What Is A Honeypot?

The latest buzzword in cybersecurity sounds delicious but it is also a preventive mechanism against hacking and can save time and resources in forensic analysis of cyber-breaches.

Honeypots are hacker traps and they come in many forms and sizes adapted to your needs. Our tech expert Roman Blake is developing a comprehensive guide for creators and small businesses on how the strategic deployment of honeypots can place you many steps ahead of potential hackers. I am looking forward to this collaboration.

In the meantime I recommend the following draft: https://cybersecuritynews.com/what-is-a-honeypot/

Télétravail et géolocalisation des employés

Ce trio d’articles pointe vers un besoin pressant de réformer les lois sur le droit du travail tant provinciales que fédérales afin d’assurer une meilleure sécurité des données personnelles des travailleurs en contexte de télétravail.

  1. Une employée de l’Alberta a été congédiée après avoir refusé d’installer une application de géolocalisation sur son téléphone: https://ici.radio-canada.ca/nouvelle/1784312/geolocalistion-telephone-mobile-productivite-employes
  2. Les lois sur le droit du travail permettent la géolocalisation des employés dans la mesure qu’ils en ont été préalablement informés https://ici.radio-canada.ca/nouvelle/1703181/covid-19-teletravail-surveillance-employes-hubstaff-logiciel
  3. Une application de géolocalisation mal sécurisée a laissé fuire les données personnelles et géographiques de plus de 238 000 de ses utilisateurs en les stockant sur un serveur non protégé par un mot de passe.https://ici.radio-canada.ca/nouvelle/1160383/geolocalisation-securite-donnees-application-family-locator

Fuite de données personnelles d’anciens employé(e)s d’Olymel

Olymel affirme que les renseignements personnels d’employés actuels, d’anciens employés et de postulants ont pu être dérobés.

“Les données concernées sont liées au dossier d’emploi et comprennent le nom, l’adresse, la date de naissance, le numéro d’assurance sociale et, dans certains cas, pour les travailleurs étrangers, des informations contenues dans leurs passeports.”


La CNESST contribue au non-Respect de l’exigence de télétravail

On dirait que la CNESST intervient seulement après un reportage RDI. Il ne suffit pas que le ministre ait dit mille fois que le télétravail est obligatoire. C’est comme si les inspecteurs de la CNESST venaient de découvrir qu’il y a une pandémie. Voilà qu’ils ne sont pas tous sur la même page, notamment celle qui les oblige d’intervenir en cas de signalement de non-respect de l’exigence de télétravail.


WhatsApp Controversy

In response to Apple’s new data disclosure requirements, WhatsApp informed users last week that certain data points, such as the user’s profile status, login activity, contact list, purchases, and financial information, may be shared with businesses and the third parties they use.

Unless you consent to totally unacceptable 3rd party data sharing of your personal and financial information, your account will be deleted anyway.

Therefore delete it before it deletes you.

https://www.fastcompany.com/90593066/whatsapp-facebook-privacy-ultimatum This article discusses one of the most unhinged antitrust defendants in the history of litigation.

The alternative to Whasapp is Telegram or Signal. The simple reason that big tech anti-trust defendants are backing Signal at the moment however should come as ared flag. Until all anti-trust lawsuits against Twitter, Apple, Amazon, Google, and FB are resolved, it is impossible to trust any company so heavily endorsed by social media tyrants.

Even Turkey’s Erdogan has dropped Whatsapp urging journalists to use a Turkish app equivalent.

I maintain my position that government actors have absolutely no business to be on private social media networks. If you are a politician on Twitter, you are giving off an image of selling out your country to Big Tech.

It would be reckless to encourage your citizens to hand over their personal information to big tech giants for the privilege to follow you on private social media networks.

From a political standpoint, private companies have 100% the right and the power to pick and choose sides and ban whoever they want. Users are being tolerated as guests on these platforms and must behave by their code. If your opinion falls out of line, they can legally remove you.

Governments need to set up their own communication platforms. Otherwise, they call into question their legitimacy and raison d’être. Governments that keep relying on private corporations to communicate hand government power to non elected private actors. It is like building your house on someone else’s land. The landowner can kick you out at any time. As a government actor, you need a more stable alternative.

Cubicles Are Back, 9 to 5 is Dead, And Privacy Protection Is In ICU

Staggered shifts, driving alone to work (like a cowboy), no more open space offices… Not only were spaces not “stimulating creativity”, they were recipes for distraction and potential harassment claims. It is a relief to take a break from office proximity, breathing in each other’s faces, sneezing on each other’s hair, invading one another’s personal space, have someone snoop up on ya under pretext to access the shredder… 19th century is officially out of fashion.

For example, from now on, you have to buy individual staplers (or maybe even cars) to all employees you want physically at the office, limit the use of paper, disinfect bathrooms every 2 hours, check temperature, imagine how much that will cost.

The way online exams are being administered around the world right now, requiring 2 cameras filming exam-takers, full screen access by proctors, and 3 videos per student to document what exactly happened during each individual exam sitting, should be a fair example (tip of the iceberg) of how remote work in this profession is about to unroll. Say hello to technical issues.

It is kind of obvious that the remote office may remain the only viable office

After having spent at least two weeks rearranging my physical office space, you know those two decisive walls that the whole world suddenly has access to, I’ve spent half of past week with Adobe, Google, and other usual friends remotely accessing my computer to fix bugs, because new tech issues arise every time you update an app. I’ve learned so much about my own OS just by observing tech support do stuff inside. For hours. At times, we fight for mouse control, because I have more efficient ways to access certain features. If something messes up, we retrieve downgraded versions from TimeMachine and start over again. Time travel has its own way to reveal stuff you had completely forgotten about. And then a whole afternoon is gone. You still have to work past midnight to catch up on actual work.

Tech issues are the new normal. Everybody is learning.

Unless it is beginner luck, technical issues on remote platforms are the norm rather than an exception. It is important to give options for technical support whenever you require people to work or sit an exam remotely.

Exams are guaranteed to be filled with bugs

How many equipment checks and simulations did you perform before rolling out your actual event or exam? If the answer is none, then you can safely postpone and start over.

Simulated exams act weird, too

I was on Emond’s platform this week to answer two sets of 220 questions, barrister exam went perfectly fine, solicitor on the other hand was a mild disaster… You can’t answer 220 questions without a break, so after a 100 questions, you stop the timer and do lunch or lie down and stare in space to recollect your brain. After I returned from break, I logged back into the system to find that 25 of my answers were completely lost, from Q105 where I left off I was sent back to Q80 and what’s even freakier, the timer was running the whole time while I was logged out. Never seen anything like this before. I literally cried for 30 seconds while contacting support. This wasn’t even a real exam.

Bugs are not intentional, but they’re likely to occur. If there are none, fantastic.

I managed to complete the simulated solicitor exam. I could go quite rapidly through the 25 lost questions, because I had already worked with the facts and deliberated on the answers. Another detail I terribly missed is a highlighter tool. Without one you stare at the facts and commit to memory all the facts and complex interactions.

Surprisingly I passed both, what is even more surprising is that I performed better at solicitor, the exam that made me suffer the most, and I was certain to fail. My brain feels as if it ran a marathon.

You may ignore data, but data won’t ignore you

Do you even know how many apps share your clients confidential information with 3rd party apps, simply because you were too lazy to opt out in the thousand different ways you were supposed to? It is likely you didn’t know you had to opt out, because it is not common knowledge. Did you buy work phones and work computers for all your remote employees? If not you may stumble upon some PIPEDA issues such as inadvertent sharing of confidential information.