More than one in four of the more than 31 million Wi-Fi hot spots around the world is “just waiting to be hacked,” Kaspersky Lab said in a Thursday report. Kaspersky estimates 25 percent of the world’s Wi-Fi networks “have no encryption or password protection of any kind," meaning the information they transmit is “completely open and can be read by third parties.” Another 3 percent of hot spots use Wired Equivalent Privacy protocol to encrypt data, it said: “This unreliable protocol can be ‘cracked’ within minutes using tools that are freely available on the internet.” The rest of the world’s hot spots use “a more reliable form of encryption” based on the "family" of Wi-Fi Protected Access protocols, it said. “The effort required to hack these networks depends on the settings, including the strength of the password.” It’s “worth noting” that the top 20 countries with the highest percentage of non-encrypted Wi-Fi hot spots include many popular tourist destinations, among them in the U.S., Kaspersky said: “Travelers are among the most vulnerable because the nearest available Wi-Fi hotspot is often the only way for them to stay connected.”

Consumer confidence toward tech spending fell 10 percent in November on CTA’s index of consumer technology expectations, the group reported Tuesday. It's “likely a temporary deviation" from the "strong technology appetite" expected for Black Friday week and the holiday selling season, CTA said. “This will dissipate as holiday sales and promotions accelerate in the coming days." CTA predicts 116 million Americans will buy tech products during Black Friday week. Most U.S. consumers have begun holiday shopping (see 1611210027).

ICANN plans to begin making reports on the organization's recent activities publicly available, said CEO Göran Marby in a Tuesday blog post.The executive team has been creating reports on each of the organization's departments before each of ICANN's five to six board workshops per year but will now begin making the reports public as part of “our continued commitment to increased transparency,” Marby said. The reports include a summary of ICANN's legal activities, engagement with governments and intergovernmental organizations, financial activities, contractual compliance and global stakeholder engagement.

The Broadband Internet Technical Advisory Group has released guidelines and recommendations aimed at helping consumer IoT manufacturers and other providers improve device privacy and security. Tuesday's BITAG report said consumers face threats from any internet-connected device, but the IoT is "unique" because it usually involves nontechnical or uninterested consumers who lack the expertise to evaluate privacy and security for such devices. The report said IoT threats potentially increase with the lack of incentives from manufacturers to develop and deploy software updates after initial product sales, difficulty in providing updates over a network, devices with limited resources and constrained user interfaces, and products that may ship with malware. To address insecure communications, data leaks, malware and service disruption, the group said IoT devices should be shipped with "reasonably" current software and have a way to receive automated and secure software updates. It said devices should use strong authentication and encryption with their configurations tested and hardened. The report recommended a privacy policy be included and easy to find and understand and industry should develop a cybersecurity program with a "Secure IoT Device" logo on retail packaging. Stakeholders, manufacturers and retailers should provide privacy policies, bug reporting systems and secure software programs, and support devices across their lifespans, BITAG said.

Oracle said it’s buying internet traffic service Dyn, to extend its cloud computing platform. “Oracle cloud customers will have unique access to Internet performance information that will help them optimize infrastructure costs, maximize application and website-driven revenue, and manage risk,” said Dyn Chief Strategy Officer Kyle York in a Monday news release. A month ago Dyn’s DynDNS service experienced distributed denial-of-service attacks that resulted in outages or latency for many major websites, including Netflix and Twitter (see 1610210056). The attacks spurred interest on Capitol Hill in IoT cybersecurity (see 1610260067 and 1611160051).

Only 42 percent of consumers who responded to an Intel Security survey said they take proper measures to ensure their connected devices’ cybersecurity. Consumers are aware it’s important to secure their devices but 47 percent of respondents indicated they were unsure whether they were taking the correct cybersecurity measures, Intel said Sunday. OnePoll queried 9,800 consumers at Intel’s request for the survey. There's increased interest from Capitol Hill on connected devices’ cybersecurity. Two House Commerce Committee subcommittees sought a potential middle ground last week on addressing IoT cybersecurity in response to last month's distributed denial of service attacks against Dyn (see 1610210056, 1610260067 and 1611160051), which Oracle is now buying (see 1611210047). “Unsurprisingly, connected devices remain high on holiday wish lists this year,” said Intel Security Chief Consumer Security Evangelist Gary Davis in a news release. “What is alarming is that consumers remain unaware of what behaviors pose a security risk when it comes to new devices.” Consumers “are often eager to use their new gadget as soon as they get it and forgo ensuring that their device is properly secured,” Davis said. “Cybercriminals could use this lack of attention as an inroad to gather personal consumer data, exposing consumers to malware or identity theft or even use unsecured devices to launch DDoS attacks as in the recent Dyn attack.”

Symantec agreed to acquire identity protection company LifeLock in a $2.3 billion cybersecurity transaction, the companies said Sunday in a news release. Symantec expects to close the deal in Q1 next year after it gets U.S. antitrust and shareholder approvals.

The FTC OK’d a final consent order with Warner Bros. Home Entertainment, which settled allegations in July that it paid online influencers to promote a videogame without telling consumers (see 1607110029), the agency said in a Monday news release. Commissioners voted 3-0, after a comment period, the FTC said. The agency accused Warner Bros. of paying thousands of dollars to influencers to plug the videogame Middle-earth: Shadow of Mordor on Google's YouTube and other social media sites and of telling such influencers how to promote the game and not disclose any bugs. "Over the course of the campaign, the sponsored videos were viewed more than 5.5 million times," said the FTC. The company is barred from failing to make such public disclosures in the future and can't misrepresent sponsored content. In July, the company said in an email statement it always tries to be transparent with its customers and is committed to complying with the guidelines.

The National Retail Federation estimates 137.4 million U.S. consumers -- about 59 percent of the population -- will shop at least once during Thanksgiving weekend, including online, NRF reported Friday, citing a poll that Prosper Insights & Analytics conducted for NRF. "The holiday shopping season is long and consumers will look for and expect great deals down to the very last minute," said NRF President Matthew Shay.

Advancing encryption, changing government surveillance, opposing internet censorship and pushing for comprehensive privacy legislation are some policy priorities that the Center for Democracy & Technology wants President-elect Donald Trump to adopt. CDT said Friday that it submitted a document to Trump outlining a series of technology and internet recommendations for the incoming administration. In the cover letter to Trump, CDT President Nuala O'Connor called the proposals "moderate" and "pragmatic." CDT said privacy and national security measures should include elevating encryption to bolster internet security, rejecting back doors that could weaken encryption, stopping warrantless spying on Americans and creating an environment for security researchers to find and help patch software vulnerabilities. CDT said Trump should reject policies that force companies to monitor their users, fight online censorship and protect open internet rules. Trump also should address technology that could "exacerbate inequality and lead to discrimination in automated systems" and improve data protection. Early last week, the Internet Association wrote a letter to Trump outlining industry priorities, which include privacy and security (see 1611140069).