Étienne Hourdebaigt
@ehourdebaigt.net
Organizer @nsec.io, Hacker, CTFs, Privacy, Research, Social Tech, Serial Expat 🗺️🧭
Reposted by Étienne Hourdebaigt
The recent Louvre breach illustrated the critical need for strong security in the world’s cultural institutions.
To support cultural institutions around the world, we’re offering them 2 yrs of Proton Pass Professional for free 👇
https://proton.me/blog/free-password-manager-cultural-institutions
To support cultural institutions around the world, we’re offering them 2 yrs of Proton Pass Professional for free 👇
https://proton.me/blog/free-password-manager-cultural-institutions
Free password manager for cultural institutions | Proton
To help defend our cultural heritage, Proton Pass Professional password manager plans are free for two years to qualifying organizations. Learn more.
proton.me
November 13, 2025 at 5:14 PM
The recent Louvre breach illustrated the critical need for strong security in the world’s cultural institutions.
To support cultural institutions around the world, we’re offering them 2 yrs of Proton Pass Professional for free 👇
https://proton.me/blog/free-password-manager-cultural-institutions
To support cultural institutions around the world, we’re offering them 2 yrs of Proton Pass Professional for free 👇
https://proton.me/blog/free-password-manager-cultural-institutions
Reposted by Étienne Hourdebaigt
While AI companies are allowed to slurp everything they want, Quad9 warns that legal fees are drowning DNS resolvers, which are now being targeted by copyright owners to enforce blocks on piracy sites
quad9.net/news/blog/wh...
quad9.net/news/blog/wh...
Quad9 | A public and free DNS service for a better security and privacy
A public and free DNS service for a better security and privacy
quad9.net
November 10, 2025 at 10:53 PM
While AI companies are allowed to slurp everything they want, Quad9 warns that legal fees are drowning DNS resolvers, which are now being targeted by copyright owners to enforce blocks on piracy sites
quad9.net/news/blog/wh...
quad9.net/news/blog/wh...
Reposted by Étienne Hourdebaigt
Je ne sais pas quoi faire de cette infographie donc la voici
November 9, 2025 at 11:14 AM
Je ne sais pas quoi faire de cette infographie donc la voici
Reposted by Étienne Hourdebaigt
My analysis of the leaked #GDPR overhaul proposal. Some changes are great. Some risk decreasing privacy protections.
The changes are very far‑reaching. Tread carefully! Also, some of the proposed amendments may in fact be ... not so legit. techletters.substack.com/p/techletter...
The changes are very far‑reaching. Tread carefully! Also, some of the proposed amendments may in fact be ... not so legit. techletters.substack.com/p/techletter...
November 8, 2025 at 5:41 PM
My analysis of the leaked #GDPR overhaul proposal. Some changes are great. Some risk decreasing privacy protections.
The changes are very far‑reaching. Tread carefully! Also, some of the proposed amendments may in fact be ... not so legit. techletters.substack.com/p/techletter...
The changes are very far‑reaching. Tread carefully! Also, some of the proposed amendments may in fact be ... not so legit. techletters.substack.com/p/techletter...
Reposted by Étienne Hourdebaigt
I have been doing trainings to journalists on digital investigations with @gijn.org since 2023, and they just published a article on several investigations that used skills journalists learned in these sessions
gijn.org/stories/inve...
gijn.org/stories/inve...
How Digital Threats Training Has Powered Innovative Cyber Investigations Around the World
Alumni of GIJN's four Digital Threats training courses have produced a number of exposés on online scams and political disinformation, from India to Kenya to the Philippines.
gijn.org
November 4, 2025 at 8:44 PM
I have been doing trainings to journalists on digital investigations with @gijn.org since 2023, and they just published a article on several investigations that used skills journalists learned in these sessions
gijn.org/stories/inve...
gijn.org/stories/inve...
Reposted by Étienne Hourdebaigt
#VIGINUM et Advens lancent Cyber for Good Media, un programme dédié aux journalistes pour renforcer leurs compétences en cybersécurité et en lutte contre la menace informationnelle.
