On Thursday night, at the Paris Hotel in Las Vegas, Darpa held a $55 million hacking contest open only to bots. After the contest was underway, as these bots began hunting for security bugs planted inside seven supercomputers perched atop the ballroom stage, the agency revealed that some of these bugs were inspired by Internet history. It had planted security holes akin to 2014’s Heartbleed and the bug exploited by the 2003 SQL Slammer worm and the rather subtle and complex Crackaddr bug, also 2003.
Until now, anyone using the Google cloud platform, Google Compute Engine, was forced to use encryption keys generated by Google. Clearly this spooked a lot of people, and there have long been calls for users to be granted greater control of security.
Now this is happening -- users are able to provide their own encryption keys. Customer-Supplied Encryption Key (CSEK) are used to provide a second layer of security, on top of the Google-generated keys that are used by default.
The US government has a complicated relationship with Tor. While the US is the biggest funder of the non-profit that maintains the software, law enforcement bodies such as the FBI are exploiting Tor browser vulnerabilities on a huge scale to identify criminal suspects.
To add to that messy, nuanced mix, one Department of Justice official recently personally recommended Tor to a room of over a hundred federal judges.
US Department of Homeland Security (DHS) Secretary Jeh Johnson said the agency is "thinking about" bringing the country’s election system under its purview to guard it against cyberattacks, according to Federal News Radio. His comments came in the wake of the Democratic National Committee (DNC) breach.
“There is a vital national interest in our election process, so I do think we need to consider whether it should be considered by my department and others as critical infrastructure,” Johnson said.
Registry operator gen.xyz these week launched two new top-level Internet domains -- .security and .protection -- aimed at creating websites with higher security as well as a safer online experience for end users.
Registrants can use domains to reinforce a brand, organization name, service locations, or industry keywords, says Nils Decker, director of business development for gen.xyz.