"The movement to encrypt the web reached milestone after milestone in 2017," writes the EFF, adding that "the web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol." In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads on Firefox are encrypted, and Chrome shows even higher numbers. At the beginning of the year, Let's Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let's Encrypt's total issuance volume has exceeded 177 million certificates...

Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users "Not secure" warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a "Not secure" warning for all HTTP pages... The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically...

The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year... [And] there's plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.

"That kids house that I swatted is on the news," tweeted "SWauTistic" -- before he realized he'd gotten somebody killed. Security researcher Brian Krebs reveals what happened next. When it became apparent that a man had been killed as a result of the swatting, Swautistic tweeted that he didn't get anyone killed because he didn't pull the trigger. Swautistic soon changed his Twitter handle to @GoredTutor36, but KrebsOnSecurity managed to obtain several weeks' worth of tweets from Swautistic before his account was renamed. Those tweets indicate that Swautistic is a serial swatter -- meaning he has claimed responsibility for a number of other recent false reports to the police. Among the recent hoaxes he's taken credit for include a false report of a bomb threat at the U.S. Federal Communications Commission (FCC) that disrupted a high-profile public meeting on the net neutrality debate. Swautistic also has claimed responsibility for a hoax bomb threat that forced the evacuation of the Dallas Convention Center, and another bomb threat at a high school in Panama City, Fla, among others.

After tweeting about the incident extensively Friday afternoon, KrebsOnSecurity was contacted by someone in control of the @GoredTutor36 Twitter account. GoredTutor36 said he's been the victim of swatting attempts himself, and that this was the reason he decided to start swatting others. He said the thrill of it "comes from having to hide from police via net connections." Asked about the FCC incident, @GoredTutor36 acknowledged it was his bomb threat. "Yep. Raped em," he wrote. "Bomb threats are more fun and cooler than swats in my opinion and I should have just stuck to that," he wrote. "But I began making $ doing some swat requests."
Krebs' article also links to a police briefing with playback from the 911 call. "There is no question that police officers and first responders across the country need a great deal more training to bring the number of police shootings way down..." Krebs argues. "Also, all police officers and dispatchers need to be trained on what swatting is, how to spot the signs of a hoax, and how to minimize the risk of anyone getting harmed when responding to reports about hostage situations or bomb threats."

But he also argues that filing a false police report should be reclassified as a felony in all states.

An anonymous reader writes: Newsweek's National Politics Correspondent reports on "a horny nest of prostitution 'hobbyists' at tech giants Microsoft, Amazon and other firms in Seattle," citing "hundreds" of emails "fired off by employees at major tech companies hoping to hook up with trafficked Asian women" between 2014 and 2016, "67 sent from Microsoft, 63 sent from Amazon email accounts and dozens more sent from some of Seattle's premier tech companies and others based elsewhere but with offices in Seattle, including T-Mobile and Oracle, as well as many local, smaller tech firms." Many of the emails came from a sting operation against online prostitution review boards, and were obtained through a public records request to the King County Prosecutor's Office.

"They were on their work accounts because Seattle pimps routinely asked first-time sex-buyers to prove they were not cops by sending an employee email or badge," reports Newsweek, criticizing "the widespread and often nonchalant attitude toward buying sex from trafficked women, a process made shockingly more efficient by internet technology... A study commissioned by the Department of Justice found that Seattle has the fastest-growing sex industry in the United States, more than doubling in size between 2005 and 2012. That boom correlates neatly with the boom of the tech sector there... Some of these men spent $30,000 to $50,000 a year, according to authorities." A lawyer for some of the men argues that Seattle's tech giants aren't conducting any training to increase employees' compassion for trafficked women in brothels. The director of research for a national anti-trafficking group cites the time Uber analyzed ride-sharing data and reported a correlation between high-crime neighborhoods and frequent Uber trips -- including people paying for prostitutes. "They made a map using their ride-share data, like it was a funny thing they could do with their data. It was done so flippantly."