🗞️ Intéressé ? Les inscriptions sont ouvertes jusqu'au 5 décembre (15 places disponibles)
➡️ cyberforgood.org/fr/media/
🗞️ Intéressé ? Les inscriptions sont ouvertes jusqu'au 5 décembre (15 places disponibles)
➡️ cyberforgood.org/fr/media/
November 3, 2025 at 1:52 PM
#VIGINUM et Advens lancent Cyber for Good Media, un programme dédié aux journalistes pour renforcer leurs compétences en cybersécurité et en lutte contre la menace informationnelle.
🗞️ Intéressé ? Les inscriptions sont ouvertes jusqu'au 5 décembre (15 places disponibles)
➡️ cyberforgood.org/fr/media/
🗞️ Intéressé ? Les inscriptions sont ouvertes jusqu'au 5 décembre (15 places disponibles)
➡️ cyberforgood.org/fr/media/
Reposted by Étienne Hourdebaigt
Scoop: We obtained vast amounts of European mobile phone location data from data brokers. It was allegedly collected for advertising purposes only, but can be used to spy on high-ranking EU officials & NATO staff in Brussels. The Commission is 'concerned' & issued new security guidance to its staff.
Databroker Files: Targeting the EU
Precise locations and revealing movement patterns: the mobile phone location data of millions of people in the EU is up for sale. Collected supposedly only for advertising purposes, this data can also...
netzpolitik.org
November 4, 2025 at 9:57 AM
Scoop: We obtained vast amounts of European mobile phone location data from data brokers. It was allegedly collected for advertising purposes only, but can be used to spy on high-ranking EU officials & NATO staff in Brussels. The Commission is 'concerned' & issued new security guidance to its staff.
Reposted by Étienne Hourdebaigt
Für den neusten Teil der #DatabrokerFiles haben @roofjoke.netzpolitik.org & ich 278 Millionen Handy-Standortdaten aus Belgien ausgewertet – erhoben nur für Werbezwecke 🤡
Wieder fanden wir Bewegungsprofile bis zur Privatadresse, u.a. von EU-Spitzenpersonal.
1/x
netzpolitik.org/2025/databro...
Wieder fanden wir Bewegungsprofile bis zur Privatadresse, u.a. von EU-Spitzenpersonal.
1/x
netzpolitik.org/2025/databro...
Databroker Files: Datenhändler verkaufen metergenaue Standortdaten von EU-Personal
Exakte Ortungen, verräterische Bewegungsmuster: Die Handy-Standortdaten von Millionen Menschen in der EU stehen zum Verkauf. Angeblich nur zu Werbezwecken erhoben, lassen sich die Daten auch für Spion...
netzpolitik.org
November 4, 2025 at 7:05 AM
Für den neusten Teil der #DatabrokerFiles haben @roofjoke.netzpolitik.org & ich 278 Millionen Handy-Standortdaten aus Belgien ausgewertet – erhoben nur für Werbezwecke 🤡
Wieder fanden wir Bewegungsprofile bis zur Privatadresse, u.a. von EU-Spitzenpersonal.
1/x
netzpolitik.org/2025/databro...
Wieder fanden wir Bewegungsprofile bis zur Privatadresse, u.a. von EU-Spitzenpersonal.
1/x
netzpolitik.org/2025/databro...
Reposted by Étienne Hourdebaigt
🛡️ ENISA Threat Landscape 2025 is out
Based on nearly 4,900 incidents across Europe, #ENISA maps a fast-evolving #cyberenvironment:
▶️ #ransomware decentralisation
▶️ #AI-driven #phishing
▶️ state-aligned espionage
▶️ industrialised #cybercrime.
Full report: www.enisa.europa.eu/publications...
Based on nearly 4,900 incidents across Europe, #ENISA maps a fast-evolving #cyberenvironment:
▶️ #ransomware decentralisation
▶️ #AI-driven #phishing
▶️ state-aligned espionage
▶️ industrialised #cybercrime.
Full report: www.enisa.europa.eu/publications...
October 13, 2025 at 7:10 AM
🛡️ ENISA Threat Landscape 2025 is out
Based on nearly 4,900 incidents across Europe, #ENISA maps a fast-evolving #cyberenvironment:
▶️ #ransomware decentralisation
▶️ #AI-driven #phishing
▶️ state-aligned espionage
▶️ industrialised #cybercrime.
