reporter

The Nicene Creed was formulated 1,700 years ago in AD 325 at the Council of Nicaea. Later, one clause in it called the Filioque was a cause of division between the Eastern and Western Church. This is the story …View the full article

A leading BBC journalist will share insights gained while covering the war in Ukraine during a poignant remembrance service in London on the evening of 11 November.View the full article

The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link’s ties to China than any specific technical threats, much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box. A TP-Link WiFi 6 AX1800 Smart WiFi Router (Archer AX20). The Washington Post recently reported that more than a half-dozen federal departments and agencies were backing a proposed ban on future sales of TP-Link devices in the United States. The story said U.S. Department of Commerce officials concluded TP-Link Systems products pose a risk because the U.S.-based company’s products handle sensitive American data and because the officials believe it remains subject to jurisdiction or influence by the Chinese government. TP-Link Systems denies that, saying that it fully split from the Chinese TP-Link Technologies over the past three years, and that its critics have vastly overstated the company’s market share (TP-Link puts it at around 30 percent). TP-Link says it has headquarters in California, with a branch in Singapore, and that it manufactures in Vietnam. The company says it researches, designs, develops and manufactures everything except its chipsets in-house. TP-Link Systems told The Post it has sole ownership of some engineering, design and manufacturing capabilities in China that were once part of China-based TP-Link Technologies, and that it operates them without Chinese government supervision. “TP-Link vigorously disputes any allegation that its products present national security risks to the United States,” Ricca Silverio, a spokeswoman for TP-Link Systems, said in a statement. “TP-Link is a U.S. company committed to supplying high-quality and secure products to the U.S. market and beyond.” Cost is a big reason TP-Link devices are so prevalent in the consumer and small business market: As this February 2025 story from Wired observed regarding the proposed ban, TP-Link has long had a reputation for flooding the market with devices that are considerably cheaper than comparable models from other vendors. That price point (and consistently excellent performance ratings) has made TP-Link a favorite among Internet service providers (ISPs) that provide routers to their customers. In August 2024, the chairman and the ranking member of the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party called for an investigation into TP-Link devices, which they said were found on U.S. military bases and for sale at exchanges that sell them to members of the military and their families. “TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting,” the House lawmakers warned in a letter (PDF) to the director of the Commerce Department. “When combined with the PRC government’s common use of SOHO [small office/home office] routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming.” The letter cited a May 2023 blog post by Check Point Research about a Chinese state-sponsored hacking group dubbed “Camaro Dragon” that used a malicious firmware implant for some TP-Link routers to carry out a sequence of targeted cyberattacks against European foreign affairs entities. Check Point said while it only found the malicious firmware on TP-Link devices, “the firmware-agnostic nature of the implanted components indicates that a wide range of devices and vendors may be at risk.” In a report published in October 2024, Microsoft said it was tracking a network of compromised TP-Link small office and home office routers that has been abused by multiple distinct Chinese state-sponsored hacking groups since 2021. Microsoft found the hacker groups were leveraging the compromised TP-Link systems to conduct “password spraying” attacks against Microsoft accounts. Password spraying involves rapidly attempting to access a large number of accounts (usernames/email addresses) with a relatively small number of commonly used passwords. TP-Link rightly points out that most of its competitors likewise source components from China. The company also correctly notes that advanced persistent threat (APT) groups from China and other nations have leveraged vulnerabilities in products from their competitors, such as Cisco and Netgear. But that may be cold comfort for TP-Link customers who are now wondering if it’s smart to continue using these products, or whether it makes sense to buy more costly networking gear that might only be marginally less vulnerable to compromise. Almost without exception, the hardware and software that ships with most consumer-grade routers includes a number of default settings that need to be changed before the devices can be safely connected to the Internet. For example, bring a new router online without changing the default username and password and chances are it will only take a few minutes before it is probed and possibly compromised by some type of Internet-of-Things botnet. Also, it is incredibly common for the firmware in a brand new router to be dangerously out of date by the time it is purchased and unboxed. Until quite recently, the idea that router manufacturers should make it easier for their customers to use these products safely was something of an anathema to this industry. Consumers were largely left to figure that out on their own, with predictably disastrous results. But over the past few years, many manufacturers of popular consumer routers have begun forcing users to perform basic hygiene — such as changing the default password and updating the internal firmware — before the devices can be used as a router. For example, most brands of “mesh” wireless routers — like Amazon’s Eero, Netgear’s Orbi series, or Asus’s ZenWifi — require online registration that automates these critical steps going forward (or at least through their stated support lifecycle). For better or worse, less expensive, traditional consumer routers like those from Belkin and Linksys also now automate this setup by heavily steering customers toward installing a mobile app to complete the installation (this often comes as a shock to people more accustomed to manually configuring a router). Still, these products tend to put the onus on users to check for and install available updates periodically. Also, they’re often powered by underwhelming or else bloated firmware, and a dearth of configurable options. Of course, not everyone wants to fiddle with mobile apps or is comfortable with registering their router so that it can be managed or monitored remotely in the cloud. For those hands-on folks — and for power users seeking more advanced router features like VPNs, ad blockers and network monitoring — the best advice is to check if your router’s stock firmware can be replaced with open-source alternatives, such as OpenWrt or DD-WRT. These open-source firmware options are compatible with a wide range of devices, and they generally offer more features and configurability. Open-source firmware can even help extend the life of routers years after the vendor stops supporting the underlying hardware, but it still requires users to manually check for and install any available updates. Happily, TP-Link users spooked by the proposed ban may have an alternative to outright junking these devices, as many TP-Link routers also support open-source firmware options like OpenWRT. While this approach may not eliminate any potential hardware-specific security flaws, it could serve as an effective hedge against more common vendor-specific vulnerabilities, such as undocumented user accounts, hard-coded credentials, and weaknesses that allow attackers to bypass authentication. Regardless of the brand, if your router is more than four or five years old it may be worth upgrading for performance reasons alone — particularly if your home or office is primarily accessing the Internet through WiFi. NB: The Post’s story notes that a substantial portion of TP-Link routers and those of its competitors are purchased or leased through ISPs. In these cases, the devices are typically managed and updated remotely by your ISP, and equipped with custom profiles responsible for authenticating your device to the ISP’s network. If this describes your setup, please do not attempt to modify or replace these devices without first consulting with your Internet provider. View the full article

