AT&T has signed a $1 billion multi-year deal with Corning to acquire fiber and connectivity solutions. Reuters reports: With the U.S. wireless market facing a slowdown, telecom companies such as AT&T and rival Verizon have doubled down on their high-speed internet businesses, an area that has long been dominated by broadband companies such as Comcast. Demand has also been growing for AT&T's plans that allow customers to combine its high-speed fiber data with its wireless phone service for a discount. In the third quarter, AT&T reported 28.3 million fiber passings, or the number of potential customer locations a fiber network passes by. It remains on track to pass more than 30 million fiber passings by the end of 2025.

"Google essentially disappeared us from the internet," says the couple who created price-comparison site Foundem in 2006. Google's search results for "price comparison" and "comparison shopping" buried their site — for more than three years.

Today the BBC looks at their 15-year legal battle, which culminated with a then record €2.4 billion fine (£2 billion or $2.6 billion) for Google, which was deemed to have abused its market dominance. The case has been hailed as a landmark moment in the global regulation of Big Tech. Google spent seven years fighting that verdict, issued in June 2017, but in September this year Europe's top court — the European Court of Justice — rejected its appeals.

Speaking to Radio 4's The Bottom Line in their first interview since that final verdict, Shivaun and Adam explained that at first, they thought their website's faltering start had simply been a mistake. "We initially thought this was collateral damage, that we had been false positive detected as spam," says Shivaun, 55. "We just assumed we had to escalate to the right place and it would be overturned...." The couple sent Google numerous requests to have the restriction lifted but, more than two years later, nothing had changed and they said they received no response. Meanwhile, their website was "ranking completely normally" on other search engines, but that didn't really matter, according to Shivaun, as "everyone's using Google".

The couple would later discover that their site was not the only one to have been put at a disadvantage by Google — by the time the tech giant was found guilty and fined in 2017 there were around 20 claimants, including Kelkoo, Trivago and Yelp... In its 2017 judgement, the European Commission found that Google had illegally promoted its own comparison shopping service in search results, whilst demoting those of competitors... "I guess it was unfortunate for Google that they did it to us," Shivaun says. "We've both been brought up maybe under the delusion that we can make a difference, and we really don't like bullies."

Even Google's final defeat in the case last month did not spell the end for the couple. They believe Google's conduct remains anti-competitive and the EC is looking into it. In March this year, under its new Digital Markets Act, the commission opened an investigation into Google's parent company, Alphabet, over whether it continues to preference its own goods and services in search results... The Raffs are also pursuing a civil damages claim against Google, which is due to begin in the first half of 2026. But when, or if, a final victory comes for the couple it will likely be a Pyrrhic one — they were forced to close Foundem in 2016.
A spokesperson for Google told the BBC the 2024 judgment from the European Court of Justice only relates to "how we showed product results from 2008-2017. The changes we made in 2017 to comply with the European Commission's Shopping decision have worked successfully for more than seven years, generating billions of clicks for more than 800 comparison shopping services.

"For this reason, we continue to strongly contest the claims made by Foundem and will do so when the case is considered by the courts."

NoWayNoShapeNoForm writes: OpenVault believes that data caps on broadband are not a problem because most people do not exceed their existing data caps. OpenVault contends that people that do exceed their broadband data caps are simply being forgetful — leaving a streaming device on 24x7, or deploying unsecure WiFi access points, or reselling their service within an apartment building.

Yes, there may be some ISPs that have older networks that they have not upgraded. Or maybe they are unable to increase network capacity in "the middle mile" of their networks, but the Covid pandemic certainly encouraged many ISPs to upgrade their networks and capacity while many ISPs that had broadband data caps ended that feature.

