuckhub-nouvelles-blocage-c-18-meta","rel":"noopener noreferrer nofollow"}}]},{"type":"text","text":" "},{"type":"text","text":"des","marks":[{"type":"link","attrs":{"href":"https:\/\/www.lapresse.ca\/affaires\/techno\/2023-09-21\/blocage-des-nouvelles-par-meta\/apres-la-voie-de-contournement-zuckhub-zuckleplouc.php","class":null,"rel":"noopener noreferrer nofollow","target":"_blank"}}]},{"type":"text","text":" "},{"type":"text","text":"médias","marks":[{"type":"link","attrs":{"rel":"noopener noreferrer nofollow","class":null,"href":"https:\/\/www.journaldemontreal.com\/2023\/09\/20\/zuck-hub-une-riposte-a-meta-et-son-blocage-de-nouvelle","target":"_blank"}}]},{"type":"text","text":" au Québec en ont parlé."}]},{"type":"paragraph","content":[{"type":"text","text":"Sinon, c’est varié et un pot-j’espère-pas-trop-pourri de développements. Have phun."}]},{"type":"button","attrs":{"text":"Abonnez-vous maintenant","class":null,"url":"https:\/\/jpdm.substack.com\/subscribe?","action":"checkout_url"}},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"C’est maintenant possible de rechercher directement des fichier comma-separated value sur Google","marks":[{"type":"link","attrs":{"target":"_blank","rel":"noopener noreferrer nofollow","href":"https:\/\/twitter.com\/Gralhix\/status\/1697722458583847205","class":null}}]},{"type":"text","text":". What could go wrong?"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"Inside ShadowDragon, The Tool That Lets ICE Monitor Pregnancy Tracking Sites and Fortnite Players","marks":[{"type":"link","attrs":{"class":null,"rel":"noopener noreferrer nofollow","href":"https:\/\/www.404media.co\/inside-shadowdragon-ice-babycenter-pregnancy-fortnite-black-planet\/","target":"_blank"}}]},{"type":"text","text":". L’outil est quand même pas mal bon pour l’avoir utilisé mais le fondateur est, mettons, problématique en simonac. “Get in debt and get off social media” - hey, super conseil, merci."}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"The Pirate Bay Celebrates Its 20th Anniversary","marks":[{"type":"link","attrs":{"class":null,"rel":"noopener noreferrer nofollow","href":"https:\/\/torrentfreak.com\/the-pirate-bay-celebrates-its-20th-anniversary-230919\/","target":"_blank"}}]},{"type":"text","text":". Bonne fête! 🖤"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"Intelligence suggests agents of India behind killing of B.C. Sikh leader: Trudeau","marks":[{"type":"link","attrs":{"href":"https:\/\/globalnews.ca\/news\/9968980\/bc-sikh-leader-murder-india-intelligence\/","rel":"noopener noreferrer nofollow","target":"_blank","class":null}}]},{"type":"text","text":". Ça doit être la première fois qu’on voit Justin Trudeau parler en bien d’un séparatiste. Blague à part, le cafouillage des services de renseignement canadiens côté groupes taggés terroristes en Inde "},{"type":"text","text":"ne date pas d’hier","marks":[{"type":"link","attrs":{"href":"https:\/\/espionage.substack.com\/p\/how-canadian-intelligence-allowed","rel":"noopener noreferrer nofollow","target":"_blank","class":null}}]},{"type":"text","text":" ("},{"type":"text","text":"part deux","marks":[{"type":"link","attrs":{"href":"https:\/\/espionage.substack.com\/p\/canadian-intelligences-dirty-little-secret","rel":"noopener noreferrer nofollow","target":"_blank","class":null}}]},{"type":"text","text":") et ce coup-ci, "},{"type":"text","text":"le Canada a eu de l’aide de ses amis des Five Eyes","marks":[{"type":"link","attrs":{"target":"_blank","rel":"noopener noreferrer nofollow","href":"https:\/\/ici.radio-canada.ca\/nouvelle\/2012084\/crise-canada-inde-meurtre-preuves","class":null}}]},{"type":"text","text":". Reste à voir pourquoi ça sort "},{"type":"text","text":"maintenant… ","marks":[{"type":"em"}]},{"type":"text","text":"mais bon, pas toujours facile avoir la bonne information au bon moment. Au moins le Parlement a pas fait un standing ovation à un ancien