[ad_1]
Security researcher "Elliot Alderson" (aka Baptiste Robert) discovered that checking the email address of Cha was not as strict as it should be. He managed to register simply by tying an address @ elysee.fr (the presidential palace) at the end of the e-mail address that he was planning to use: he sent the validation mail to his real account. From there, he could attend public discussions and theoretically start conversations with officials.
It will not be a problem for the future. The researcher contacted both the government and Matrix, the team behind the Riot open source software at the heart of Tchap. Matrix corrected the problem just in time for the launch, thus avoiding potential annoyance.
DINSIC, the French government's digital agency, has promised that Tchap will benefit from a "continuous improvement" in security and functionality. The last minute fix was proof of this approach and it was planned to launch a bug bonus program to entice security experts. You may not see that managers are transferring much of their discussion to the application in the near future. Whether they do it or not, it could help officials to get rid of classic applications such as Telegram (one of President Macron's favorite) and to reduce the risk of intrusion of officials by officials. intruder.
[ad_2]
Source link