Perhaps the biggest problem, according to OpenVault, is that most broadband users do not really have any idea how much bandwidth they "consume" every month. If Internet access is a service that people want to treat as a "utility", then you have to ask, Would they keep the water running after finishing their shower?
In the article Ookla's VP of Smart Communities adds that "Scrolling through social media feeds for hours can 'push' hundreds of videos to the user, many of which may be of no interest — they just start running." So the main driver for usage-based billing wasn't to increase revenue, OpenVault CEO Mark Trudeau tells the site, but to "balance the network a little more..." (Though he then also adds that sometimes a subscriber could also be reselling broadband service in their apartment building, "And that's not even legal.")

"If one or two customers on a given node is causing issues for 300 others, where those 300 are not getting the service that they paid for, then that's a problem right?" he said.

Having said that, the article also points out that "Many major fiber providers, like AT&T, Frontier, Google Fiber and Verizon Fios, don't have data caps at all."

Former Nvidia engineer Luke Durant, working with the Great Internet Mersenne Prime Search (GIMPS), recently discovered the largest known prime number: (2^136,279,841)-1 or M136279841 (where the number following the letter M represents the exponent). The achievement was detailed on Mersenne.org. Tom's Hardware reports: This is the largest prime number we've seen so far, with the last one, M82589933, being discovered six years prior. What makes this discovery particularly fascinating is that this is the first GIMPS discovery that used the power of data center GPUs. Mihai Preda was the first one to harness GPU muscle in 2017, says the GIMPS website, when he "wrote the GpuOwl program to test Mersenne numbers for primarilty, making his software available to all GIMPS users." When Luke joined GIMPS in 2023, they built the infrastructure needed to deploy Preda's software across several GPU servers available in the cloud.

While it took a year of testing, Luke's efforts finally bore fruit when an A100 GPU in Dublin, Ireland gave the M136279841 result last October 11. This was then corroborated by an Nvidia H100 located in San Antonio, Texas, which confirmed its primality with the Lucas-Lehmer test.

The Browser Company is developing a new, much simpler browser distinct from Arc, which has proven too complex for mainstream adoption despite a strong following among power users. The Verge's David Pierce reports: Arc is not dying, [says CEO Josh Miller]. He says that over and over, in fact, even after I tell him the YouTube video the company just released sounds like the thing companies say right before they kill a product. It's just that Arc won't change much anymore. It'll get stability updates and bug fixes, and there's a team at The Browser Company dedicated to those. "In that sense," Miller says, "it feels like a complete-ish product." Most of the team's energy and time will now be dedicated to starting from scratch. "Arc was basically this front-end, tab management innovation," Miller says. "People loved it. It grew like a weed. Then it started getting slow and started crashing a lot, and we felt bad, and we had to learn how to make it fast. And we kind of lost sight, in some ways, of the fact that we've got to do the operating system part."

The plan this time is to build not just a different interface for a browser, but a different kind of browser entirely -- one that is much more proactive, more powerful, more AI-centric, more in line with that original vision. Call it the iPhone of web browsers, or the "internet computer," or whatever other metaphor you like. The idea is to turn the browser into an app platform. Miller still wants to do it, and he wants to do it for everyone. What does that look like? Miller is a bit vague on the details. The new browser, which Miller intimates could launch as soon as the beginning of next year, is designed to come with no switching costs, which means among other things that it will have horizontal tabs and fewer ideas about organization. The idea is to "make the first 90 seconds effortless" in order to get more people to switch. And then, slowly, to reveal what this new browser can do.

An anonymous reader quotes a report from Ars Technica: Earlier this year, we reported on the video game archivists asking for a legal DMCA exemption to share Internet-accessible emulated versions of their physical game collections with researchers. Today, the US Copyright Office announced once again that it was denying that request, forcing researchers to travel to far-flung collections for access to the often-rare physical copies of the games they're seeking.

In announcing its decision, the Register of Copyrights for the Library of Congress sided with the Entertainment Software Association and others who argued that the proposed remote access could serve as a legal loophole for a free-to-access "online arcade" that could harm the market for classic gaming re-releases. This argument resonated with the Copyright Office despite a VGHF study that found 87 percent of those older game titles are currently out of print. "While proponents are correct that some older games will not have a reissue market, they concede there is a 'healthy' market for other reissued games and that the industry has been making 'greater concerted efforts' to reissue games," the Register writes in her decision. "Further, while the Register appreciates that proponents have suggested broad safeguards that could deter recreational uses of video games in some cases, she believes that such requirements are not specific enough to conclude that they would prevent market harms."