Full report: www.enisa.europa.eu/publications...
Based on nearly 4,900 incidents across Europe, #ENISA maps a fast-evolving #cyberenvironment:
▶️ #ransomware decentralisation
▶️ #AI-driven #phishing
▶️ state-aligned espionage
▶️ industrialised #cybercrime.
Full report: www.enisa.europa.eu/publications...
Reposted by Étienne Hourdebaigt
Along with numerous orgs and individuals, I have signed on to an Open Letter to the 🇨🇦 Minister of AI raising serious concerns about the government's approach to AI strategy.
Details are here 👇
bccla.org/policy-submi...
Details are here 👇
bccla.org/policy-submi...
OPEN LETTER to the Minister of Artificial Intelligence and Digital Innovation from civil society organizations and individuals opposing "National Sprint" consultation on AI strategy - BC Civil Liberti...
The Honourable Mélanie JolyMinister of IndustryHouse of CommonsOttawa, OntarioK1A 0A6 The Honourable Evan SolomonMinister of Artificial Intelligence and Digital InnovationHouse of CommonsOttawa, Ontar...
bccla.org
November 3, 2025 at 8:32 PM
Along with numerous orgs and individuals, I have signed on to an Open Letter to the 🇨🇦 Minister of AI raising serious concerns about the government's approach to AI strategy.
Details are here 👇
bccla.org/policy-submi...
Details are here 👇
bccla.org/policy-submi...
"OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code."
thehackernews.com/2025/10/open...
thehackernews.com/2025/10/open...
OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically
OpenAI’s GPT-5 Aardvark scans, exploits, and patches software flaws autonomously—marking a leap in AI-driven cybersecurity.
thehackernews.com
November 3, 2025 at 8:28 AM
"OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code."
thehackernews.com/2025/10/open...
thehackernews.com/2025/10/open...
Reposted by Étienne Hourdebaigt
Everyone is talking about AI. It's obviously having a transformative impact across all sectors of society.
So how should the Canadian government approach it?
My interview with Yvonne Lau for the @financialpost.com
financialpost.com/technology/c...
So how should the Canadian government approach it?
My interview with Yvonne Lau for the @financialpost.com
financialpost.com/technology/c...
Canada isn't doing its part to stop AI government surveillance, UofT director says
Ronald Deibert says the ability of governments and criminal actors to surveil and target people is growing in scope thanks to AI. Read more.
financialpost.com
October 29, 2025 at 6:03 PM
Everyone is talking about AI. It's obviously having a transformative impact across all sectors of society.
So how should the Canadian government approach it?
My interview with Yvonne Lau for the @financialpost.com
financialpost.com/technology/c...
So how should the Canadian government approach it?
My interview with Yvonne Lau for the @financialpost.com
financialpost.com/technology/c...
"A trio of novel physical attacks raises new questions about the true security offered by these TEES and the exaggerated promises and misconceptions coming from the big and small players using them."
arstechnica.com/security/202...
arstechnica.com/security/202...
New physical attacks are quickly diluting secure enclave defenses from Nvidia, AMD, and Intel
On-chip TEEs withstand rooted OSes but fall instantly to cheap physical attacks.
arstechnica.com
October 30, 2025 at 9:31 AM
"A trio of novel physical attacks raises new questions about the true security offered by these TEES and the exaggerated promises and misconceptions coming from the big and small players using them."
arstechnica.com/security/202...
arstechnica.com/security/202...
Reposted by Étienne Hourdebaigt
In case you haven't had enough cyber for one day...
I'm re-upping my deep-dive blog on why ad-blockers are critical for your online security and privacy, and what threats they can help defend against. Plus, I run through some of the best ad blockers out there, for your browser and beyond.
I'm re-upping my deep-dive blog on why ad-blockers are critical for your online security and privacy, and what threats they can help defend against. Plus, I run through some of the best ad blockers out there, for your browser and beyond.
Why ad blockers are a top security and privacy defense for everyone
Ad blockers can help defend against some of the top hacks, scams, and surveillance today. Here are some of the best ad blockers that you can use.
this.weekinsecurity.com
October 23, 2025 at 10:34 PM
In case you haven't had enough cyber for one day...