We may not be on a battlefield today, but we still live in what CS Lewis called ‘enemy-occupied territory’.View the full article

Churches across the country are joining in Remembrance Sunday commemorations in honour of all those who have served and sacrificed on behalf of the nation in both World Wars and subsequent conflicts.View the full article

A church leader was apparently warned by a police officer that a Bible verse displayed on the back of his campervan could be considered "hate speech" in certain contexts.View the full article

After years of steady decline, Americans are rediscovering the Bible — and young adults are leading the way.View the full article

The danger we run into when we read the public reports of the misdeeds of some person who has become the object of public disgrace is that we become tempted to entertain the idea that we are somehow better in the eyes of God than that personView the full article

More than a fifth of the world's currently enslaved population are believed to live in India.View the full article

Britain already has the most extreme abortion laws in Europe.View the full article

Some 287 amendments will be examined in just three sessions.View the full article

Fulanis massacre farmers in Benue state.View the full article

A Christian in Pakistan with mental health issues has been arrested and charged under blasphemy, terrorism and sedition laws, sources said.View the full article

The Christian Institute has been getting into the Christmas spirit early this year by calling upon supporters to invite their local MP to church.View the full article

Jewish academic and Hebrew scholar Irene Lancaster explains the Jewish interpretation of Abraham and God's covenant promise.View the full article

One of Cornwall’s best-known Christian festivals, Creation Fest, has issued an urgent appeal for financial support as it faces potential closure within the next year.View the full article