naz"},{"type":"text","text":"OHSHIIIIT—","marks":[{"type":"link","attrs":{"class":null,"rel":"noopener noreferrer nofollow","target":"_blank","href":"https:\/\/www.ledevoir.com\/politique\/canada\/798717\/deputes-ont-honore-homme-combattu-nazis"}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"Détecter du texte généré par ChatGPT est maintenant plus difficile","marks":[{"type":"link","attrs":{"target":"_blank","rel":"noopener noreferrer nofollow","href":"https:\/\/ici.radio-canada.ca\/nouvelle\/2010600\/chat-gpt-regenerate-response-as-an-ai-plagiat","class":null}}]},{"type":"text","text":". Un changement subtile mais qui risque d’avoir des impacts majeurs sur la détection de contenu issu d’un Large Language Model. D’ailleurs, "},{"type":"text","text":"selon OpenAI","marks":[{"type":"link","attrs":{"target":"_blank","rel":"noopener noreferrer nofollow","href":"https:\/\/help.openai.com\/en\/articles\/8313351-how-can-educators-respond-to-students-presenting-ai-generated-content-as-their-own","class":null}}]},{"type":"text","text":", les détecteurs de textes générés par une IA ne fonctionnent pas vraiment. Parallèlement, 77% des développeurs sondés par "},{"type":"text","text":"Stack Overflow","marks":[{"type":"link","attrs":{"target":"_blank","rel":"noopener noreferrer nofollow","href":"https:\/\/stackoverflow.com\/","class":null}}]},{"type":"text","text":" dans son "},{"type":"text","text":"recensement annuel","marks":[{"type":"link","attrs":{"target":"_blank","rel":"noopener noreferrer nofollow","href":"https:\/\/www.docker.com\/static\/stack-overflow-survey-infographic.pdf","class":null}}]},{"type":"text","text":" disent être “favorables ou très favorables” à l’intelligence artificielle comme outil de programmation. Je sais pas si j’avais besoin de mettre l’emphase là-dessus mais les LLMs et applications dérivées sont définitivement ici pour rester."}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"Des développeurs de Microsoft ont "},{"type":"text","text":"accidentellement partagés publiquement","marks":[{"type":"link","attrs":{"rel":"noopener noreferrer nofollow","class":null,"target":"_blank","href":"https:\/\/twitter.com\/hillai\/status\/1703771673411871227"}}]},{"type":"text","text":" 38To de données confidentielles sur Azure via un jeton Shared Access Signature mal configuré."}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?","marks":[{"type":"link","attrs":{"href":"https:\/\/www.eff.org\/deeplinks\/2023\/09\/apple-and-google-are-introducing-new-ways-defeat-cell-site-simulators-it-enough","class":null,"target":"_blank","rel":"noopener noreferrer nofollow"}}]},{"type":"text","text":" Des changements s’en viennent sur iOS et Android pour pallier ce qui semble être historiquement du backdooring-by-design via le null ciphering en empêchant le déclassement vers un réseau 2G. Les fausses tours cellulaire (‘False Base Stations’, communément appelées ‘IMSI-catchers’), principalement utilisées par diverses forces de police dans le monde à des fins de captation massive, risquent de perdre solidement du galon."}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"X\/Twitter : la nouvelle politique de la coche bleue alimente la désinformation","marks":[{"type":"link","attrs":{"rel":"noopener noreferrer nofollow","class":null,"target":"_blank","href":"https:\/\/ijnet.org\/fr\/story\/x%E2%80%99s-check-mark-policy-fueling-disinformation"}}]},{"type":"text","text":". Qui aurait cru que combiner appel à l’autorité via un symbole de statut à côté d’un nom d’usager et d’une fosse à purin publique comme X aurait pu nous mener à ceci? 🙄"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"Spies like us: How does Russia's intelligence network operate across Europe?","marks":[{"type":"link","attrs":{"rel":"noopener noreferrer nofollow","class":null,"target":"_blank","href":"https:\/\/www.euronews.com\/2023\/08\/18\/spies-like-us-how-does-russias-intelligence-network-operate-across-europe"}}]},{"type":"text","text":" Le principe des sleeper cells encore bien vivant chez le GRU et le FSB. La disette bulgare est aussi une force motrice de recrutement; “veux-tu être pauvre à Sofia ou riche à Londres?” est un choix facile quand vient le temps de manger."