VTech emailed all affected account holders that their information may have been compromised in a Nov. 14 data breach, the supplier of electronic learning toys said in a Monday news release. "As an additional precautionary measure," the company said, it temporarily suspended the Learning Lodge app store that was compromised and 13 other websites for "thorough security assessment and fortification." The company, which on Friday announced the breach, didn't say how many customers were affected, but media reports said they numbered about 5 million. VTech didn't comment Monday. The company said it immediately launched an investigation and also has implemented security measures against further attacks. Learning Lodge, the company said, permits customers to download apps, learning games, e-books and other educational content to VTech products. The company noticed the breach Nov. 24 after a Canadian journalist emailed VTech the prior day, asking about the incident, according to the company's FAQ section on the data breach. While VTech's customer database contains names, email, IP and mailing addresses, encrypted passwords, secret questions and answers for password retrievals, and download history, the company said the database neither contains credit card information nor personal identification data such as Social Security and drivers' license numbers.

The Center for Data Innovation, affiliated with the Information and Technology Innovation Foundation (ITIF), submitted comments to the Office of Management and Budget in response to OMB's request for public comments on proposed revisions to an order governing how the federal government manages information resources. The comments praised the OMB decision as a "welcome and necessary step towards creating a more responsive, transparent, efficient, and accountable government." The revision to the existing rule "provides a valuable opportunity" to better secure the benefits of open government data to the public and private sectors, said the comments.

Smart TVs will be “big-ticket items for hackers” this holiday season, said Symantec threat researcher Candid Wueest in a blog post. The firm researched the various ways a smart TV can be the target of cyberattacks and found that within a short time, a brand new set can be so infected with ransomware as to make it “ultimately unusable,” Wueest said. It found that hackers can easily install malware on the TV because not all its Internet connections make proper use of secure sockets layer encryption, and some that do don’t verify SSL certificates “thoroughly enough,” he said. For example, some TVs accept “self-signed” SSL certificates, “which are easy for attackers to create,” he said. When a user downloads an app to a smart TV, “the attacker could intercept the request and redirect it to another server,” he said. “So instead of the TV downloading the real app from the legitimate server, the request is redirected to a different server, which instead sends down a malicious app to the TV. Once downloaded, the user still has to accept the permissions requested by the malicious app and open it, but since the user doesn’t know the app is not the real one, they will likely accept and install the app anyway.” Though firms like Symantec have “yet to see any widespread malware attacks targeting smart TVs,” that doesn’t mean attackers “won’t target these devices in the future,” he said. To mitigate the threats, smart TV owners need to review privacy policies carefully and “understand the data you are agreeing to share,” he said. Users also should be careful “when installing unverified applications from unknown sources,” and to enable “app verification” in the TV’s settings whenever possible, he said.

The Blu-ray Disc Association is supporting the expected early-2016 introduction of Ultra HD Blu-ray players and movies with the launch of an “interactive website demonstrating the features of the new format,” BDA said Wednesday. Ultra HD Blu-ray “will set a new standard in picture and audio quality, bringing a major upgrade in resolution, color, contrast and motion,” BDA said. The website, UHDBDinnumbers.com, simulates the differences that 4K resolution, high dynamic range and higher frame rates “will make to your favorite movies,” it said. Two sections of the website, one for higher resolution, the other for HDR, are headlined, “See the difference for yourself.” One invites the viewer to use a “slider” to view the differences in standard-definition resolution, HD and Ultra HD. The other enables comparisons between standard dynamic range and HDR. Both sections have the “disclaimer” that the comparative images are only “representative” of the enhancements available with Ultra HD Blu-ray. On wide color gamut, the website touts Ultra HD Blu-ray as capable of displaying 76 percent of the “visible color spectrum” available for viewing by the human eye, vs. 35 percent for the current HD system. Ultra HD Blu-ray movies will be available on 66-GB dual-layer and 100-GB triple-layer discs and can stream video at data transfer rates as high as 128 Mbps, it said, without making advantageous comparisons with less robust data rates available through over-the-top streaming.

The Digital Economy Board of Advisors is being formed to provide recommendations to the NTIA administrator and the secretary of commerce on “a broad range of issues related to the digital economy and Internet policy,” NTIA said Tuesday in a notice. The board is forming as part of the Department of Commerce’s new Digital Economy Agenda, which Secretary Penny Pritzker announced in early November. The agenda seeks to promote a “free and open Internet,” promote trust online, ensure access for “workers, families and companies” and promote innovation, NTIA said. The board’s activities may include analyzing policies restricting cross-border data flows and other barriers to global Internet freedom, along with providing policy advice on cybersecurity and other issues that affect the digital economy, NTIA said. The board may also promote the development of new digital technologies and analyze the Internet’s impact on the U.S. economy. NTIA said it's seeking nominations for board members for two-year terms, with the board consisting of between five and 30 members. The secretary of commerce will appoint the board’s chairman. Board members will come from the private sector and civil society and should be “prominent experts in their fields and recognized for their professional achievements,” NTIA said. Nominations are due Dec. 23.