A DMCA exemption for remote sharing already exists for non-video-game computer software that is merely "functional," as the Register notes. But the same fair use arguments that allow for that sharing don't apply to video games because they are "often highly expressive in nature," the Register writes. In an odd footnote, the Register also notes that emulation of classic game consoles, while not infringing in its own right, has been "historically associated with piracy," thus "rais[ing] a potential concern" for any emulated remote access to library game catalogs. That footnote paradoxically cites Video Game History Foundation (VGHF) founder and director Frank Cifaldi's 2016 Game Developers Conference talk on the demonization of emulation and its importance to video game preservation. "The moment I became the Joker is when someone in charge of copyright law watched my GDC talk about how it's wrong to associate emulation with piracy and their takeaway was 'emulation is associated with piracy,'" Cifaldi quipped in a social media post.

Cable companies, advertising firms, and newspapers are asking courts to block a federal "click-to-cancel" rule that would force businesses to make it easier for consumers to cancel services. From a report: Lawsuits were filed yesterday, about a week after the Federal Trade Commission approved a rule that "requires sellers to provide consumers with simple cancellation mechanisms to immediately halt all recurring charges."

Cable lobby group NCTA-The Internet & Television Association and the Interactive Advertising Bureau trade group sued the FTC in the conservative US Court of Appeals for the 5th Circuit. The lawsuit claims the 5th Circuit is a proper venue because a third plaintiff, the Electronic Security Association, has its principal offices in Dallas. That group represents security companies such as ADT.

penciling_in writes: Pat Kane, Senior VP at Verisign, reports that on October 20th, ICANN and Verisign renewed the agreement under which Verisign will continue to act as Root Zone Maintainer for the Domain Name System (DNS) for another 8-year term. "The Root Zone sits atop the hierarchical architecture of the DNS and is essential to virtually all internet navigation, acting as the dynamic, cryptographically secure, global directory of all top-level domains that exist in the DNS. The Root Zone Maintainer is a unique role that ensures the cryptographic signing and publication of the Root Zone no less than once a day, without which, navigation on the internet would be impossible," the story adds.

The chief scientist of the Asia Pacific Network Information Center has a theory about why the world hasn't moved to IPv6. From a report: In a lengthy post to the center's blog, Geoff Huston recounts that the main reason for the development of IPv6 was a fear the world would run out of IP addresses, hampering the growth of the internet. But IPv6 represented evolution -- not revolution. "The bottom line was that IPv6 did not offer any new functionality that was not already present in IPv4. It did not introduce any significant changes to the operation of IP. It was just IP, with larger addresses," Huston wrote.

IPv6's designers assumed that the protocol would take off because demand for IPv4 was soaring. But in the years after IPv6 debuted, Huston observes, "There was no need to give the transition much thought." Internetworking wonks assumed applications, hosts, and networks would become dual stack and support IPv6 alongside IPv4, before phasing out the latter. But then mobile internet usage exploded, and network operators had to scale to meet unprecedented demand created by devices like the iPhone. "We could either concentrate our resources on meeting the incessant demands of scaling, or we could work on IPv6 deployment," Huston wrote.

Norway plans to enforce a strict minimum social media age of 15 to protect children from harmful content and the influence of algorithms. The Guardian reports: The Scandinavian country already has a minimum age limit of 13 in place. Despite this, more than half of nine-year-olds, 58% of 10-year-olds and 72% of 11-year-olds are on social media, according to research by the Norwegian media authority. The government has pledged to introduce more safeguards to prevent children from getting around the age restrictions -- including amending the Personal Data Act so that social media users must be 15 years old to agree that the platform can handle their personal data, and developing an age verification barrier for social media.