}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"La panne dans les aéroports provenait bien d’une attaque informatique","marks":[{"type":"link","attrs":{"href":"https:\/\/www.lapresse.ca\/actualites\/national\/2023-09-19\/agence-des-services-frontaliers\/la-panne-dans-les-aeroports-provenait-bien-d-une-attaque-informatique.php","class":null,"rel":"noopener noreferrer nofollow","target":"_blank"}}]},{"type":"text","text":". Faque c’est apparemment possible de pivoter du site Web de l’ASFC vers “les kiosques et les portes électroniques” dans les aéroports…? Les aéroports et leur services de sécurité sont considérés, avec raison, comme des infrastructures critiques: celles-ci ne devraient pas être connectées à Internet. Comme c’est toujours le cas avec ce genre de nouvelle, on a pas de détails techniques mais ça parait mal."}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"US spy bureau NSA ‘hacked Huawei HQ’: China confirms Snowden leak","marks":[{"type":"link","attrs":{"href":"https:\/\/www.scmp.com\/news\/china\/politics\/article\/3235174\/us-spy-agency-nsa-hacked-huawei-hq-china-confirms-snowden-leak","class":null,"target":"_blank","rel":"noopener noreferrer nofollow"}}]},{"type":"text","text":". Ce qui est intéressant ici, c’est le traitement de cette (vieille) nouvelle, la Chine décrivant essentiellement la National Security Agency comme une menace persistante avancée. D’ailleurs, "},{"type":"text","text":"j’avais parlé de Bvp47 à Incidences l’an dernier","marks":[{"type":"link","attrs":{"target":"_blank","class":null,"rel":"noopener noreferrer nofollow","href":"https:\/\/soundcloud.com\/incidences-le-balado\/50-invite-jean-philippe-decarie-mathieu-analyse-bvp47-shadow-brokers-back-to-the-future"}}]},{"type":"text","text":"."}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"Vast majority of bot attacks emanate from China and Russia","marks":[{"type":"link","attrs":{"target":"_blank","class":null,"rel":"noopener noreferrer nofollow","href":"https:\/\/www.scmagazine.com\/news\/vast-majority-of-bot-attacks-emanate-from-china-and-russia"}}]},{"type":"text","text":". D’après ce sondage, 97% des entreprises prennent plus d’un mois à répondre à un incident causé par un tel botnet. Ouch."}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"En matière de sécurité nationale, Ottawa accuse un retard de près de 20 ans","marks":[{"type":"link","attrs":{"href":"https:\/\/ici.radio-canada.ca\/nouvelle\/2011483\/securite-nationale-strategie-canada-rapport","class":null,"rel":"noopener noreferrer nofollow","target":"_blank"}}]},{"type":"text","text":". Il serait en effet temps que le gouvernement fédéral update sa page LiveJournal. Aussi, ça l’air que celui-ci “fait un assez bon travail” côté cybersécurité… basé sur quels KPIs\/métriques? Réponse: ¯\\_(ツ)_\/¯"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"Threat actors claim to have compromised MGM Resorts’ Okta environment","marks":[{"type":"link","attrs":{"href":"https:\/\/www.cybersecuritydive.com\/news\/threat-actors-claim--compromised-mgm-okta\/693829\/","class":null,"target":"_blank","rel":"noopener noreferrer nofollow"}}]},{"type":"text","text":". Le fournisseur d’IAM californien semble être victime d’un acteur de menace "},{"type":"text","text":"persistent","marks":[{"type":"link","attrs":{"rel":"noopener noreferrer nofollow","class":null,"target":"_blank","href":"https:\/\/sec.okta.com\/articles\/2023\/08\/cross-tenant-impersonation-prevention-and-detection"}}]},{"type":"text","text":". Le tout a mené à des offres d’emploi… "},{"type":"text","text":"intéressantes","marks":[{"type":"link","attrs":{"href":"https:\/\/twitter.com\/mattjay\/status\/1705265541261263260","rel":"noopener noreferrer nofollow","target":"_blank","class":null}}]},{"type":"text","text":", disons."