An anonymous reader shares a CTech article with the caption: "A brilliantly executed operation." From the report: Years before the air strike that killed Ayatollah Ali Khamenei, Israeli intelligence had been quietly mapping the daily rhythms of Tehran. According to reporting by the Financial Times (paywalled), nearly all of the Iranian capital's traffic cameras had been hacked years earlier, their footage encrypted and transmitted to Israeli servers. One camera angle near Pasteur Street, close to Khamenei's compound, allowed analysts to observe the routines of bodyguards and drivers: where they parked, when they arrived and whom they escorted. That data was fed into complex algorithms that built what intelligence officials call a "pattern of life," detailed profiles including addresses, work schedules and, crucially, which senior officials were being protected and transported. The surveillance stream was one of hundreds feeding Israel's intelligence system, which combines signals interception from Unit 8200, human assets recruited by the Mossad and large-scale data analysis by military intelligence.

When US and Israeli intelligence determined that Khamenei would attend a Saturday morning meeting at his compound, the opportunity was judged unusually favorable. Two people familiar with the operation told the FT that US intelligence provided confirmation from a human source that the meeting was proceeding as planned, a level of certainty required for a target of such magnitude. Israeli aircraft, reportedly airborne for hours, fired as many as 30 precision munitions. The strike was carried out in daylight, which the Israeli military said created tactical surprise despite heightened Iranian alertness. The Financial Times reports that the assassination was a political decision as much as a technological feat. Even during last year's 12-day war, when Israeli strikes killed more than a dozen Iranian nuclear scientists and senior military officials and disabled air defences through cyber operations and drones, Israel did not attempt to kill Khamenei.

The capability to do so, however, had been built over decades. Former Mossad official Sima Shine told the FT that Israel's strategic focus on Iran dates back to a 2001 directive from then-prime minister Ariel Sharon instructing intelligence chief Meir Dagan to make the Islamic Republic the priority target. What distinguishes the latest operation, according to the FT, is the scale of automation. Target tracking that once required painstaking visual confirmation has increasingly been handled by algorithm-driven systems parsing billions of data points. One person familiar with the process described it as an "assembly line with a single product: targets." Further reading: America Used Anthropic's AI for Its Attack On Iran, One Day After Banning It

An anonymous reader quotes a report from Reuters: Indonesia has suspended TikTok's registration to provide electronic systems after it failed to hand over all data relating to the use of its live stream feature, a government official said on Friday. The suspension could in theory prevent access to TikTok, which has more than 100 million accounts based in Indonesia.

Alexander Sabar, an official at Indonesia's communications and digital ministry, said in a statement some accounts with ties to online gambling activities used TikTok's live stream feature during national protests. [...] Sabar said the government had asked the company for its traffic, streaming and monetization data. The company, owned by China's ByteDance, did not provide complete data, citing its internal procedures, Sabar said without giving further detail.

Cloudflare today announced a "Pay Per Crawl" program that allows website owners to charge AI companies for accessing their content, a potential revenue stream for publishers whose work is increasingly being scraped to train AI models. The system uses HTTP response code 402 to enable content creators to set per-request prices across their sites. Publishers can choose to allow free access, require payment at a configured rate, or block crawlers entirely.

When an AI crawler requests paid content, it either presents payment intent via request headers for successful access or receives a "402 Payment Required" response with pricing information. Cloudflare acts as the merchant of record and handles the underlying technical infrastructure. The company aggregates billing events, charges crawlers, and distributes earnings to publishers.

Alongside Pay Per Crawl, Cloudflare has switched to blocking AI crawlers by default for its customers, becoming the first major internet infrastructure provider to require explicit permission for AI access. The company handles traffic for 20% of the web and more than one million customers have already activated its AI-blocking tools since their September 2024 launch, it wrote in a blog post.