I'm re-upping my deep-dive blog on why ad-blockers are critical for your online security and privacy, and what threats they can help defend against. Plus, I run through some of the best ad blockers out there, for your browser and beyond.
I'm re-upping my deep-dive blog on why ad-blockers are critical for your online security and privacy, and what threats they can help defend against. Plus, I run through some of the best ad blockers out there, for your browser and beyond.
Reposted by Étienne Hourdebaigt
Nvidia dit maintenant vouloir construire des centres de données pour l'IA dans l'espace, avec des panneaux solaires de 4km par 4km.
J'espère que les médias ne couvriront pas ceci avec crédulité, c'est absolument une farce. Ce n'est pas sérieux!
J'espère que les médias ne couvriront pas ceci avec crédulité, c'est absolument une farce. Ce n'est pas sérieux!
How Starcloud Is Bringing Data Centers to Outer Space
The NVIDIA Inception startup projects that space-based data centers will offer 10x lower energy costs and reduce the need for energy consumption on Earth.
blogs.nvidia.com
October 24, 2025 at 1:22 PM
Nvidia dit maintenant vouloir construire des centres de données pour l'IA dans l'espace, avec des panneaux solaires de 4km par 4km.
J'espère que les médias ne couvriront pas ceci avec crédulité, c'est absolument une farce. Ce n'est pas sérieux!
J'espère que les médias ne couvriront pas ceci avec crédulité, c'est absolument une farce. Ce n'est pas sérieux!
Reposted by Étienne Hourdebaigt
Google Cloud Platform was vulnerable to a HTTP desync attack leading to "responses being misrouted between recipients for certain third-party models". Aka your LLM response goes to someone else. The Expect header strikes again!
Context: http1mustdie.com
cloud.google.com/support/bull...
Context: http1mustdie.com
cloud.google.com/support/bull...
Security Bulletins | Customer Care | Google Cloud
cloud.google.com
October 24, 2025 at 1:11 PM
Google Cloud Platform was vulnerable to a HTTP desync attack leading to "responses being misrouted between recipients for certain third-party models". Aka your LLM response goes to someone else. The Expect header strikes again!
Context: http1mustdie.com
cloud.google.com/support/bull...
Context: http1mustdie.com
cloud.google.com/support/bull...
Reposted by Étienne Hourdebaigt
🧵 Signal introduit une avancée majeure pour son protocole de chiffrement : le Sparse Post Quantum Ratchet (SPQR), Ce mécanisme renforce le Signal Protocol face aux futures attaques quantiques, tout en conservant ses garanties existantes de secret antérieur (FS) et sécurité post-compromission (PCS).
In 2023, Signal was the first mainstream messenger to enable post-quantum cryptography. We’re still ahead of the (elliptical) curve, implementing a new hybrid PQ ratchet ensuring Forward Secrecy & Post-Compromise Security even in a post-quantum world. signal.org/blog/spqr/
Signal Protocol and Post-Quantum Ratchets
We are excited to announce a significant advancement in the security of the Signal Protocol: the introduction of the Sparse Post Quantum Ratchet (SPQR). This new ratchet enhances the Signal Protocol’s...
signal.org
October 2, 2025 at 7:23 PM
🧵 Signal introduit une avancée majeure pour son protocole de chiffrement : le Sparse Post Quantum Ratchet (SPQR), Ce mécanisme renforce le Signal Protocol face aux futures attaques quantiques, tout en conservant ses garanties existantes de secret antérieur (FS) et sécurité post-compromission (PCS).
Reposted by Étienne Hourdebaigt
NOW: US court permanently bans Pegasus spyware maker from hacking WhatsApp.
NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.
Bad news for NSO. Huge competitive disadvantage for the notorious company.
Big additional win for WhatsApp 1 /
NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.
Bad news for NSO. Huge competitive disadvantage for the notorious company.
Big additional win for WhatsApp 1 /
October 17, 2025 at 11:37 PM
NOW: US court permanently bans Pegasus spyware maker from hacking WhatsApp.
NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.
Bad news for NSO. Huge competitive disadvantage for the notorious company.
Big additional win for WhatsApp 1 /
NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.
Bad news for NSO. Huge competitive disadvantage for the notorious company.
