The Democratic and Republican vice presidential candidates argued during their debate Tuesday in favor of their visions of countering cyberattacks. “We have got to bring together the very best resources for this country to understand that cyber warfare is the new warfare of the asymmetrical enemies that we face in this country,” said Indiana Gov. Mike Pence, the GOP vice presidential nominee. Sen. Tim Kaine, D-Va., the Democratic vice presidential nominee, said he believes private sector cybersecurity firms should participate in the “intelligence surge” that Democratic presidential nominee Hillary Clinton proposed to combat terrorism. “We've got some of the best intelligence and cyber employees in the world working right here in the United States for many of our private-sector companies,” Kaine said. Pence also referenced Clinton’s use of a private email server during her time as secretary of state, saying one of the best ways to improve the federal government’s cybersecurity would be to prevent future secretaries of state from similarly using private email accounts. Kaine countered that FBI Director James Comey found Clinton’s use of the email server wasn’t worthy of prosecution.

A majority of typical computer users experienced "security fatigue," that is they were tired of dealing with security, which could lead to increased risky behavior, said the National Institute of Standards and Technology in a Tuesday blog post on a new agency study. “If people can’t use security, they are not going to, and then we and our nation won’t be secure," said co-author Brian Stanton, a NIST cognitive scientist. The study is based on interviews with people of all ages, holding a variety of jobs and living in suburban, rural and urban areas about their online activity, including shopping and banking, computer security, security terminology, and security icons and tools. Researchers said most computer users "felt overwhelmed or bombarded" over computer security issues such as remembering dozens of passwords, leading to "feelings of resignation and loss of control." Some said they didn't know why they would be targeted in a cyberattack and added that security should be left to a third party such as their bank. To ease the fatigue, researchers, who plan further studies on the topic, said decisions should be made simple and consistent for users.

A Nevada-based electronics buyback company and its owner allegedly bilked consumers in a bait-and-switch scheme that promised high payouts for used smartphones, tablets and other devices, but delivered "far less," as little as 3 to 10 percent of the original quotes, the FTC said in a Tuesday news release. Commissioners voted 3-0 to issue the complaint against Laptop & Desktop Repair -- which also goes by cashforiphones.com and cashforlaptops.com, among other names -- and owner Vadim Olegovich Kruchinin. Georgia also charged the defendants. Last week, the U.S. District Court in the Northern District of Georgia issued an order to the defendants to stop the alleged practice and to freeze its assets. The complaint alleged thousands of consumers complained to the FTC and other consumer protection agencies. A phone number for Laptop & Desktop Repair found through the Better Business Bureau website played a recording of business hours, but didn't provide a way to leave a message for comment.

The volume of distributed denial of service (DDoS) attacks has remained consistently high, and such attacks are causing “real damage” to companies, Neustar said Tuesday in a report from surveying more than 1,000 cybersecurity professionals. It said DDoS attacks are frequently being used as a “smokescreen” for hackers to launch other malware against a company’s servers. Fifty-three percent of DDoS were accompanied by other malware, with 46 percent of such cases involving viruses, 15 percent involving ransomware and 37 percent involving other forms of malware. The risk of IoT-based DDoS attacks is increasing as more unsecured IoT-enabled devices go on the market. Eighty-two percent of professionals who have adopted IoT have experienced an attack, while 58 percent who haven’t adopted such technologies were attacked. “Organizations should be concerned that DDoS attacks are growing increasingly sophisticated and relentless, frequently serving as the first stage of a multi-stage attack against an organization’s infrastructure,” said Neustar Senior Technologist Rodney Joffe in a news release: “There is a silver lining: as public attention is driving urgency to improve DDoS protection capabilities, organizations are increasingly realizing that having a DDoS mitigation solution in place is a requirement” to prevent such attacks.