Why build on Atlassian’s platform? Accelerate time to value: Launch apps in weeks not months with Forge, and build powerful AI-powered agents and automations in Studio for any team, industry or workflow. Monetize faster: Reach 300,000+ customers—including 80% of the Fortune 500—and tap into $6B+ in Marketplace lifetime sales with built-in billing, analytics, and go-to-market support. Grow recurring revenue: Flexible pricing and ongoing service models help you scale your business. Build with trust: Rely on Atlassian’s enterprise-grade security, compliance, and governance—trusted by the world’s leading enterprises. Join the Atlassian Ecosystem, your launchpad for innovation, growth, and lasting impact. The world of software is moving fast and AI is redefining what’s possible for teams everywhere. For Atlassian partners, this moment presents a once-in-a-generation opportunity to build smarter, more connected, and more valuable solutions for customers. The Atlassian platform empowers partners to accelerate time to value, unlock new recurring revenue streams, and scale confidently, all on a foundation of enterprise-grade trust and governance. With Atlassian developer platform, you can go from idea to monetized solution in weeks, not months, and reach 300,000+ global customers through the Atlassian Marketplace. Here’s how you can seize this next wave of opportunity: Build and launch powerful products faster Build faster on Atlassian’s platform—focus on your IP, not plumbing. Forge gives you developer-grade infrastructure to rapidly build, launch and scale enterprise-ready apps—faster than ever before. With pre-built frameworks, APIs, and enterprise-ready tools, Forge accelerates your path from idea to production, embedding intelligence and automation directly into Jira, Confluence, and more. Once your foundation is set, Rovo Studio empowers anyone to quickly build, customize, and deploy intelligent solutions across the Atlassian Ecosystem. Describe your solution in natural language, and Rovo Studio turns it into powerful agents and automations in minutes—moving you from idea to impact at unprecedented speed. Result: ship innovative, AI-powered solutions faster and with less risk. As partner and part of the Atlassian Ecosystem, we empower you to deliver solutions that meet the rigorous demands of global enterprises. By building on Atlassian’s secure, transparent, and compliant platform—the same trusted infrastructure that powers Jira, Confluence, and Bitbucket—you inherit enterprise-grade reliability, transparency & trust by default. Enterprise-grade trust: Leverage Atlassian’s permission-aware platform, data residency compliant storage, and strict egress controls to raise the bar for customer trust. Performance and scalability: Deliver apps and solutions on infrastructure designed for millions of daily users, ensuring consistent reliability as you grow. Security by default: Rely on the same robust controls that safeguard Atlassian Cloud customers, giving enterprise clients peace of mind. Atlassian’s robust infrastructure and commitment to compliance enable you to unlock new opportunities, drive innovation, and deliver exceptional value to some of the world’s most trusted organizations. By building on Atlassian and monetizing your solution through the Atlassian Marketplace, you can confidently assure enterprise customers that what you offer is built on a foundation they can depend on—enabling productivity, growth, and peace of mind. Monetize through the Atlassian Marketplace With a thriving ecosystem of millions of monthly active users and 6,000+ apps, the Atlassian Marketplace is a proven engine for partner growth, driving over $6B in lifetime sales and giving you access to 300,000+ customers worldwide. Now, you can go beyond app listings to deliver ongoing, intelligent services that create recurring value and recurring revenue. Flexible monetization: Reach a broader audience by offering both standard and advanced editions, empowering you to customize pricing and packaging for every customer segment. Simplified go-to-market: Access co-marketing opportunities, enablement programs, and Marketplace promotions to help scale your reach. Shared growth: Tap into Atlassian’s sales and partner success motions to bring your solution to joint customers. With flexible pricing options and building for new, advanced solutions that keep you at the forefront of innovation, your app becomes more than an add-on. It becomes a core part of how customers get work done across Atlassian products, accelerating teams into the future. How to get started Ready to build the next generation of intelligent solutions on Atlassian’s platform? Here’s how to start: Define your value. Identify the problem you solve for Atlassian customers and how it fits within the ecosystem. Leverage the platform foundation. Use Atlassian’s APIs, app frameworks, and AI capabilities to build quickly and securely. Launch and monetize. Publish your app on the Atlassian Marketplace, tap into our partner programs, and scale through joint go-to-market opportunities. But don’t just take it from us. Opus Guard, an Atlassian Marketplace Partner, leveraged Atlassian’s Forge platform and Rovo to build an AI-assisted Content Retention Manager for Confluence, enabling automated, secure, and scalable content classification and data governance. Using Forge, they developed a Rovo Agent module that integrates with Rovo Chat, allowing users to analyze, classify, and manage Confluence content directly within Atlassian Cloud, while ensuring data never leaves the secure environment. Rovo’s LLM-powered agents and actions, implemented as Forge functions, provide expert-level content analysis and recommendations, streamlining compliance and retention workflows for users. This case demonstrates how partnering with and building on Atlassian empowers developers to rapidly deliver innovative, enterprise-grade solutions that seamlessly integrate with Atlassian’s trusted cloud ecosystem, unlocking new value for customers and partners alike. Rovo Agents and Rovo Actions function within Atlassian, enabling developers to harness AI while maintaining data security within Atlassian Cloud.” – Dr. Shu Shen, Co-founder, CTO | Opus Guard The moment is now The convergence of AI, automation, and collaboration is transforming how teams work, and as an Atlassian partner, you’ll be at the center of it all. By building on the Atlassian platform, you gain the power to innovate faster, build with confidence, and grow your business alongside us. Whether you’re an established Marketplace leader or just starting your journey, this is your moment to shape the future of teamwork. Build with speed. Build with trust. Build with Atlassian. To get started, create your partner profile today. The post Partner with Atlassian and unlock your next wave of growth appeared first on Work Life by Atlassian. View the full article

