Shall We Play A Game ? Yes We Shall ⠵

Yes We Hack is proud to be platinium Sponsor for the 15th “la Nuit du Hack” next June 24 & 25 \o/

The forthcoming Nuit Du Hack is about to gather more than 2000 people from all over Europe !

Check the schedule !

☠ ☠ ☠

A bit of History :

Originally, la Nuit du Hack was created by Paulo Pinto aKa CrashFR.

“La Nuit Du Hack” is one of the oldest French underground hackers’ event which bring together, professionals and amateurs of any skill level, around lectures and challenges.

At the very beginning of la Nuit du Hack in 2003, the budget was lower than 1 k€.

Started with 20 persons, the event never stopped growing up by gathering more and more people from amateurs to professionals.

Now, it has reached 170 k€ thanks to the HackerzVoice Team, Géraldine and almost 100 volunteers 🙂

+ Read More

European Regulation for the Protection of Personal Data and Data Security


By

Eric A. Caprioli, Attorney Admitted to Practice Before Court of Appeals, Juris Doctor, Member of French Delegation to United Nations
&
Isabelle Cantero, Associate (Caprioli & Associés), Lead for Privacy and Personal Data Practice


The European Regulation for the Protection of Personal Data (GDPR) was adopted on April 27, 2016 after 4 years of involved negotiations. Being a directly applicable regulation in each of the Member States (that is, not requiring a national law to implement), it should enable the harmonization of the statutes having to do with the protection of personal data within the European Union and bring the principles of protection into line with the realities of the digital era. It will go into effect on May 25, 2018. For many companies, these new provisions will involve costs related to the investment required to bring their current tools or procedures into compliance with the new rules.

Single Flexible Protective Statute for All EU Member States

The regulation is applicable to every entity in the private and the public sectors. It applies to the issues of Big Data, profiling, Cloud Computing, security of transborder data traffic, data portability when changing service providers… These issues are to be placed alongside the new advance protection principles (privacy by design or by default), analysis-based protection (impact assessment), documented protection (mandatory documentation serving as evidence of statutory compliance), cascading protection (processor liability and the possibility of joint liability), and stronger protection (rights of individuals and consent). And finally, the accountability principle (i. e. the obligation to prove statutory compliance of how personal information is being handled).

As far as stronger protection for the rights of individuals in concerned, consent should be the focus since it should never be implicit or general and it must be provable (documented and traceable) by the controller. Further, in addition to the conventional rights of individuals, such as access, correction/deletion and objection, the GDPR creates new rights (limitation on data processing, portability, etc.).

As for sanctions handed down by the enforcement authority  (CNIL), it should already be noted that they could be as high as EUR 3 million pursuant to the Digital Republic legislation of October 2016 but with GDPR, for violations of obligations set forth in matters of individual rights they could go all the way to 4% of global revenues, or EUR 20 million. For violations of other obligations prescribed by GDPR, the fines could be as high as 2% of global revenue, or EUR 10 million.

And to round off this brief summary of the changes, the current Ombudsperson for IT and Freedoms (optional designation) will be replaced by a Data Protection Officer whose functions will clearly be broader. This designation is mandatory under certain conditions: in a Government body or authority, whenever data processing enables regular and systematic large-scale monitoring of individuals, whenever sensitive or criminal record information is being processed on a large scale, or whenever required by Union or Member State law.

Personal Data Protection Core Security

+ Read More

Interview of Gilles Cadignan – CEO & Co-Founder of Woleet

First of all, can you introduce us to Woleet?

Woleet.io was founded in Rennes in 2016. Woleet is a data anchoring platform using the Bitcoin blockchain. To sum up, we provide a SaaS platform that receives digital fingerprints of data and proceeds to anchor them in Bitcoin by linking these fingerprints to a transaction having a certain date. To achieve this, Woleet builds a cryptographic structure that allows multiple fingerprints to be put together in a single transaction.

The use of Woleet has many benefits:

+ Read More

YesWeHack is now member of FNTC’s business incubator

YesWeHack is now an official member of FNTC (The Federation of the Digital Trusted Third Parties) ‘s business incubator.

We, YesWeHack, were used to mentioning during our conferences the real need for building trust for our Bug bounty platform namely YesWeHack and this membership is a milestone for our company.

The FNTC Board met in December to validate our application to its business incubator.

Thanks to the FNTC Board for having accepted us in its business incubator.

+ Read More

ZeroDisclo.com : IT Security Researchers finally Protected

In constant contact with its community of security researchers, YesWeHack has noted that it is complex for a security researcher and therefore, for a whistle-blower to report security flaws -in a  coordinated way – to impacted organizations. Especially if those organizations do not have a Bug Bounty program registered on YesWeHack.com!

Vulnerability discoverers often experience difficulties on how to report them to the organizations concerned without disclosing them to a third party and unfortunately direct contact with companies constitutes a legal risk.

A long-time partner of the security research community through its founders, YesWeHack launches ZeroDisclo.com.

This platform provides the technical means and the required environment for all to adopt the coordinated reporting of vulnerabilities commonly known as “Coordinated Vulnerability Disclosure“.

+ Read More

1 2 3 4