At the start of November Threads had 275 million members. But in 30 days it's apparently increased another 12%, reports The Verge: Threads has accrued over 35 million signups so far in November and is "going on three months with more than a million signups a day," Meta spokesperson Alec Booker told The Verge in an email today. 20 million of those signups have come since November 14th, as Axios notes...

At the same time, Bluesky has seen a surge of interest. The platform grew to 15 million users earlier this month and continued to add about a million signups per day for several days. It now sits at over 22 million users.
Dave Earley, audience editor at Guardian Australia, says that traffic to TheGuardian.com from BlueSky "is already 2x that of Threads." [T]hat's on a straight threads.net vs bsky.app referral comparison. BUT! 75-80% of tracked referral from owned Bluesky account posts is NOT being attributed to bsky.app, so I'm certain organic traffic would be undercounting by that much as well. By which I mean, I'm pretty sure traffic from bsky.app to theguardian.com is *significantly* higher than the very obvious 2x that of Threads.
That post was in response to one by a platform VP for the Boston Globe newspaper, who'd reported that traffic from Bluesky to bostonglobe.com "is already 3x that of Threads, and we are seeing 4.5x the conversions to paying digital subscribers."

And Axios notes that Bluesky's growth "has spurred inbound interest for a new investment round, just weeks after raising $15 million in Series A funding, per Axios' Dan Primack."

In response, Threads "rolled out a series of changes over the past week in what was seen as an attempt to keep an edge over Bluesky," reports The Hill: The changes included a new custom feed feature, which gives users the ability to build their feeds around the topics and people they are most interested in. Bluesky lets users make their own lists and feeds and set their own content moderation preferences. The platform also rolled out a few "long-overdue improvements" to its search and trending now features and its algorithm.

An anonymous Slashdot reader shared this report from CNET: Marking its 60th year on television, the British time-travel series will close out 2023 with one last anniversary special that arrives on Christmas Day. Ncuti Gatwa's Doctor helms the Tardis in The Church on Ruby Road, which centers on an abandoned baby who grows up looking for answers... Disney Plus will stream Doctor Who: The Church on Ruby Road on Monday, Dec. 25, at 12:55 p.m. ET (9:55 a.m. PT) in all regions except the UK and Ireland, where it will air on the BBC. In case you missed it, viewers can also watch David Tennant starring in the other three anniversary specials: The Star Beast, Wild Blue Yonder and The Giggle. All releases are available on Disney Plus.
But what's interesting is CNET goes on to explain "why a VPN could be a useful tool." Perhaps you're traveling abroad and want to stream Disney Plus while away from home. With a VPN, you're able to virtually change your location on your phone, tablet or laptop to get access to the series from anywhere in the world. There are other good reasons to use a VPN for streaming too. A VPN is the best way to encrypt your traffic and stop your ISP from throttling your speeds...

You can use a VPN to stream content legally as long as VPNs are allowed in your country and you have a valid subscription to the streaming service you're using. The U.S. and Canada are among the countries where VPNs are legal

An anonymous reader shared this report from CNN: The New York Police Department took social media influencer Kai Cenat into custody Friday and is considering charges such as "inciting a riot" after thousands-strong crowds gathered in Union Square for a giveaway, leaving multiple people arrested and several police officers injured.

Cenat, who has over 4 million followers on YouTube, over 5 million on Instagram, and 6.5 million on Twitch, said during a Wednesday Twitch stream that he would be hosting a "huge giveaway" Friday at 4 p.m. in Union Square Park. In the stream, he said they would be giving away computers, Play Station 5s, microphones, keyboards, webcams, gaming chairs, headphones and giftcards from a truck in Union Square. "I feel like New York really deserves it," he said.

Thousands of people began gathering at the park around 3 p.m., NYPD chief Jeffrey Maddrey said at a Friday news conference. "Soon the park and the surrounding streets were overrun with people, obstructing vehicular and pedestrian traffic," he said. The crowds spurred the NYPD to activate a "Level 4" response, its highest level of disaster response... "You had people walking around with shovels, axes, and other tools from the construction site," he said. "Individuals were also lighting fireworks, throwing them towards the police, they were throwing them towards each other...."

