ISPs worry a new Chrome feature will stop them from spying on you

ISPs worry a new Chrome feature will stop them from spying on you

Enlarge (credit: Thomas Trutschel/Photothek via Getty Images)

When you visit a new website, your computer probably submits a request to the domain name system (DNS) to translate the domain name (like arstechnica.com) to an IP address. Currently, most DNS queries are unencrypted, which raises privacy and security concerns. Google and Mozilla are trying to address these concerns by adding support in their browsers for sending DNS queries over the encrypted HTTPS protocol.

But major Internet service providers have cried foul. In a September 19 letter to Congress, Big Cable and other telecom industry groups warned that Google's support for DNS over HTTPS (DOH) "could interfere on a mass scale with critical Internet functions, as well as raise data-competition issues."

On Sunday, the Wall Street Journal reported that the House Judiciary Committee is taking these concerns seriously. In a September 13 letter, the Judiciary Committee asked Google for details about its DOH plans—including whether Google plans to use data collected via the new protocol for commercial purposes.

Read 18 remaining paragraphs | Comments

Prepare for National Cybersecurity Awareness Month

Original release date: September 30, 2019

October is National Cybersecurity Awareness Month (NCSAM), which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and its public and private partners—including the National Cyber Security Alliance (NCSA)—to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the Nation against cyber threats. This year’s theme, “Own IT. Secure IT. Protect IT.,” focuses on promoting personal accountability and positive behavior when it comes to cybersecurity.

CISA encourages organizations to see the NCSAM 2019 webpage and the NCSAM 2019 Toolkit for ways to participate in and promote NCSAM.

This product is provided subject to this Notification and this Privacy & Use policy.

MS-ISAC Releases Advisory on PHP Vulnerability

Original release date: September 27, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on a vulnerability in Hypertext Preprocessor (PHP). An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC Advisory 2019-101 and the PHP Downloads page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates

Original release date: September 27, 2019

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.