The U.S. District Court in Galveston, Texas, released Judge George Hanks' full order denying a bid by four Republican state attorneys general for a temporary restraining order to delay the Internet Assigned Numbers Authority transition. Hanks ruled against the TRO request Friday and the transition executed just after midnight Saturday (see 1609300065 and 1610030042). Texas Attorney General Ken Paxton led the underlying lawsuit against NTIA over the handoff, joined by Arizona AG Mark Brnovich, Nevada AG Adam Laxalt and Oklahoma AG Scott Pruitt (see 1609290073). The attorneys general “have not produced evidence sufficient to carry their heavy burden” in proving the need for the TRO, Hanks said in his ruling (in Pacer), released Monday. “Instead, they provide only the statements and averments of counsel -- and hearsay from third parties -- to speculate about the future results of possible changes and events in a complex phenomenon, and the role and influence of NTIA over this phenomenon. This is not enough to carry their heavy burden here.” Even if Hanks' court “were to find that some past harm or bad acts by [ICANN] impacted the interests of the States in their respective websites and alleged rights at interest, the Court notes that these past harms happened under the exact regulatory and oversight scheme that the States now seek to preserve,” Hanks said: “This, along with the lack of evidence regarding any predictable or substantially likely events, greatly undermines” the case for a TRO. The AGs' offices said they're considering next steps.

Facebook added a mobile marketplace for users to buy and sell with other people in their local community, the social network said in a Monday news release: The new feature lists items sold nearby and lets users search by location, category and price. A buyer can contact a seller through direct message to work out details of the transaction; Facebook doesn’t manage payment or delivery, it said. Marketplace rolls out first to the Facebook mobile app for iPhone and Android in the U.S., U.K., Australia and New Zealand; it will come later to other countries and the desktop version of Facebook, the company said.

The Electronic Frontier Foundation called Google's use of the term "incognito" for its Allo messaging app that provides end-to-end encryption "ultimately dangerous" for all users. In a Monday blog post, EFF researcher Gennie Gebhart said Google's use of the term "incognito" means something different in Allo than in the Chrome browser. In the Chrome incognito mode, she wrote, user activity isn't stored in the browser history, though ISPs can still determine which websites are visited. In Allo, no one can read a user's end-to-end encrypted messages, but conversations "are stored on your device for a certain period of time after you send them." Users will likely "misunderstand and underestimate Allo’s end-to-end encryption -- or, even worse, overestimate Chrome’s incognito browsing mode and expose themselves to more risk than the name 'incognito' leads them to expect," wrote Gebhart. Offering end-to-end as a once-in-a-while vs. default option signals to people the level of importance of the message for hackers, spies and others, she said. Instead, Google could, for example, offer two apps, one less secure and one that is end-to-end encrypted, she said. The company didn't comment.

Chinese consumer tech and content giant LeEco plans its “official launch” in the U.S. at an Oct. 19 event in San Francisco, the company said Friday. LeEco is “the global tech company whose super phones, TVs and bikes have been beating out the world’s top brands -- but we have a lot more than just screens planned,” the company said. LeEco CEO Jia Yueting sees his company “comprehensively landing in the United States,” he told a July news conference where it was announced that LeEco would buy Vizio for $2 billion (see 1607260066).

Health and fitness tracking using a mobile app, fitness band or smartwatch is popular among one in three internet users globally, GfK said in a Thursday report. Men globally are more likely than women to use a fitness tracker, but five countries -- Australia, Canada, China, France and Russia -- “stand out” as having a higher percentage of their female online populations using a tracking app or device, it said. Overall, fitness trackers are most popular among adults age 20-39, it said. Only a quarter of teenagers 15 and older now track their fitness activity, but many more said they did so in the past, the report said. “This suggests potential for bringing this significant number of past users back into the market” with the right messaging or promotional offers from retailers and manufacturers, it said.

Proliferation of augmented reality and virtual reality applications and services like Pokemon Go is sparking significant legal and regulatory issues about privacy, cybersecurity, e-commerce, free expression, intellectual property and safety, said R Street Technology Policy Fellow Anne Hobson in a paper. Privacy advocates and lawmakers like Sen. Al Franken, D-Minn., raised concerns with Pokemon Go creator Niantic over data collected from users and how it's being used (see 1607150014, 1607250009 and 1609010083). In privacy, Hobson wrote Thursday, passive data collection, facial recognition and targeted advertising are concerns. She said some state laws go further than federal rules and "present a more proximate threat" to AR and VR companies. Besides concerns with hacking, data breaches and information sharing requirements for AR and VR companies, she cited potential issues with data localization and the intersection of AR with IoT.