Several police officers were injured in the frenzy and "quite a few" people were arrested as police worked to clear the crowd, Maddery said... Cenat could be arrested and face charges for inciting a riot, the chief said. He said NYPD Police Commissioner Edward Caban and the city's legal team were discussing possible charges.
Police complained to CNN that the Twitch streamer "had not alerted the police to the gathering or obtained a permit, and it was declared an unlawful assembly."

Cenat streamed live on Twitch on Friday for some portion of the event, posting video from the crowd. In one video seemingly posted from inside a truck, he described the chaotic gathering, saying, "It's everybody for themselves. It's a war out there."

Chicken Soup for the Soul Entertainment, the parent company of Redbox, has partnered with TikTok to stream the platform's short-form videos on screens atop approximately 3,000 Redbox kiosks across the United States. Deadline reports: Third-party brands will also have their ads run alongside the TikTok videos via Chicken Soup's ad platform Crackle Connex. The agreement covers roughly 10% of the total network of Redbox kiosks, which are generally located outside of grocery, convenience and big box retail stores. The out-of-home ad deal is part of a growing effort across the industry to identify alternatives to linear TV and place brand messages in venues like gas stations, elevators and other locations. "TikTok is the go-to destination for short-form video consumption by over a billion people globally," said Philippe Guelton, chief revenue officer of Crackle Connex. "This new partnership provides advertisers a unique opportunity to reach new audiences and drive engagement. Our Redbox kiosks are in high-traffic locations where millions of people frequently shop, such as grocery stores or value retailers. We look forward to working with TikTok on expanding this partnership as our DOOH network expands."

Amazon CTO Werner Vogels, writes in a blog post: Software architectures are not like the architectures of bridges and houses. After a bridge is constructed, it is hard, if not impossible, to change the way it was built. Software is quite different, once we are running our software, we may get insights about our workloads that we did not have when it was designed. And, if we had realized this at the start, and we chose an evolvable architecture, we could change components without impacting the customer experience. My rule of thumb has been that with every order of magnitude of growth you should revisit your architecture, and determine whether it can still support the next order level of growth.

A great example can be found in two insightful blog posts written by Prime Video's engineering teams. The first describes how Thursday Night Football live streaming is built around a distributed workflow architecture. The second is a recent post that dives into the architecture of their stream monitoring tool, and how their experience and analysis drove them to implement it as a monolithic architecture. There is no one-size-fits-all. We always urge our engineers to find the best solution, and no particular architectural style is mandated. If you hire the best engineers, you should trust them to make the best decisions.

I always urge builders to consider the evolution of their systems over time and make sure the foundation is such that you can change and expand them with the minimum number of dependencies. Event-driven architectures (EDA) and microservices are a good match for that. However, if there are a set of services that always contribute to the response, have the exact same scaling and performance requirements, same security vectors, and most importantly, are managed by a single team, it is a worthwhile effort to see if combining them simplifies your architecture.

Evolvable architectures are something that we've taken to heart at Amazon from the very start. Re-evaluating and re-architecting our systems to meet the ever-increasing demands of our customers. You can go all the way back to 1998, when a group of senior engineers penned the Distributed Computing Manifesto, which put the wheels in motion to move Amazon from a monolith to a service-oriented architecture. In the decades since, things have continued to evolve, as we moved to microservices, then microservices on shared infrastructure, and as I spoke about at re:Invent, EDA.

A single computer chip has transmitted a record 1.84 petabits of data per second via a fibre-optic cable -- enough bandwidth to download 230 million photographs in that time, and more traffic than travels through the entire internet's backbone network per second. From a report: Asbjorn Arvad Jorgensen at the Technical University of Denmark in Copenhagen and his colleagues have used a photonic chip -- a technology that allows optical components to be built onto computer chips -- to divide a stream of data into thousands of separate channels and transmit them all at once over 7.9 kilometres.