"It sends quite a strong signal," the prime minister told the newspaper VG on Wednesday. "Children must be protected from harmful content on social media. These are big tech giants pitted against small children's brains. We know that this is an uphill battle, because there are strong forces here, but it is also where politics is needed." While he said he understood that social media could offer lonely children a community, self-expression must not be in the power of algorithms. "On the contrary, it can cause you to become single-minded and pacified, because everything happens so fast on this screen," he added. "It is also about giving parents the security to say no," said Kjersti Toppe, the minister for children and families. "We know that many people really want to say no, but don't feel they can."

An anonymous reader quotes a report from Ars Technica: It's been just a week since US telecom regulators announced a formal inquiry into broadband data caps, and the docket is filling up with comments from users who say they shouldn't have to pay overage charges for using their Internet service. The docket has about 190 comments so far, nearly all from individual broadband customers.

Federal Communications Commission dockets are usually populated with filings from telecom companies, advocacy groups, and other organizations, but some attract comments from individual users of telecom services. The data cap docket probably won't break any records given that the FCC has fielded many millions of comments on net neutrality, but it currently tops the agency's list of most active proceedings based on the number of filings in the past 30 days. "Data caps, especially by providers in markets with no competition, are nothing more than an arbitrary money grab by greedy corporations. They limit and stifle innovation, cause undue stress, and are unnecessary," wrote Lucas Landreth.

"Data caps are as outmoded as long distance telephone fees," wrote Joseph Wilkicki. "At every turn, telecommunications companies seek to extract more revenue from customers for a service that has rapidly become essential to modern life." Pointing to taxpayer subsidies provided to ISPs, Wilkicki wrote that large telecoms "have sought every opportunity to take those funds and not provide the expected broadband rollout that we paid for."

In response to Trump-appointed FCC Commissioner Nathan Simington's coffee refill analogy, internet users "Jonathan Mnemonic" and James Carter wrote, "Coffee is not, in fact, internet service." They added: "Cafes are not able to abuse monopolistic practices based on infrastructural strangleholds. To briefly set aside the niceties: the analogy is absurd, and it is borderline offensive to the discerning layperson."

chalsall writes: After more than six years of work since the last discovery, the Great Internet Mersenne Prime Search (GIMPS) has found the 52nd known Mersenne Prime number. This is also the largest prime number known to humans.

The number is 2^136,279,841-1, which is 41,024,320 decimal digits long.

Luke Durant, a researcher from San Jose, CA, found it after contributing a fantastic amount of compute to the GIMPS project.

A post shared Saturday on social media acknowledges those admins and developers at the Internet Archive working "literally round the clock... They have taken no days off this past week. They are taking none this weekend... they are working with all of their energy and considerable talent."

It describes people "working so incredibly hard... putting their all in," with a top priority of "getting the site back secure and safe".

But there's new and continuing problems, reports The Verge's weekend editor: Early this morning, I received an email from "The Internet Archive Team," replying to a message I'd sent on October 9th. Except its author doesn't seem to have been the digital archivists' support team — it was apparently written by the hackers who breached the site earlier this month and who evidently maintain some level of access to its systems.

I'm not alone. Users on the Internet Archive subreddit are reporting getting the replies, as well. Here is the message I received:

It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.

As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018.

Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine — your data is now in the hands of some random guy. If not me, it'd be someone else.
The site BleepingComputer believes they know the larger context, starting with the fact that they've also "received numerous messages from people who received replies to their old Internet Archive removal requests... The email headers in these emails also pass all DKIM, DMARC, and SPF authentication checks, proving they were sent by an authorized Zendesk server."

BleepingComputer also writes that they'd "repeatedly tried to warn the Internet Archive that their source code was stolen through a GitLab authentication token that was exposed online for almost two years."

