The 9th U.S. Circuit Court of Appeals said the U.S. District Court in Los Angeles was correct in 2013 in dismissing name.space’s antitrust lawsuit against ICANN on the new generic top-level domain (gTLD) program. Name.space had claimed ICANN’s gTLD program rules, which set the fee for new gTLD applications at $185,000, violated the Sherman Act and trademark laws. The 9th Circuit said Friday ICANN “is not a competitor” in the three markets name.space claimed ICANN had monopolized -- the TLD registry market, the international domain name market and the defensive registration services market. The 9th Circuit also said name.space’s trademark claims that ICANN accepted claims for TLDs that name.space was using on its “alternative” Internet were “not ripe for adjudication.” ICANN is “pleased that the Ninth Circuit agreed with the dismissal of the claims against ICANN in this matter,” General Counsel John Jeffrey said in a statement. “The rules and procedures governing the New gTLD Program were created through a global, inclusive, open and multistakeholder process, following a bottom-up policy development process leading to consensus-based policy recommendations.” Name.space didn’t comment.

Yahoo said it agreed to buy style-centric social e-commerce website Polyvore for an undisclosed amount. The deal will help Yahoo accelerate its “Mavens” growth strategy, which focuses on “strong offerings in social, native, and mobile,” by marrying Yahoo’s digital content with Polyvore’s advertising and media experience, Yahoo said Friday. The deal means “we’ll be able to deliver more scale to our advertisers by integrating our ad offerings into Yahoo Gemini,” said Polyvore CEO Jess Lee in the Yahoo news release. Lee and the rest of the Polyvore team will join Yahoo’s offices in New York, San Francisco and Sunnyvale, California, Yahoo said.

Sony’s online store will stop taking orders and close for good Aug. 28, the company told customers Friday in emails headlined, “It’s been a fun ride.” Sony soon will “unveil a new online product showcase and more ways to shop,” the emails said. “We are improving our online experience!” said an FAQs page at the Sony website. “Sony will have an exciting new product website that includes our authorized retailers for your purchase preference.” The campaign is part of the strategy Sony Electronics President Mike Fasulo unveiled in March (see 1503050034) and elaborated on in May (see 1505050039) to take merchandising concepts learned and perfected in Sony Stores and deliver them “more broadly” through brick-and-mortar and online accounts. The e-commerce portion of that program is being branded Sony Online Experience. Orders placed at the Sony online store until its closure at 1 p.m. PDT Aug. 28 will “follow the normal return policy,” the FAQs page said.

It’s a mistake to assume toll-free numbers that pop up in search engine results are legitimate customer service lines for a company, wrote FTC consumer education division intern Preston Reisig in a blog post Friday. “Some are run by scammers out to hijack your credit card number or install malware on your computer,” he said. By using company names and URLs that look “confusingly similar to national shopping outlets and big box stores,” scammers try to get consumers to reveal credit card numbers, Reisig said. Recent tech support scams involve scammers claiming to spot a security problem on the computer that they will fix for a fee, he said. To stay away from these scams, never assume phone numbers appearing in early search results are valid, Reisig said. “Scammers may even use a variation on the real company’s name in their web address, which is why the presence of a familiar-sounding URL is no guarantee the phone number and website are genuine,” he said. The best place to find contact information from a company is the company’s official website, Reisig said. It may take some time to navigate the page, “but it will increase the likelihood that you’re going straight to the source,” he said. A company may not offer a toll-free number but may provide an email address, online chat function, or have customers enter a number so the next available operator can contact them, he said.

The FBI's Internet Crime Complaint Center (IC3) has received an increasing number of complaints from businesses reporting extortion campaigns via email, an alert said Friday. Typically, a victim business will receive an email threatening Distributed Denial of Service (DDoS) attacks to its website unless a ransom -- that varies in size, but is usually demanded in Bitcoin -- is paid, IC3 said. Victims that don’t pay the ransom receive a follow-up email threatening that the price of the ransom will increase if the victim doesn’t pay in a certain time frame, it said. Some businesses implemented DDoS mitigation services as a precaution, it said. Those that experienced a DDoS attack reported the attacks “consisted primarily of Simple [Service] Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks, with an occasional SYN-flood and, more recently, [WordPress] XML-RPC reflection/amplification attack,” it said. The attacks often last one to two hours, “with 30 to 35 gigabytes as the physical limit,” it said. Based on information given to IC3, the FBI believes multiple individuals are involved in these extortion campaigns and believes the attacks will expand to online industries and other targeted sectors that are susceptible to financial loss if offline for a period of time, it said. IC3 recommends not opening emails or attachments from unknown individuals, not communicating with those who send threatening emails, and if an attack occurs, utilize DDoS mitigation services.