First, the team split the data stream into 37 sections, each of which was sent down a separate core of the fibre-optic cable. Next, each of these channels was split into 223 data chunks that existed in individual slices of the electromagnetic spectrum. This "frequency comb" of equidistant spikes of light across the spectrum allowed data to be transmitted in different colours at the same time without interfering with each other, massively increasing the capacity of each core. Although data transfer rates of up to 10.66 petabits per second have been achieved before using bulky equipment, this research sets a record for transmission using a single computer chip as a light source. The technology could enable the creation of simple, single chips that can send vastly more data than existing models, slashing energy costs and increasing bandwidth. Journal reference: Nature, DOI: 10.1038/s41566-022-01082-z

Last week a headline in the Los Angeles Times proclaimed "Look! Up in the sky! It's an air taxi. They're coming to Los Angeles."

Even the British newspaper the Times took notice: Air taxis will be flying through the skies above Los Angeles in time for the summer Olympics of 2028 if city officials and entrepreneurs have their way.

A Silicon Valley company is the latest to claim that it is close to creating viable electric vehicles that can offer short hops above the traffic-choked streets for not much more than the cost of an Uber ride. Adam Goldstein, chief executive of Archer Aviation, told the Los Angeles Times that his vertical take-off aircraft, designed to travel 60 miles on a single charge at up to 150mph, would "completely change the way we live, the way we work", and could be flying within two years.
The Los Angeles Times cited estimates of $1 billion spent testing electric vertical takeoff and landing aircraft, known as eVTOL, just last year, and noted the "hundreds of companies competing" to build a new "transportation empire." And their opening paragraph paints the scene: Imagine avoiding that soul-crushing, hourlong slog — say from Santa Monica to downtown L.A. on a Tuesday morning. Instead, you hail a high-tech cab that will hop over the gridlock and get you there in nine minutes.... The promise of flying cars — for generations a Hollywood staple of a space-age future, from "The Jetsons" to "Blade Runner" — is finally becoming a reality, so much so that a Swedish company is already selling a single-passenger vehicle called Jetson 1. Los Angeles transportation officials are preparing for this new era and expect drone-like electric air taxis to be operational by the time the 2028 Summer Olympics roll around, if not far sooner....

While many detractors doubt that such travel will soon be viable, affordable or safe, the industry is working with cities to make the technology a reality in the next five years.
The Observer also noted that another eVTOL pioneer, Germany's Volocopter, plans to launch commercial service for its two-seat VoloCity aircraft in 2024 in Europe, with a four-seater by 2026. But are there possible downsides? In cities like New York, wealthy commuters are already taking helicopter rides on a regular basis, and complaints about helicopter noise have skyrocketed in recent years, prompting the city to introduce a bill last week to ban non-essential helicopter uses, such as sightseeing and short-distance travel, in parts of Manhattan.

eVTOLs are quieter than helicopters by design, but they are by no means silent.
Even the Los Angeles Times acknowledges "There are concerns about safety, quality of life and affordability." While a single air taxi may be relatively quiet, what happens when there is a constant stream of them coming in and out of a landing spot? Should there be nighttime restrictions on flights? Will this just be a means for the ultra-wealthy to buzz over poor neighborhoods to Dodger Stadium or Crypto.com Arena?
But the Times' article still drew angry letters to the editor, with one calling air taxis "a disaster waiting to happen." Instead of boosterism reporting and parroting industry marketing claims that these aircraft are some kind of a godsend, how about reporting on how many decibels these flying bubbles for the elite will blare onto the plebes below...? [T]he paper's naive reporting on the technology are disappointing.
They'd also called the Times' claim of $50-a-flight prices "fanciful" — and a second letter writer also expressed skepticism about that low estimated cost. "That reminds one of the outlandish initial promise we were given that the bullet train would cost $33 billion to build."

