Aux yeux de la Commission d’accès aux documents administratifs (CADA), les acteurs publics qui fournissent au public des documents scannés au format PDF contreviennent à la loi Numérique de 2016. La CNIL vient d’en faire les frais.

The Whois public database of domain name registration details is dead.

In a letter [PDF] sent this week to DNS overseer ICANN, Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force.

Light-weight, no-dependency, vanilla JavaScript engine to drive user's focus across the page

Mounir Mahjoubi a fait part d'un projet de messagerie publique chiffrée de bout en bout, interne à l’État, et destinée à remplacer Telegram auprès des parlementaires et des ministres.

au kazou ... qui connaît ce site ?

via @sebsauvage

The vulnerability (CVE-2018-0950) exploited Outlook’s unfortunate habit of retrieving remotely hosted Object Linking and Embedding (OLE) content when previewing a RTF email.

The Windows client was able to authenticate itself if that content was hosted on SMB/CIFS server.

If the SMB server was controlled by the attacker, then Windows had effectively handed over the user’s login credentials, including a hashed password, without any interaction on behalf of the user other than the email being rendered.