YunOS, a division of Alibaba, joined the ZigBee Alliance at the participant level, the trade organization announced Wednesday. YunOS works with various partners in the information industry and powers smart devices including phones, wearables, internet cars, robots and household appliances. More than 400 companies are in the ZigBee Alliance.

A 32-year-old Syracuse, New York, man, convicted in March for computer hacking and wire fraud related to a widespread network outage in Pennsylvania six years ago, was sentenced to 24 months in prison, said DOJ in a Tuesday news release. District Court Judge Sylvia Rambo in Harrisburg also ordered Dariusz Prugar to pay $26,000 in restitution. DOJ said Prugar was a network administrator for Pa Online, when the ISP was located in Enola, Pennsylvania. He was fired in June 2010, and "days later" Prugar hacked into the company's network, installing programs that resulted in files and directories being erased and crashing the network, said Justice. More than 5,000 residential and 500 business customers were without service for a week, the department said. The company rebuilt the entire network because Prugar installed several back doors to get into the system, DOJ said. In a March release, Justice said the computer fraud charge was related to Prugar's unlawful network intrusion, and the wire fraud charge was related to his attempt to cause financial loss through the use of interstate wires.

U.S. District Court in Los Angeles granted ICANN's motion to dismiss a lawsuit by domain registry Donuts against the organization over the controversial auction of the .web generic top-level domain. The company's Ruby Glen subsidiary sued in July, claiming ICANN intentionally failed to adequately investigate what the company believed ahead of the .web auction to be changes in ownership or control of rival bidder Nu Dot Co (see 1608090036). Nu Dot Co won the .web auction and .com registry Verisign subsequently said it had funded the $135 million purchase with the understanding that control of .web would pass to it (see 1607250051 and 1607270027). ICANN filed its motion to dismiss in late October, saying in part that Donuts was barred from suing the organization due to a covenant placed in all gTLD applications (see 1610270037). Donuts claimed the anti-suit covenant was void under California law. Judge Percy Anderson ruled the covenant was allowed because it wasn't created to exempt ICANN from facing claims of fraud, willful injury or violating the law. “The nature of the relationship between ICANN and Plaintiff, the sophistication of Plaintiff, the stakes involved in the gTLD application process, and the fact that the Application Guidebook ‘is the implementation of [ICANN] Board-approved consensus policy concerning the introduction of new gTLDs’ … militates against a conclusion that the covenant not to sue is procedurally unconscionable,” Anderson said in his ruling (in Pacer). Without the anti-suit covenant, “any frustrated applicant could, through the filing of a lawsuit, derail the entire system developed by ICANN to process applications for gTLDs,” Anderson said. “ICANN and frustrated applicants do not bear this potential harm equally. This alone establishes the reasonableness of the covenant not to sue. As a result, the Court concludes that the covenant not to sue is not substantively unconscionable.” Donuts “disagrees with the Court’s decision that ICANN’s required covenant not to sue, while being unconscionable, was not sufficiently unconscionable to be struck down as a matter of law,” said Executive Vice President Jon Nevett in a statement. “It is unfortunate that the auction process for .WEB was mired in a lack of transparency and anti-competitive behavior. ICANN, in its haste to proceed to auction, performed only a slapdash investigation and deprived the applicants of the right to fairly compete for .WEB in accordance with the very procedures ICANN demanded of applicants. Donuts will continue to utilize the tools at its disposal to address this procedural failure.”

Ransomware attacks will decrease in volume and effectiveness in the second half of 2017, while hardware and firmware will be increasingly targeted by “sophisticated” attackers, Intel Security’s McAfee Labs reported Tuesday. Intel surveyed 31 “thought leaders." IoT malware will open back doors in connected devices that could take years to detect, Intel said. Mobile attacks will combine mobile device locks with credential theft, increasing the vulnerability of personal information stored on consumers’ devices, Intel said. Hackers will attempt “dronejackings” using laptops for criminal and “hacktivist” purposes, Intel said. Hacktivists will also likely play an important role in exposing privacy issues, Intel said. “To change the rules of the game between attackers and defenders, we need to neutralize our adversaries' greatest advantages," said Intel Security Vice President-McAfee Labs Vincent Weafer. “To overcome the designs of our adversaries, we need to go beyond understanding the threat landscape to changing the defender-attacker dynamics in six key areas: information asymmetry, making attacks more expensive, improving visibility, better identifying exploitation of legitimacy, improving protection for decentralized data, and detecting and protecting in agentless environments.”