Boffins at two US universities have found that muting popular native video-conferencing apps fails to disable device microphones -- and that these apps have the ability to access audio data when muted, or actually do so. The research is described in a paper titled, "Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing App." The Register reports: Among the apps studied -- Zoom (Enterprise), Slack, Microsoft Teams/Skype, Cisco Webex, Google Meet, BlueJeans, WhereBy, GoToMeeting, Jitsi Meet, and Discord -- most presented only limited or theoretical privacy concerns. The researchers found that all of these apps had the ability to capture audio when the mic is muted but most did not take advantage of this capability. One, however, was found to be taking measurements from audio signals even when the mic was supposedly off. "We discovered that all of the apps in our study could actively query (i.e., retrieve raw audio) the microphone when the user is muted," the paper says. "Interestingly, in both Windows and macOS, we found that Cisco Webex queries the microphone regardless of the status of the mute button." They found that Webex, every minute or so, sends network packets "containing audio-derived telemetry data to its servers, even when the microphone was muted."

This telemetry data is not recorded sound but an audio-derived value that corresponds with the volume level of background activities. Nonetheless, the data proved sufficient for the researchers to construct an 82 per cent accurate background activity classifier to analyze the transmission and infer the likely activity among six possibilities -- e.g. cooking, cleaning, typing, etc. -- in the room where the app is active. Worse still from a security standpoint, while other apps encrypted their outgoing data stream before sending it to the operating system's socket interface, Webex did not. "Only in Webex were we able to intercept plaintext immediately before it is passed to the Windows network socket API," the paper says, noting that the app's monitoring behavior is inconsistent with the Webex privacy policy. The app's privacy policy states Cisco Webex Meetings does not "monitor or interfere with you your [sic] meeting traffic or content." After the researchers reached out about their findings, Cisco altered Webex so it no longer transmits microphone telemetry data. "Cisco is aware of this report, and thanks the researchers for notifying us about their research," said a Cisco spokesperson. "Webex uses microphone telemetry data to tell a user they are muted, referred to as the 'mute notification' feature. Cisco takes the security of its products very seriously, and this is not a vulnerability in Webex."

An anonymous reader writes: The operator of YouTube rippers FLVTO.biz and 2conv.com has announced that he will appeal the piracy verdict, where the RIAA won $83 million in damages. According to his attorneys, the legal process has gone off the rails, as the music companies didn't have to prove a single instance of copyright infringement. More context on the verdict, from TorrentFreak: Last October, the RIAA secured a major victory in its piracy lawsuit against YouTube-rippers FLVTO.biz and 2conv.com and their Russian operator Tofig Kurbanov. A Virginia federal court issued a default judgment in favor of several prominent music companies after the defendant walked away from the lawsuit. According to the order, there is a clear need to deter the behavior of Kurbanov who failed to hand over evidence including server logs. "A less drastic sanction is unlikely to salvage this case," the judge wrote.

Following this win, the RIAA asked for an injunction to stop the sites' worldwide stream-ripping activities. In addition, the music group demanded nearly $83 million in damages. Both of these requests were taken up in a report and recommendation issued by Magistrate Judge Buchanan last December. "Defendant's Websites caused the Plaintiffs to lose profits and streaming revenue because of the enormous internet traffic to and use of the Websites' stream-ripping functions," Judge Buchanan wrote. Mr. Kurbanov's legal team opposed this recommendation, arguing that the music companies failed to provide evidence that any infringing activity actually took place in the United States. Also, if the court believes that damages are appropriate, they should be substantially lower. The RIAA predictably disagreed and asked the court to stay the course and take over the recommendation. After weighing the positions from both sides, that's exactly what happened.