}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"type":"text","text":"N"},{"type":"text","text":"ew ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants","marks":[{"type":"link","attrs":{"href":"https:\/\/blog.talosintelligence.com\/introducing-shrouded-snooper\/","rel":"noopener noreferrer nofollow","target":"_blank","class":null}}]},{"type":"text","text":". Recherche de SentinelLabs "},{"type":"text","text":"ici","marks":[{"type":"link","attrs":{"href":"https:\/\/www.sentinelone.com\/labs\/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit\/","class":null,"rel":"noopener noreferrer nofollow","target":"_blank"}}]},{"type":"text","text":". Attribution inconnue jusqu’à présent. Parallèlement, "},{"type":"text","text":"ESET a découvert un nouveau backdoor","marks":[{"type":"link","attrs":{"href":"https:\/\/www.welivesecurity.com\/en\/eset-research\/stealth-falcon-preying-middle-eastern-skies-deadglyph\/","class":null,"target":"_blank","rel":"noopener noreferrer nofollow"}}]},{"type":"text","text":" et indique que Stealth Falcon - un groupe ciblant des dissidents et "},{"type":"text","text":"recherché par CitizenLab depuis 2016","marks":[{"type":"link","attrs":{"href":"https:\/\/citizenlab.ca\/2016\/05\/stealth-falcon\/","class":null,"target":"_blank","rel":"noopener noreferrer nofollow"}}]},{"type":"text","text":" - est derrière cette porte dérobée présentement utilisée eu Moyen-Orient. Il ne semble pas y avoir de lien entre les acteurs de menace mais la région est effervescente."}]}]}]},{"type":"captionedImage","content":[{"type":"image2","attrs":{"topImage":false,"srcNoWatermark":null,"bytes":162789,"href":null,"internalRedirect":null,"fullscreen":null,"src":"https:\/\/substack-post-media.s3.amazonaws.com\/public\/images\/0192b204-002c-4534-a70f-d1220847f48f_626x941.png","width":626,"type":"image\/png","belowTheFold":false,"title":null,"height":941,"imageSize":null,"resizeWidth":null,"alt":null}},{"type":"caption","content":[{"type":"text","text":"Je ne pourrai être au "},{"type":"text","text":"lancement","marks":[{"type":"link","attrs":{"href":"https:\/\/www.facebook.com\/events\/856058628899969","rel":"noopener noreferrer nofollow","target":"_blank","class":null}}]},{"type":"text","text":" (Librairie Gallimard Montréal, ce mercredi, 17h30) mais j’ai bien hâte de lire ça. Folco a 100% compris la gammick ambiante."}]}]},{"type":"paragraph","content":[{"type":"text","text":"Coin lecture, ‘"},{"type":"text","text":"Crown, Cloak, and Dagger: The British Monarchy and Secret Intelligence from Victoria to Elizabeth II","marks":[{"type":"link","attrs":{"target":"_blank","rel":"noopener noreferrer nofollow","href":"https:\/\/www.amazon.ca\/-\/fr\/Richard-J-Aldrich\/dp\/1647123712\/ref=sr_1_1","class":null}}]},{"type":"text","text":"’ et "},{"type":"text","text":"‘Le Capital algorithmique’ de Jonathan Martineau et Jonathan Durand Folco","marks":[{"type":"link","attrs":{"target":"_blank","rel":"noopener noreferrer nofollow","href":"https:\/\/www.leslibraires.ca\/livres\/le-capital-algorithmique-jonathan-durand-folco-9782897199050.html","class":null}}]},{"type":"text","text":" viennent d’être publiés."}]},{"type":"paragraph","content":[{"type":"text","text":"(Meta: "},{"type":"text","text":"‘how to hack the system’, version artistique","marks":[{"type":"link","attrs":{"target":"_blank","rel":"noopener noreferrer nofollow","href":"https:\/\/www.bbc.com\/news\/world-europe-66847139","class":null}}]},{"type":"text","text":". Ce gars vit en 2623.)"}]},{"type":"subscribeWidget","content":[{"type":"ctaCaption","content":[{"type":"text","text":"Merci d'avoir lu (in)sécurité! Abonnez-vous gratuitement pour recevoir de nouveaux posts et soutenir mon travail."}]}],"attrs":{"url":"https:\/\/jpdm.substack.com\/subscribe?","text":"S'abonner","language":"fr"}}]}}