And that "the threat actor behind the actual data breach, who contacted BleepingComputer through an intermediary to claim credit for the attack," has been frustrated by misreporting. (Specifically, they insist there were two separate attacks last week — a DDoS attack and a separate data breach for a 6.4-gigabyte database which includes email addresses for the site's 33 million users.) The threat actor told BleepingComputer that the initial breach of Internet Archive started with them finding an exposed GitLab configuration file on one of the organization's development servers, services-hls.dev.archive.org. BleepingComputer was able to confirm that this token has been exposed since at least December 2022, with it rotating multiple times since then. The threat actor says this GitLab configuration file contained an authentication token allowing them to download the Internet Archive source code. The hacker say that this source code contained additional credentials and authentication tokens, including the credentials to Internet Archive's database management system. This allowed the threat actor to download the organization's user database, further source code, and modify the site.

The threat actor claimed to have stolen 7TB of data from the Internet Archive but would not share any samples as proof. However, now we know that the stolen data also included the API access tokens for Internet Archive's Zendesk support system. BleepingComputer attempted contact the Internet Archive numerous times, as recently as on Friday, offering to share what we knew about how the breach occurred and why it was done, but we never received a response.
"The Internet Archive was not breached for political or monetary reasons," they conclude, "but simply because the threat actor could...

"While no one has publicly claimed this breach, BleepingComputer was told it was done while the threat actor was in a group chat with others, with many receiving some of the stolen data. This database is now likely being traded amongst other people in the data breach community, and we will likely see it leaked for free in the future on hacking forums like Breached."

"The Wayback Machine, Archive-It, scanning, and national library crawls have resumed," announced the Internet Archive Thursday, "as well as email, blog, helpdesk, and social media communications. Our team is working around the clock across time zones to bring other services back online."

Founder Brewster Kahle told The Washington Post it's the first time in its almost 30-year history that it's been down more than a few hours. But their article says the Archive is "fighting back." Kahle and his team see the mission of the Internet Archive as a noble one — to build a "library of everything" and ensure records are kept in an online environment where websites change and disappear by the day. "We're all dreamers," said Chris Freeland, the Internet Archive's director of library services. "We believe in the mission of the Internet Archive, and we believe in the promise of the internet." But the site has, at times, courted controversy. The Internet Archive faces lawsuits from book publishers and music labels brought in 2020 and 2023 for digitizing copyrighted books and music, which the organization has argued should be permissible for noncommercial, archival purposes. Kahle said the hundreds of millions of dollars in penalties from the lawsuits could sink the Internet Archive.

Those lawsuits are ongoing. Now, the Internet Archive has also had to turn its attention to fending off cyberattacks. In May, the Internet Archive was hit with a distributed denial-of-service (DDoS) attack, a fairly common type of internet warfare that involves flooding a target site with fake traffic. The archive experienced intermittent outages as a result. Kahle said it was the first time the site had been targeted in its history... [After another attack October 9th], Kahle and his team have spent the week since racing to identify and fix the vulnerabilities that left the Internet Archive open to attack. The organization has "industry standard" security systems, Kahle said, but he added that, until this year, the group had largely stayed out of the crosshairs of cybercriminals. Kahle said he'd opted not to prioritize additional investments in cybersecurity out of the Internet Archive's limited budget of around $20 million to $30 million a year...

[N]o one has reliably claimed the defacement and data breach that forced the Internet Archive to sequester itself, said [cybersecurity researcher] Scott Helmef. He added that the hackers' decision to alert the Internet Archive of their intrusion and send the stolen data to Have I Been Pwned, the monitoring service, could imply they didn't have further intentions with it.... Helme said the episode demonstrates the vulnerability of nonprofit services like the Internet Archive — and of the larger ecosystem of information online that depends on them. "Perhaps they'll find some more funding now that all of these headlines have happened," Helme said. "And people suddenly realize how bad it would be if they were gone."
"Our priority is ensuring the Internet Archive comes online stronger and more secure," the archive said in Thursday's statement. And they noted other recent-past instances of other libraries also being attacked online: As a library community, we are seeing other cyber attacks — for instance the British Library, Seattle Public Library, Toronto Public Library, and now Calgary Public Library. We hope these attacks are not indicative of a trend."