ISPs around the world claim the unprecedented bandwidth demands Netflix's Squid Game is placing on their broadband networks means they should be getting more money. From a report: But experts say that's not how telecom networks work, suggesting that already cash-flush telecom giants are just positioning themselves for an underserved hand out. The popular South Korean thriller, a not so thinly-veiled critique of late-stage capitalism, tracks a group of indebted people who compete in deadly children's games for cash. According to Netflix, Squid Game is the most popular show in company history, the number one program in 94 countries, and has been watched by 142 million households. ISPs around the world also claim the show's popularity is driving a massive surge in bandwidth consumption, and they want their cut.

In South Korea, Internet service provider SK Broadband sued Netflix earlier this month, claiming that between May and September the ISP's network traffic jumped 24 times to 1.2 trillion bits of data processed every second. This surge is Netflix's fault, the ISP insists, and Netflix should be held financially responsible. In the UK, British Telecom executives have been making similar complaints, insisting that Netflix should be forced to help pay for the surge in network traffic caused by the show. But broadband experts say that's not how broadband networks actually work. "It makes no sense for ISPs to cry victim because they provide a popular service, and are expected to provide it," John Bergmayer, telecom expert at consumer group Public Knowledge told Motherboard. "People subscribe to broadband to do things like stream video, and it's broadband customers who are requesting all these Squid Game streams. They are not somehow imposed on ISPs by Netflix."

An anonymous reader quotes a report from Ars Technica: DDoS mitigation provider Netscout said on Wednesday that it has observed DDoS-for-hire services adopting a new amplification vector. The vector is the Datagram Transport Layer Security, or D/TLS, which (as its name suggests) is essentially the Transport Layer Security for UDP data packets. Just as TLS prevents eavesdropping, tampering, or forgery of TLS packets, D/TLS does the same for UDP data. DDoSes that abuse D/TLS allow attackers to amplify their attacks by a factor of 37. Previously, Netscout saw only advanced attackers using dedicated DDoS infrastructure abusing the vector. Now, so-called booter and stressor services -- which use commodity equipment to provide for-hire attacks -- have adopted the technique. The company has identified almost 4,300 publicly reachable D/LTS servers that are susceptible to the abuse.

The biggest D/TLS-based attacks Netscout has observed delivered about 45Gbps of traffic. The people responsible for the attack combined it with other amplification vectors to achieve a combined size of about 207Gbps. [...] The 4,300 abusable D/TLS servers are the result of misconfigurations or outdated software that causes an anti-spoofing mechanism to be disabled. While the mechanism is built in to the D/TLS specification, hardware including the Citrix Netscaller Application Delivery Controller didn't always turn it on by default. Citrix has more recently encouraged customers to upgrade to a software version that uses anti-spoofing by default.

Besides posing a threat to devices on the Internet at large, abusable D/TLS servers also put organizations using them at risk. Attacks that bounce traffic off one of these machines can create full or partial interruption of mission-critical remote-access services inside the organization's network. Attacks can also cause other service disruptions. Netscout's Hummel and Dobbins said that the attacks can be challenging to mitigate because the size of the payload in a D/TLS request is too big to fit in a single UDP packet and is, therefore, split into an initial and non-initial packet stream.

A week after popular audio chatroom app Clubhouse said it was taking steps to ensure user data couldn't be stolen by malicious hackers or spies, at least one attacker has proven the platform's live audio can be siphoned. From a report: An unidentified user was able to stream Clubhouse audio feeds this weekend from "multiple rooms" into their own third-party website, said Reema Bahnasy, a spokeswoman for Clubhouse. While the company says it's "permanently banned" that particular user and installed new "safeguards" to prevent a repeat, researchers contend the platform may not be in a position to make such promises. Users of the invitation-only iOS app should assume all conversations are being recorded, the Stanford Internet Observatory, which was first to publicly raise security concerns on Feb. 13, said late Sunday. "Clubhouse cannot provide any privacy promises for conversations held anywhere around the world," said Alex Stamos, director of the SIO and Facebook's former security chief. Stamos and his team were also able to confirm that Clubhouse relies on a Shanghai-based startup called Agora to handle much of its back-end operations. While Clubhouse is responsible for its user experience, like adding new friends and finding rooms, the platform relies on the Chinese company to process its data traffic and audio production, he said.