Faith is "becoming an increasingly individualised and self-directed journey" among young people, research has found.View the full article

The SNP has been slow to act on the issue.View the full article

Scrapping the English Baccalaureate has also been welcomed by the Church of England and the worlds of theatre, art and music.View the full article

The final verdict had been due on Thursday but was postponed for the second time. View the full article

Forgiveness can feel naive, weak, even wrong. It sounds like we’re saying the wound doesn’t matter. But the cross of Christ shows us something infinitely deeper.View the full article

It has been a year since the Makin Report, which felled Justin Welby, was published.View the full article

For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says Aisuru’s overlords are using the botnet to boost their malicious domain rankings, while simultaneously attacking the company’s domain name system (DNS) service. The #1 and #3 positions in this chart are Aisuru botnet controllers with their full domain names redacted. Source: radar.cloudflare.com. Aisuru is a rapidly growing botnet comprising hundreds of thousands of hacked Internet of Things (IoT) devices, such as poorly secured Internet routers and security cameras. The botnet has increased in size and firepower significantly since its debut in 2024, demonstrating the ability to launch record distributed denial-of-service (DDoS) attacks nearing 30 terabits of data per second. Until recently, Aisuru’s malicious code instructed all infected systems to use DNS servers from Google — specifically, the servers at 8.8.8.8. But in early October, Aisuru switched to invoking Cloudflare’s main DNS server — 1.1.1.1 — and over the past week domains used by Aisuru to control infected systems started populating Cloudflare’s top domain rankings. As screenshots of Aisuru domains claiming two of the Top 10 positions ping-ponged across social media, many feared this was yet another sign that an already untamable botnet was running completely amok. One Aisuru botnet domain that sat prominently for days at #1 on the list was someone’s street address in Massachusetts followed by “.com”. Other Aisuru domains mimicked those belonging to major cloud providers. Cloudflare tried to address these security, brand confusion and privacy concerns by partially redacting the malicious domains, and adding a warning at the top of its rankings: “Note that the top 100 domains and trending domains lists include domains with organic activity as well as domains with emerging malicious behavior.” Cloudflare CEO Matthew Prince told KrebsOnSecurity the company’s domain ranking system is fairly simplistic, and that it merely measures the volume of DNS queries to 1.1.1.1. “The attacker is just generating a ton of requests, maybe to influence the ranking but also to attack our DNS service,” Prince said, adding that Cloudflare has heard reports of other large public DNS services seeing similar uptick in attacks. “We’re fixing the ranking to make it smarter. And, in the meantime, redacting any sites we classify as malware.” Renee Burton, vice president of threat intel at the DNS security firm Infoblox, said many people erroneously assumed that the skewed Cloudflare domain rankings meant there were more bot-infected devices than there were regular devices querying sites like Google and Apple and Microsoft. “Cloudflare’s documentation is clear — they know that when it comes to ranking domains you have to make choices on how to normalize things,” Burton wrote on LinkedIn. “There are many aspects that are simply out of your control. Why is it hard? Because reasons. TTL values, caching, prefetching, architecture, load balancing. Things that have shared control between the domain owner and everything in between.” Alex Greenland is CEO of the anti-phishing and security firm Epi. Greenland said he understands the technical reason why Aisuru botnet domains are showing up in Cloudflare’s rankings (those rankings are based on DNS query volume, not actual web