For the latest updates, please check this blog and our official social media accounts: X/Twitter, Bluesky and Mastodon.

Thank you for your patience and ongoing support.

An anonymous reader shares a report: If you dread the thought of calling to change an airline ticket or negotiate your internet bill, a new artificial intelligence tool may provide a solution. DoNotPay, which offers an assortment of consumer-friendly services like tracking subscriptions, generating burner phone numbers, and searching for unclaimed property, now features a bot that will call customer service numbers for users, navigate through phone menus and sit through hold music, then politely but firmly advocate on users' behalf.

The company shared examples of its AI calling a cellphone provider for help porting a phone number and talking with an airline to cancel a flight within the 24-hour cancellation window. Joshua Browder, CEO and founder of DoNotPay, says getting updates on lost luggage and seeking compensation for flight delays are also common use cases. DoNotPay already offered tools to connect to customer service agents via chat windows, and to draft and send emails, faxes, and even snail mail to companies on behalf of users.

But while the service's artificial intelligence had enough smarts to wait on hold for users, then hand over a call when an agent was available, until recently AI models were not capable of carrying on a convincing voice conversation with a human operator in real time. Browder says that changed with Open AI's GPT-4o model, unveiled in May. "That has reduced the delay by about 70%, so instead of it taking three seconds to come up with a response, it now takes under a second, and that's finally fast enough to hold these phone conversations," he says. "So now we're doing thousands of these calls."

An anonymous reader quotes a report from the Washington Post: Brandon Barrett arrived here two weeks ago, sick but hopeful, like dozens before him. Just a few years back, he could dead lift 660 pounds. After an injury while training to be a professional dirt-bike rider, he opened a motorcycle shop just north of Buffalo. When he wasn't working, he would cleanse his mind through rigorous meditation. In 2019, he began getting sick. And then sicker. Brain fog. Memory issues. Difficulty focusing. Depression. Anxiety. Fatigue. Brandon was pretty sure he knew why: the cell tower a quarter-mile behind his shop and all the electromagnetic radiation it produces, that cellphones produce, that WiFi routers produce, that Bluetooth produces, that the whole damn world produces. He thought about the invisible waves that zip through our airspace -- maybe they pollute our bodies, somehow? [...]

Then Brandon read about Green Bank, an unincorporated speck on the West Virginia map, hidden in the Allegheny Mountains, about a four-hour drive southwest of D.C. There are no cell towers there, by design. He read that other sick people had moved here and gotten better, that the area's electromagnetic quietude is protected by the federal government. Perhaps it could protect Brandon. It's quiet here so that scientists can listen to corners of the universe, billions of light-years away. In the 1950s, the federal government snatched up farmland to build the Green Bank Observatory. It's now home to the Robert C. Byrd Green Bank Radio Telescope, the largest steerable telescope in the world at 7,600 metric tons and a height of 485 feet. Its 2.3-acre dish can study quasars and pulsars, map asteroids and planets, and search for evidence of extraterrestrial life.

The observatory's machines are so sensitive that terrestrial radio waves would interfere with their astronomical exploration, like a shout (a bunch of WiFi signals) drowning out a whisper (signals from the clouds of hydrogen hanging out between galaxies). So in 1958, the Federal Communications Commission created the National Radio Quiet Zone, a 13,000-square-mile area encompassing wedges of both Virginia and West Virginia, where radio transmissions are restricted to varying degrees. At its center is a 10-mile zone around the observatory where WiFi, cellphones and cordless phones -- among many other types of wave-emitting equipment -- are outlawed. Wired internet is okay, as are televisions -- though you must have a cable or satellite provider. It's not a place out of 100 years ago. More like 30. If you want to make plans to meet someone, you make them in person. Some people move here to work at the observatory. Others come because they feel like they have to. These are the 'electrosensitives,' as they often refer to themselves. They are ill, and Green Bank is their Lourdes. The electrosensitives guess that they number at least 75 in Pocahontas County, which has a population of roughly 7,500. Literary Hub, the BBC, Slate, and the Washingtonian have non-paywalled articles about Green Bank and the "wi-fi refugees" that shelter there.

schwit1 writes: The Department of Defense wants technology so it can fabricate online personas that are indistinguishable from real people.