Threat actors have discovered a way to bounce and amplify junk web traffic against Citrix ADC networking equipment to launch DDoS attacks. From a report: While details about the attackers are still unknown, victims of these Citrix-based DDoS attacks have mostly included online gaming services, such as Steam and Xbox, sources have told ZDNet earlier today. The first of these attacks have been detected last week and documented by German IT systems administrator Marco Hofmann. Hofmann tracked the issue to the DTLS interface on Citrix ADC devices. DTLS, or Datagram Transport Layer Security, is a more version of the TLS protocol implemented on the stream-friendly UDP transfer protocol, rather than the more reliable TCP. Just like all UDP-based protocols, DTLS is spoofable and can be used as a DDoS amplification vector.

Netflix is cutting back on the bandwidth it takes to stream videos to members in the European Union after a European Commission member voiced concerns over network strain. From a report: "Following the discussions between Commissioner Thierry Breton and Reed Hastings -- and given the extraordinary challenges raised by the coronavirus -- Netflix has decided to begin reducing bit rates across all our streams in Europe for 30 days," a Netflix spokesperson told Protocol. "We estimate that this will reduce Netflix traffic on European networks by around 25 percent while also ensuring a good quality service for our members."

Mozilla has announced that NextDNS would be joining Cloudflare as the second DNS-over-HTTPS (DoH) provider inside Firefox. From a report: The browser maker says NextDNS passed the conditions imposed by its Trusted Recursive Resolver (TRR) program, and can now be added as a second option for DoH inside Firefox. These conditions include (1) limiting the data NextDNS collects from the DoH server used by Firefox users; (2) being transparent about the data they collect; and (3) promising not to censor, filter, or block DNS traffic unless specifically requested by law enforcement.

DNS-over-HTTPS, or DoH, is a new feature that was added to Firefox last year. When enabled, it encrypts DNS traffic coming in and out of the browser. DNS traffic is not only encrypted but also moved from port 53 (for DNS traffic) to port 443 (for HTTPS traffic), effectively hiding DNS queries and replies inside the browser's normal stream of HTTPS content. This encrypted DNS traffic reaches a so-called DoH resolver. Here, the DoH traffic is decrypted and the DoH resolver makes the DNS query on the user's behalf, receives the result, encrypts it, and sends it back to the user's browser -- also disguised inside encrypted HTTPS content.

Fortinet, a vendor of cyber-security products, took between 10 and 18 months to remove a hardcoded encryption key from three products that were exposing customer data to passive interception. From a report: The hardcoded encryption key was found inside the FortiOS for FortiGate firewalls and the FortiClient endpoint protection software (antivirus) for Mac and Windows. These three products used a weak encryption cipher (XOR) and hardcoded cryptographic keys to communicate with various FortiGate cloud services. The hardcoded keys were used to encrypt user traffic for the FortiGuard Web Filter feature, FortiGuard AntiSpam feature, and FortiGuard AntiVirus feature. A threat actor in a position to observe a user or a company's traffic would have been able to take the hardcoded encryption keys and decrypt this weakly encrypted data stream.

Google has announced plans to test the new DNS-over-HTTPS (DoH) protocol inside Google Chrome starting with v78, scheduled for release in late October this year. From a report: The DNS-over-HTTPS protocol works by sending DNS requests to special DoH-compatible DNS resolvers. The benefit comes from the fact that DNS requests are sent via port 443, as encrypted HTTPS traffic, rather than cleartext, via port 53. This hides DoH requests in the unending stream of HTTPS traffic that moves across the web at any moment of the day and prevents third-party observers from tracking users' browsing histories by recording and looking at their unencrypted DNS data. The news that Google is looking into testing DoH in Chrome comes just as Mozilla announced plans over the weekend to gradually enable DoH by default for a small subset of users in the US later this month.