ICANN CEO Fadi Chehadé and former National Security Adviser Stephen Hadley, now a partner at consulting firm RiceHadleyGates, led an off-the-record roundtable event Monday on the national security and geostrategic implications of the Internet Assigned Numbers Authority transition, stakeholders told us. The event, at the Atlantic Council’s Washington office, was aimed at civil society Internet governance stakeholders but also included State Department officials, an industry official said. The event was also an opportunity for invited stakeholders to learn what they “can do in the critical coming months, as ICANN prepares to present” the IANA transition proposal and a related set of proposed changes to ICANN’s accountability mechanisms to NTIA for final approval, an invitation to the roundtable said. The roundtable is “really another in a long series of events we’ve participated in to raise awareness among” Washington-based parties about the IANA transition as planning for the transition has continued to progress, said ICANN Vice President-Business Engagement Chris Mondini. The roundtable was a follow-up to a similar off-the-record Atlantic Council event earlier this year. ICANN has participated in “dozens of these smaller roundtables,” including events at the U.S. Chamber of Commerce and the Center for Strategic and International Studies, Mondini said. ICANN’s presence at the off-the-record roundtable raised concerns among some stakeholders amid a push for ICANN to increase its transparency, though an industry lobbyist said hosting organizations -- rather than ICANN -- typically dictate whether such meetings are on or off the record. The Atlantic Council and Hadley didn’t comment. This roundtable specifically focused on general security issues on how international pressure in the Internet governance space might lead to balkanization of the Internet along national borders, Mondini told us. The session wasn’t being held in connection with recent concerns about government stakeholders’ demands for revisions to the Cross Community Working Group on Enhancing ICANN Accountability’s (CCWG-Accountability) proposed ICANN accountability mechanism changes, Mondini said. CCWG-Accountability hasn’t reached consensus on whether to propose amending ICANN’s bylaws to require the ICANN board to find a “mutually acceptable solution” when the Governmental Advisory Committee provides advice that’s supported by GAC member consensus. CCWG-Accountability is also grappling with a proposal from Brazil and several other GAC members to resurrect a 2014 proposal to amend the ICANN bylaws to require two-thirds of the ICANN board to vote to be able to reject consensus GAC advice (see 1511160047).

When shopping for tech products for the holidays, “remember that Black Friday savings don't have to stop at checkout,” said Noah Horowitz, senior scientist at the Natural Resources Defense Council, Thursday in a blog post. “When you buy the most energy efficient devices on the market -- and adjust the settings to avoid unnecessary energy waste once you bring your new toys home -- you can enjoy year-round savings on your electric bills,” said Horowitz, who wrote NRDC’s new report that said Ultra HD TVs with high dynamic range have the potential to consume 50 percent more power than basic Ultra HD TVs without the HDR capability (see 1511180067) and 1511190025). “We have 3.8 billion electronic devices installed in homes across the country,” and collectively they use $22 billion worth of electricity a year, enough to match the output of 67 large power plants, he said. “Many of these devices, like always-on set-top boxes or gaming consoles, can rack up energy costs even when no one's using them -- an average of $165 dollars every year per household.”

Thirty-one ICANN users’ credentials were used for gaining unauthorized access to new generic top-level domain (gTLD) applicants’ and operators’ contact information via ICANN’s new gTLD applicant and Global Domains Division portals, ICANN said Thursday. ICANN temporarily took both portals offline in late February to investigate unauthorized data exposures on the portals. Information from 29 registry operators was exposed via unauthorized access, though ICANN noted that information “was accessed inadvertently.” The “exposed registry contact information does not appear to contain sensitive personally identifiable information,” ICANN said. “Each of the affected parties has been notified of the data exposure.” ICANN said it took necessary steps to prevent similar types of data exposures from occurring in the future and “continues to deploy security-based updates on a regular basis as part of a broader, multiyear effort to harden all of ICANN's digital services.”

The Department of Homeland Security managed to strengthen its cybersecurity capabilities over the course of FY 2015 but failed to comply with multiple important information security requirements, said DHS’ Office of Inspector General in a report released Thursday. “Without addressing these deficiencies, the Department cannot ensure that its systems are properly secured to protect sensitive information stored and processed in them,” said the OIG. In particular, DHS failed to “include its classified system information as part of its information security scorecard” or as part of its Federal Information Security Modernization Act (FISMA) compliance submissions to the Office of Management and Budget, the OIG said. Some DHS agencies and offices “did not maintain their information security programs on a year-round, continuous basis” and the department’s enterprise management systems “lacked input validation controls to ensure accurate data was entered into the system,” the OIG said. DHS agreed with most recommendations from the OIG but said it didn’t concur with a recommendation that DHS strengthen its FISMA reporting process to ensure its classified system data was included on its FISMA compliance submissions to OMB. FISMA compliance reporting requirements for FY 2015 “do not require the submission of agency classified system data,” with a separate scorecard being used to report that information in case such scorecards need to be made classified documents, DHS said.

Mark Zuckerberg and his wife, Priscilla Chan, are giving $20 million to EducationSuperHighway to help the organization reach its goal of connecting all U.S. classrooms to the Internet at the FCC's 100 kbps per student goal, said the Facebook CEO in a post on his Facebook page. Because the Internet is critical for personalized learning, Zuckerberg said, it's important to get every school connected. While most schools are connected to the Internet, fewer than half have high-speed broadband, he said. "This means most students can't use personalized learning software that helps them learn content they're interested in, at their own pace and in a style customized to them," the post said. "And it means teachers can't access many of the resources available online." EducationSuperHighway didn't comment.