The United States' secretive Special Operations Command is looking for companies to help create deepfake internet users so convincing that neither humans nor computers will be able to detect they are fake, according to a procurement document reviewed by The Intercept.

The plan, mentioned in a new 76-page wish list by the Department of Defense's Joint Special Operations Command, or JSOC, outlines advanced technologies desired for country's most elite, clandestine military efforts. "Special Operations Forces (SOF) are interested in technologies that can generate convincing online personas for use on social media platforms, social networking sites, and other online content," the entry reads.

An anonymous reader quotes a report from Hackread: The United States Department of Justice (DoJ) has indicted two Sudanese nationals for their alleged role in operating the hacktivist group Anonymous Sudan. The group claimed fame for conducting "tens of thousands" of large-scale and crippling Distributed Denial of Service attacks (DDoS attacks) targeting critical infrastructure, corporate networks, and government agencies globally. Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, stand accused of conspiracy to damage protected computers. Ahmed Salah faces additional charges for damaging protected computers. The duo is believed to have controlled Anonymous Sudan, which, since early 2023, launched attacks on high-profile entities such as ChatGPT, UAE's Flydubai Airline, London Internet Exchange, Microsoft, and the Israeli BAZAN Group.

The group and its clients also utilized the Distributed Cloud Attack Tool (DCAT) to conduct over 35,000 DDoS attacks. These attacks targeted sensitive government and critical infrastructure in the U.S. and globally, including the Department of Justice, Department of Defense, FBI, State Department, and Cedars-Sinai Medical Center in Los Angeles. The attacks, which sometimes lasted days, reportedly caused major damage, often crippling websites and networks. For instance, the attack on Cedars-Sinai Medical Center forced the redirection of incoming patients for eight hours, causing over $10 million in damages to U.S. victims.

AeroGarden, which sells Wi-Fi-connected indoor gardening systems, is going out of business on January 1. While Scotts Miracle-Gro has continued selling AeroGarden products after announcing the impending shutdown, the future of the devices' companion app is uncertain.

The Register's Jessica Lyons reports: Apple wants to shorten SSL/TLS security certificates' lifespans, down from 398 days now to just 45 days by 2027, and sysadmins have some very strong feelings about this "nightmarish" plan. As one of the hundreds that took to Reddit to lament the proposal said: "This will suck. My least favorite vendor manages something like 10 websites for us, and we have to provide the certs manually every time. Between live and test this is gonna suck."

The Apple proposal, a draft ballot measure that will likely go up for a vote among Certification Authority Browser Forum (CA/B Forum) members in the upcoming months, was unveiled by the iThings maker during the Forum's fall meeting. If approved, it will affect all Safari certificates, which follows a similar push by Google, that plans to reduce the max-validity period on Chrome for these digital trust files down to 90 days.

... [W]hile it's generally agreed that shorter lifespans improve internet security overall -- longer certificate terms mean criminals have more time to exploit vulnerabilities and old website certificates -- the burden of managing these expired certs will fall squarely on the shoulders of systems administrators. [...] Even certificate provider Sectigo, which sponsored the Apple proposal, admitted that the shortened lifespans "will no doubt prove a headache for busy IT security teams, juggling with lots of certificates expiring at different times." While automation is often touted as the solution to this problem, sysadmins were quick to point out that some SSL certs can't be automated. "This is somewhat nightmarish," said one sysadmin. "I have about 20 appliance like services that have no support for automation. Almost everything in my environment is automated to the extent that is practical. SSL renewal is the lone achilles heel that I have to deal with once every 365 days."