Big additional win for WhatsApp 1 /
Reposted by Étienne Hourdebaigt
@reconmtl.bsky.social has uploaded the majority of the 2025 talks, including my talk on LSA. You can check it out at the below link if you'd like.
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Recon 2025 - The Finer Details of LSA Credential Recovery
YouTube video by Recon Conference
youtu.be
October 16, 2025 at 3:34 PM
@reconmtl.bsky.social has uploaded the majority of the 2025 talks, including my talk on LSA. You can check it out at the below link if you'd like.
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Reposted by Étienne Hourdebaigt
📑 Paper: "Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities"
Researchers just proved that Spectre + L1TF, long assumed "mitigated", can leak TLS keys from other VMs in real-world clouds (Google Cloud, AWS).
Full preprint paper: download.vusec.net/papers/rain_...
Researchers just proved that Spectre + L1TF, long assumed "mitigated", can leak TLS keys from other VMs in real-world clouds (Google Cloud, AWS).
Full preprint paper: download.vusec.net/papers/rain_...
download.vusec.net
October 2, 2025 at 8:03 PM
📑 Paper: "Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities"
Researchers just proved that Spectre + L1TF, long assumed "mitigated", can leak TLS keys from other VMs in real-world clouds (Google Cloud, AWS).
Full preprint paper: download.vusec.net/papers/rain_...
Researchers just proved that Spectre + L1TF, long assumed "mitigated", can leak TLS keys from other VMs in real-world clouds (Google Cloud, AWS).
Full preprint paper: download.vusec.net/papers/rain_...
📑 Paper: "Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities"
Researchers just proved that Spectre + L1TF, long assumed "mitigated", can leak TLS keys from other VMs in real-world clouds (Google Cloud, AWS).
Full preprint paper: download.vusec.net/papers/rain_...
Researchers just proved that Spectre + L1TF, long assumed "mitigated", can leak TLS keys from other VMs in real-world clouds (Google Cloud, AWS).
Full preprint paper: download.vusec.net/papers/rain_...
download.vusec.net
October 2, 2025 at 8:03 PM
📑 Paper: "Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities"
Researchers just proved that Spectre + L1TF, long assumed "mitigated", can leak TLS keys from other VMs in real-world clouds (Google Cloud, AWS).
Full preprint paper: download.vusec.net/papers/rain_...
Researchers just proved that Spectre + L1TF, long assumed "mitigated", can leak TLS keys from other VMs in real-world clouds (Google Cloud, AWS).
Full preprint paper: download.vusec.net/papers/rain_...
Reposted by Étienne Hourdebaigt
NEW: turns out the EU helped finance a bunch of spyware companies with..public money.
Extremely bad look.
Group of MEPs calls for action.👇
apache.be/2025/10/01/e...
Extremely bad look.
Group of MEPs calls for action.👇
apache.be/2025/10/01/e...
October 1, 2025 at 10:19 AM
NEW: turns out the EU helped finance a bunch of spyware companies with..public money.
Extremely bad look.
Group of MEPs calls for action.👇
apache.be/2025/10/01/e...
Extremely bad look.
Group of MEPs calls for action.👇
apache.be/2025/10/01/e...
Reposted by Étienne Hourdebaigt
I have often stated that well-implemented memory tagging will be a game changer for memory corruptions. And it seems that with the next iPhone it's finally here: security.apple.com/blog/memory-...
Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research
Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our adv...
security.apple.com
September 10, 2025 at 8:06 AM
I have often stated that well-implemented memory tagging will be a game changer for memory corruptions. And it seems that with the next iPhone it's finally here: security.apple.com/blog/memory-...
Reposted by Étienne Hourdebaigt
BREAK: Dutch chips company ASML buys an 11 percent stake in French AI company Mistral - in the biggest tech sovereignty deal in a while.
www.asml.com/en/news/pres...
www.asml.com/en/news/pres...
ASML, Mistral AI enter strategic partnership
www.asml.com
September 9, 2025 at 5:50 AM
BREAK: Dutch chips company ASML buys an 11 percent stake in French AI company Mistral - in the biggest tech sovereignty deal in a while.
www.asml.com/en/news/pres...
www.asml.com/en/news/pres...