The Department of Commerce’s Digital Economy Board of Advisors (DEBA), formed about a year ago to encourage growth in the digital economy and promote internet policy (see 1511240034 and 1605160058), scheduled a Dec. 15 public meeting, said a notice in Tuesday's Federal Register. A detailed agenda will be posted before the meeting. DEBA's activities include collecting and analyzing the free flow of information on the internet, including policies that may curb cross-border information flows, providing advice on policy issues like increasing broadband capacity and enhancing cybersecurity and privacy, promoting new technologies and understanding the impact of the internet on job growth and the economy. The 8:30 a.m.-noon meeting will be at 1401 Constitution Ave. NW.

Linking of fake news stories via Facebook and other social media platforms is a problem that “should be left to the platforms themselves -- and interested private third parties -- to address,” and isn't an issue requiring government intervention, said Free State Foundation President Randolph May in a Friday blog post. Facebook CEO Mark Zuckerberg said earlier this month Facebook is executing a strategy to fight phony stories, after criticism that such content may have influenced the presidential election, But he said the percentage of fake content on Facebook remains “relatively small” (see 1611210002). “Right now, in the post-election environment, passions on behalf of some are running high, too high in some quarters,” May said. “And when passions run high, oftentimes there are pleas for action, even when the solutions offered might be worse than the supposed ills.” Elements of Facebook's strategy “look promising, at least in theory,” May said. “As a matter of sound policy, the government should stay out of the business of evaluating the truthfulness of news, except, for example, in rare instances involving public health and safety. And as a matter of law, the First Amendment’s free speech clause demands no less.”

More than one in four of the more than 31 million Wi-Fi hot spots around the world is “just waiting to be hacked,” Kaspersky Lab said in a Thursday report. Kaspersky estimates 25 percent of the world’s Wi-Fi networks “have no encryption or password protection of any kind," meaning the information they transmit is “completely open and can be read by third parties.” Another 3 percent of hot spots use Wired Equivalent Privacy protocol to encrypt data, it said: “This unreliable protocol can be ‘cracked’ within minutes using tools that are freely available on the internet.” The rest of the world’s hot spots use “a more reliable form of encryption” based on the "family" of Wi-Fi Protected Access protocols, it said. “The effort required to hack these networks depends on the settings, including the strength of the password.” It’s “worth noting” that the top 20 countries with the highest percentage of non-encrypted Wi-Fi hot spots include many popular tourist destinations, among them in the U.S., Kaspersky said: “Travelers are among the most vulnerable because the nearest available Wi-Fi hotspot is often the only way for them to stay connected.”

Consumer confidence toward tech spending fell 10 percent in November on CTA’s index of consumer technology expectations, the group reported Tuesday. It's “likely a temporary deviation" from the "strong technology appetite" expected for Black Friday week and the holiday selling season, CTA said. “This will dissipate as holiday sales and promotions accelerate in the coming days." CTA predicts 116 million Americans will buy tech products during Black Friday week. Most U.S. consumers have begun holiday shopping (see 1611210027).

ICANN plans to begin making reports on the organization's recent activities publicly available, said CEO Göran Marby in a Tuesday blog post.The executive team has been creating reports on each of the organization's departments before each of ICANN's five to six board workshops per year but will now begin making the reports public as part of “our continued commitment to increased transparency,” Marby said. The reports include a summary of ICANN's legal activities, engagement with governments and intergovernmental organizations, financial activities, contractual compliance and global stakeholder engagement.

The Broadband Internet Technical Advisory Group has released guidelines and recommendations aimed at helping consumer IoT manufacturers and other providers improve device privacy and security. Tuesday's BITAG report said consumers face threats from any internet-connected device, but the IoT is "unique" because it usually involves nontechnical or uninterested consumers who lack the expertise to evaluate privacy and security for such devices. The report said IoT threats potentially increase with the lack of incentives from manufacturers to develop and deploy software updates after initial product sales, difficulty in providing updates over a network, devices with limited resources and constrained user interfaces, and products that may ship with malware. To address insecure communications, data leaks, malware and service disruption, the group said IoT devices should be shipped with "reasonably" current software and have a way to receive automated and secure software updates. It said devices should use strong authentication and encryption with their configurations tested and hardened. The report recommended a privacy policy be included and easy to find and understand and industry should develop a cybersecurity program with a "Secure IoT Device" logo on retail packaging. Stakeholders, manufacturers and retailers should provide privacy policies, bug reporting systems and secure software programs, and support devices across their lifespans, BITAG said.