visits). But he said they’re still not meant to be there. “It’s a failure on Cloudflare’s part, and reveals a compromise of the trust and integrity of their rankings,” he said. Greenland said Cloudflare planned for its Domain Rankings to list the most popular domains as used by human users, and it was never meant to be a raw calculation of query frequency or traffic volume going through their 1.1.1.1 DNS resolver. “They spelled out how their popularity algorithm is designed to reflect real human use and exclude automated traffic (they said they’re good at this),” Greenland wrote on LinkedIn. “So something has evidently gone wrong internally. We should have two rankings: one representing trust and real human use, and another derived from raw DNS volume.” Why might it be a good idea to wholly separate malicious domains from the list? Greenland notes that Cloudflare Domain Rankings see widespread use for trust and safety determination, by browsers, DNS resolvers, safe browsing APIs and things like TRANCO. “TRANCO is a respected open source list of the top million domains, and Cloudflare Radar is one of their five data providers,” he continued. “So there can be serious knock-on effects when a malicious domain features in Cloudflare’s top 10/100/1000/million. To many people and systems, the top 10 and 100 are naively considered safe and trusted, even though algorithmically-defined top-N lists will always be somewhat crude.” Over this past week, Cloudflare started redacting portions of the malicious Aisuru domains from its Top Domains list, leaving only their domain suffix visible. Sometime in the past 24 hours, Cloudflare appears to have begun hiding the malicious Aisuru domains entirely from the web version of that list. However, downloading a spreadsheet of the current Top 200 domains from Cloudflare Radar shows an Aisuru domain still at the very top. According to Cloudflare’s website, the majority of DNS queries to the top Aisuru domains — nearly 52 percent — originated from the United States. This tracks with my reporting from early October, which found Aisuru was drawing most of its firepower from IoT devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon. Experts tracking Aisuru say the botnet relies on well more than a hundred control servers, and that for the moment at least most of those domains are registered in the .su top-level domain (TLD). Dot-su is the TLD assigned to the former Soviet Union (.su’s Wikipedia page says the TLD was created just 15 months before the fall of the Berlin wall). A Cloudflare blog post from October 27 found that .su had the highest “DNS magnitude” of any TLD, referring to a metric estimating the popularity of a TLD based on the number of unique networks querying Cloudflare’s 1.1.1.1 resolver. The report concluded that the top .su hostnames were associated with a popular online world-building game, and that more than half of the queries for that TLD came from the United States, Brazil and Germany [it’s worth noting that servers for the world-building game Minecraft were some of Aisuru’s most frequent targets]. A simple and crude way to detect Aisuru bot activity on a network may be to set an alert on any systems attempting to contact domains ending in .su. This TLD is frequently abused for cybercrime and by cybercrime forums and services, and blocking access to it entirely is unlikely to raise any legitimate complaints. View the full article

The Tycoon 2FA phishing kit is a sophisticated Phishing-as-a-Service (PhaaS) platform that emerged in August 2023, designed to bypass two-factor authentication (2FA) and multi-factor authentication (MFA) protections, primarily targeting Microsoft 365 and Gmail accounts. Utilizing an Adversary-in-the-Middle (AiTM) approach, it employs a reverse proxy server to host deceptive phishing pages that mimic legitimate login interfaces, capturing user credentials and session cookies in real-time. According to the Any.run malware trends tracker, Tycoon 2FA leads with over 64,000 reported incidents this year. View the full article