We find it unacceptable for the government to try to sue someone who is there to help themPatrick Matthew, computer security expert and co-founder of Hackfest, a community of thousands of experts ready to help government or organizations discover cybersecurity flaws, interacts.
In a message to its community posted on Tuesday, Hackfest announced that
He no longer helps the Quebec government […] So that the process of detecting vulnerabilities is clearly, formally and responsible.
The majority of people in our community work in safety, are professionals, have families… We cannot put them at risk because they wanted to help the government.
Radio-Canada revealed Tuesday that the computer scientist who set off the alert after discovering a flaw in the VaxiCode app that allowed the creation of true-false QR codes, has offered his help to the government multiple times. However, he asked in return to ensure that he would not be subjected to criminal prosecution.
But Quebec did not accept his request, despite comments to the contrary from the minister responsible for the government’s digital transformation, Eric Kaer.
Instead, Cabinet Secretary Eric Kayer accused the computer scientist of
forgery The file was sent to Crédit de Quebec, according to the minister’s press secretary, Nathalie Saint-Pierre.
If he hadn’t come out in public, maybe we’d cooperateShe said.
On Tuesday, Minister Cairo made a point on Twitter.
No complaint was filed against Lewis after his warning. QR code spoofing investigations are underway, but let’s be clear: We want to work and collaborate with responsible citizens and cybersecurity experts.
A computer scientist turned to Radio Canada to expose his discovery. This computer scientist identifies himself as a
white hat (White Hat), qualified for bona fide hackers.
If he’s not worried by the police, then it’s not the case for other hackers who have downloaded QR codes for characters including Prime Minister François Legault. A government source confirmed that a complaint against them has already been lodged with the police.
“We have asked General Security to continue these investigations,” Health Minister Christian Dube told a news briefing on Tuesday.
Eric Cairo is under fire from critics
May discourage future detections [pour] Improving the information systems of the Government of QuebecAnswered Steve Waterhouse, a former IT security officer at the Department of Defense and lecturer in cybersecurity at the University of Sherbrooke.
The minister could have guaranteed him immunity, MP Martin Ole, Parliamentary Leader of the Quebecoa Party, regrets.
It gives immunity to anyone who wants to help him, adds Quebec Solidere member Vincent Marisal, spokesperson for ethics and health.
The government has everything wrong. […] Eric Kaer failed his exam and now attacks the corrector.
In one of the emails he exchanged with the Government Cyber Defense Center, the whistleblower urged the government to emulate France and create a program
bug bonus To reward people who find cybersecurity violations, instead of threatening them.
According to our information, the government is working on a program that enables detection of this type of defect without fear of prosecution. A detailed announcement could be made on Wednesday.
Eric Kaer is ready to collaborate with him pirates ImproverHealth Minister Christian Dube said.
We are very open to that.
In collaboration with Sébastien Bovet and Camille Carpentier.
“Subtly charming problem solver. Extreme tv enthusiast. Web scholar. Evil beer expert. Music nerd. Food junkie.”