Prudence ⚓ Fortitude
This website is operated by Marc Moisan (me
) and reports on any vulnerability to my website are most welcome.
If you learn of a security breach, or a possible exploit that could affect my website, please contact me, I will investigate legitimate reports from security researchers and make every effort to quickly resolve any vulnerability. I would also appreciate any suggestions or recommendations on what I should do to correct the reported issues. While no monetary rewards is promised, any report that ultimately result in prevention of any breach or exploit against my website will be looked favorably towards a reward.
In Canada, fraudulently obtaining any computer service or intercepting any function of a computer system is a criminal offence. The use of a computer system with intent to commit such an offence and the use or possession of a computer password to enable such an offence also constitute a criminal offence.[1] I would personally consider accidental, good faith trespasses to be permissible as long as there is no privacy violations, destruction of data, interruption or degradation of services. However, the server where my website resides is not owned by me, it is operated by 7081936 Canada Inc., which trades under the name Web Hosting Canada, as such it isn't within my authority to permit access and they may choose to initiate a complaint to law enforcement for any unauthorized access to their computer system.
A major incident occurred in the morning of 28 August 2021 at the Montreal data centre where the server hosting my website was located. It appears that an individual with a third-party service provider used their privileged account access to connect to one of the management portals and without authorization, initiated server re-imaging on some of the backup servers, then on some of the production servers.[2] This resulted in the server having both its local storage and its external backup storage heavily damaged. My website was among the most affected accounts. The individual responsible was identified and it was confirmed the incident was not a ransomware attack and there is no indication that data of any kind was ever downloaded, exported, shared, or exposed.[3]
Because there has been evidence that the capabilities and activities of attackers are greater and more pervasive than previously known, the Internet Architecture Board now believes it is important to make encryption the norm for Internet traffic.[4] Consequently, my website has a certificate issued by Let's Encrypt and it is capable of establishing a TLSv1.3[5] connection that has been secured for hypertext text transfer protocol communication. This should give visitors of my website the assurance of authentication (truly my website), confidentiality (no eavesdropping), and integrity (not tampered with).
Major Incident: What happened?(https://whc.ca/blog/major-incident-what-happened/ : 30 August 2021).
Statement - Where are we now? (As of Sept 2)(https://whc.ca/blog/statement-where-are-we-now/ : 2 September 2021).
Statement on Internet Confidentiality(https://datatracker.ietf.org/doc/statement-iab-statement-on-internet-confidentiality/ : 13 November 2014).
The Transport Layer Security (TLS) Protocol Version 1.3,RFC 8446 (August 2018).