Passwords should be long, complex and unique, and shouldn't include common words, phrases or information, FTC Privacy and Identity Protection Division Legal Fellow Whitney Merrill wrote in a blog post Thursday. “Attackers often use a dictionary of previously exposed passwords and information gathered from the Internet to help them guess a password,” Merrill said. After a breach, passwords should be changed quickly, she said. Since many people have trouble keeping track of all their passwords, Merrill recommended use of a password manager, “an easy-to-access application that allows you to store all your valuable password information in one place.” If an individual forgets a password, some companies offer a chance to answer security questions to regain access, she said. Individuals should choose security questions only they know the answers to and avoid questions where the answer may be available in public records or online like a zip code, mother’s maiden name or birthplace, Merrill said. Individuals should also avoid questions that allow a hacker to easily guess an answer like what state an individual was born in and the color of the person's first car, she said. Answers to security questions should be complex, she said. For example, “if the security question asks ‘What is your favorite childhood memory?’ the answer ‘watching the Dodgers with my mom’ is more secure than ‘baseball,’” Merrill said.

Once the government effectuates a warrant by copying a computer hard drive, “it should dispose of the information irrelevant to the crime for which the warrant was issued,” said the Center for Democracy & Technology and five nonprofit advocacy organizations in an amicus brief filed Wednesday with the 2nd U.S. Circuit Court of Appeals, a news release said. The brief, filed in the U.S. v. Ganias case by the American Civil Liberties Union (ACLU), ACLU of Connecticut, the Brennan Center, Electronic Frontier Foundation and the Open Technology Institute of the New America Foundation, said law enforcement shouldn't be able to hold copied information indefinitely or have the ability to search the information indefinitely into the future in relation to unrelated crimes, the release said. In the case, the government copied the entire contents of Stavros Ganias’ computer hard drive as part of an Army investigation of improper conduct by a company called Industrial Property Management (IPM), the release said. Ganias’ was IPM’s accountant and the irrelevant data copied from the computers was not destroyed but was retained and searched with a new warrant by IRS investigators 18 months later for “unrelated accounting irregularities,” the release said. CDT Freedom, Security and Technology Project Director Greg Nojeim said: “If the content irrelevant to the warrant is retained indefinitely, it means an individual will be forced to live under a cloud of suspicion forever.” It’s a violation of the Fourth Amendment, which covers searches and seizures, to seize a computer to investigate one crime and then hold irrelevant information on the chance it could be useful later, he said.

The Digital Citizens Alliance (DCA) urged YouTube in a report Thursday to stop featuring advertising on videos that promote malicious software. Hackers are increasingly using trusted sites like YouTube to learn hacking skills, with YouTube hosting thousands of videos on the use of remote access Trojans and other malware, DCA said. About 38 percent of the videos DCA found on YouTube related to malware use contained ads from major car companies and others. YouTube parent company Google and the video’s poster split ad revenue from “these malicious tutorials,” DCA said. YouTube “has clear policies that outline what content is acceptable to post, and we remove videos violating these policies when flagged by our users,” the company said in a statement.

Fifteen percent of U.S. adults don't use the Internet, according to a Pew Research Center analysis of survey data, wrote Pew research analysts Monica Anderson and Andrew Perrin in a blog post Tuesday. “Internet non-adoption is correlated to a number of demographic variables, including age, educational attainment, household income, race and ethnicity, and community type,” they said, with non-Internet use being most prevalent among blacks and Hispanics, individuals over the age of 65, those making $30,000 or less, individuals with less than a high school education and those who live in rural areas.

The California State Assembly’s public safety committee unanimously passed the California Electronic Communications Privacy Act (Cal-ECPA) July 14 and referred it to the appropriations committee. The bill would “forbid warrantless cellular ‘stingrays’ as well as searches of documents and data stored online,” wrote King & Spalding attorney Daniel Ray in a blog post Wednesday. State Sen. Mark Leno, D-San Francisco, in February introduced the bill, which passed the Senate unanimously in June. But “enactment is not guaranteed” because Gov. Jerry Brown (D) twice vetoed Cal-ECPA’s predecessors in 2012 and 2013, Ray said. If the legislation is enacted, “it would be the most comprehensive state law on digital searches and seizures in the United States,” Ray said. The law would go further than the Supreme Court’s decision in Riley v. California that said a cellphone search required a warrant by “outlawing warrantless remote searches” using “stingrays,” he said. Cal-ECPA would also apply to communications and metadata stored in the cloud, but wouldn't prohibit service providers from disclosing requested information voluntarily or limiting requests made under the federal Electronic Communications Privacy Act or other federal law, he said.