White House presses forward with Trump’s Space Command

U.S. President Donald Trump’s planned U.S. Space Command should seek to develop ways for the country’s military to operate in outer space, White House advisers recommended on Tuesday, with the government hoping to secure approval for it by 2020.

Target’s two-day holiday shipping option beats Amazon, Walmart

Target Corp, aiming to one-up retail rivals during the upcoming U.S. holiday shopping season, said on Tuesday it was adding more delivery and pickup options for online shoppers to have items shipped to their homes or ready for quick pick-up at local stores.

Two new supply-chain attacks come to light in less than a week

Two new supply-chain attacks come to light in less than a week

Most of us don’t think twice about installing software or updates from a trusted developer. We scrutinize the source site carefully to make sure it’s legitimate, and then we let the code run on our computers without much more thought. As developers continue to make software and webpages harder to hack, blackhats over the past few years have increasingly exploited this trust to spread malicious wares. Over the past week, two such supply-chain attacks have come to light.

The first involves VestaCP, a control-panel interface that system administrators use to manage servers. This Internet scan performed by Censys shows that there are more than 132,000 unexpired TLS certificates protecting VestaCP users at the moment. According to a post published last Thursday by security firm Eset, unknown attackers compromised VestaCP servers and used their access to make a malicious change to an installer that was available for download.

Poisoning the source

“The VestaCP installation script was altered to report back generated admin credentials to vestacp.com after a successful installation,” Eset Malware Researcher Marc-Étienne M.Léveillé told Ars. “We don’t know exactly when this happened, but the modified installation script was visible in their source code management on GitHub between May 31 and June 13.” VestaCP developer Serghey Rodin told Ars his organization is working with Eset to investigate the breach to better understand the attack.

Read 10 remaining paragraphs | Comments

Watch Live – DNSSEC Workshop on October 24 at ICANN 63 in Barcelona

ICANN 63 banner image

What can we learn from recent success of the Root KSK Rollover? What is the status of DNSSEC deployment in parts of Europe – and what lessons have been learned? How can we increase the automation of the DNSSEC “chain of trust”? And what new things are people doing with DANE?

All these topics and more will be discussed at the DNSSEC Workshop at the ICANN 63 meeting in Barcelona, Spain, on Wednesday, October 24, 2018. The session will begin at 9:00 and conclude at 15:00 CEST (UTC+2).

The agenda includes:

  • DNSSEC Workshop Introduction, Program, Deployment Around the World – Counts, Counts, Counts
  • Panel: DNSSEC Activities
    • Includes presenters from these TLDs: .DK, .DE, .CH, .UK, .SE, .IT, .ES, .CZ
  • Report on the Execution of the .BR Algorithm Rollover
  • Panel: Automating Update of DS records
  • Panel: Post KSK Roll? Plan for the Next KSK Roll?
  • DANE usage and use cases
  • DNSSEC – How Can I Help?

It should be an outstanding session!  For those onsite, the workshop will be room 113.


Lunch will be served between the second and third sessions.

Thank you to our lunch sponsors: Afilias, CIRA, and SIDN.

Please do join us for a great set of sessions about how we can work together to make the DNS more secure and trusted!

If you would like more information about DNSSEC or DANE, please visit our Start Here page to begin.

Image credit: ICANN

The post Watch Live – DNSSEC Workshop on October 24 at ICANN 63 in Barcelona appeared first on Internet Society.

Trump: Saudis staged ‘worst cover-up ever’ on Khashoggi

U.S. President Donald Trump said on Tuesday that Saudi authorities staged the “worst cover-up ever” in the killing of prominent journalist Jamal Khashoggi this month. Rough Cut (no reporter narration).

Wealthfront to offer automated financial planning tool for free

Wealthfront, one of the largest digital wealth management startups known as “robo-advisers,” will offer its automated financial planning tool for free by the end of the year as it seeks to grow its…