The Information Technology and Innovation Foundation (ITIF) urged the FTC in comments filed with the commission last week, to support the sharing economy by taking a light-handed regulatory approach and fighting "anti-competitive laws" tailored to incumbent businesses. The comments are among nearly 2,000 filings submitted to the FTC in response to its June workshop on various issues raised by the sharing economy (see 1508050043). The FTC should launch an effort "to use its authority to provide continuous oversight of anticompetitive regulations that impede innovation in the market" by identifying policies that limit the sharing economy and recommending changes "to ensure that competition in the sharing economy flourishes," ITIF said.

NTIA urged Internet governance stakeholders to file comments with ICANN on proposals for the Internet Assigned Numbers Authority (IANA) and ICANN accountability. The agency said in Monday’s Federal Register that those comments will help it “determine whether the proposals satisfy NTIA’s criteria and have received broad community support. Comments will also be considered in any NTIA certification before the U.S. Congress that may be required prior to terminating the existing IANA functions contract currently in place between NTIA and ICANN.” ICANN’s IANA Stewardship Transition Coordination Group (ICG) released a combined version of earlier community IANA transition proposals in late July (see 1507310060), while the Cross Community Working Group on Enhancing ICANN Accountability (CCWG-Accountability) released its proposal last week (see 1508040058). Comments on the ICG proposal are due Sept. 8, and comments on the CCWG-Accountability proposal are due Sept. 12, NTIA said.

The Mozilla Foundation released security updates to address a critical vulnerability in the built-in PDF Viewer for Firefox and Firefox ESR, the U.S. Computer Emergency Readiness Team said in an alert Thursday. U.S.-CERT said that exploiting the vulnerability may allow attackers to read and steal sensitive local files on the victim’s computer. Updates to Firefox are available, and U.S.-CERT recommends users and administrators apply necessary updates.

Passwords stored in Microsoft’s Group Policy Preferences may be insecurely stored due to incomplete implementations of Microsoft Security Bulletin MS14-025, the U.S. Computer Emergency Readiness Team said in an alert Friday. U.S.-CERT said that if administrators haven’t cleared previously stored passwords, the system may be vulnerable to exploitation. Attackers “may decrypt these passwords and use them to gain escalated privileges,” the alert said. U.S.-CERT recommends administrators employ the PowerShell script provided in Microsoft Knowledge Base Article 2962486 and follow the instructions to clear all “CPassword” preferences.

Several major Republican presidential candidates spent time during a Fox News debate Thursday criticizing recent Chinese and Russian cyberattacks against U.S. federal agencies, with Sen. Ted Cruz, R-Texas, blaming Russia for a July data breach that hit the Joint Chiefs of Staff’s email system. Reports on the breach began surfacing in the hours before the Fox News debate. The Department of Defense didn’t comment on the attack’s origin. Cruz also went after China, saying that nation’s government is “waging cyber warfare against America.” Wisconsin Gov. Scott Walker referenced attacks attributed to Russia and China, saying the two nations’ governments “know more” about emails stored on Democratic presidential candidate Hillary Clinton’s private email server during her tenure as secretary of state “than does our U.S. Congress, and that’s put our national security at risk.”

The Electronic Frontier Foundation released a browser extension, Privacy Badger 1.0, that blocks “some of the sneakiest trackers that try to spy on” an individual’s Web browsing habits, an EFF news release said Thursday. More than 250,000 users installed the Privacy Badger during alpha and beta releases, it said. The new extension “includes blocking of certain kinds of super-cookies and browser fingerprinting -- the latest ways that some parts of the online tracking industry try to follow Internet users from site to site,” it said. Users can sometimes see evidence that they are being tracked by advertisers and other third-parties online with ads that “follow you around the Web that seem to reflect your past browsing history,” said EFF Staff Technologist Cooper Quintin, the lead developer of Privacy Badger. The app will spot many trackers “following you without your permission, and will block them or screen out the cookies that do their dirty work,” Quintin said. The browser extension works in tandem with EFF’s new Do Not Track policy, the group said. Users can set the DNT flag or install privacy badger to signal they want to opt-out of online tracking, the release said. “Privacy Badger won’t block third-party services that promise to honor all DNT requests,” it said. “It’s time to put users back in control and stop surreptitious intrusive Internet data collection,” said EFF chief computer scientist Peter Eckersley, leader of the DNT project.

User names, email addresses and encrypted passwords for users of ICANN’s website were "obtained" at some point in the past week via “unauthorized access to an external service provider,” ICANN said Wednesday. The data breach didn’t expose information related to the Internet Assigned Numbers Authority (IANA) functions or ICANN financial information, ICANN said. “There is no evidence that any profile accounts were accessed or that any internal ICANN systems were accessed without authorization,” it said. ICANN hasn't sought a law enforcement investigation of the breach but its own inquiry is "ongoing," a spokesman said. The nonprofit said it’s requiring all users to reset their passwords and cautioned them to also reset passwords for other websites if they are the same as the one they used on ICANN’s website. ICANN previously was the target of other data breaches, including a November spear phishing attack that affected its centralized zone data system (CZDS), which contained names, email addresses, phone numbers and other information of CZDS users. That breach also affected ICANN’s Governmental Advisory Committee members-only wiki website (see 1412170037).

Cogent is beefing up legal spending as it prepares to go to court over ISP interconnection problems, CEO David Schaeffer said Thursday in a conference call on earnings results. Despite "active discussions ... we believe there's at least a couple [parties] that it appears possible that we may have to file litigation" on, Schaeffer said. "Hopefully ... they may understand the strength of our argument and come to the table. While we continue to remain hopeful that we will not have to file any litigation, we have prepared briefs and motions for litigation against several parties that have been unwilling to upgrade their interconnection capacity as required under the open Internet order." The "three problematic ISPs" are CenturyLink, Deutsche Telekom and Time Warner Cable, he said. While as much as 18 percent of Cogent's traffic at one time suffered interconnection problems with a variety of ISPs -- particularly AT&T, Comcast and Verizon -- "the largest three ISPs in the U.S. have understood this, understood their obligation under the law and have been good corporate citizens and opened up interconnections," Schaeffer said. Today, about 8 percent of Cogent's aggregate traffic is with providers experiencing congestion, he said. He has griped before about the likes of CenturyLink and TWC (see 1505010033). Those companies had no comment right away Thursday.

The global market for facial recognition technology is predicted to reach $2.67 billion by 2022, said a report by Transparency Market Research, a news release said Wednesday. There's increased demand for surveillance systems by civil and government agencies, particularly as the number of crimes and terrorist activities rise, the release said. Facial recognition has been accepted by the entertainment industry and is used extensively in consumer electronics, which is part of what is fueling the demand for the technology, it said. Because it has better accuracy “in terms of identifying facial features,” 3D facial recognition technology is expected to comprise most facial recognition technology sales, the release said. Government is expected to be the biggest user of facial recognition technology, followed by retail outlets, it said.

In 2015 more organizations will deal with more security incidents that will lead to an increase in data breaches, ID Experts predicted in December. “Unfortunately, our predictions were very much on target, as 2015 is already the year of the data breach,” ID Experts President Rick Kam wrote in a post Friday: “As companies pay more attention to data breaches, there will be a positive movement toward exchanging lessons learned and best practices.” Kam predicted the rate of data incidents and breaches -- especially in healthcare -- will rise dramatically during the second half of 2015; cross-industry sharing of threats and best practices will increase; and involvement by boards of directors in data privacy and security will increase. A 2015 Mandiant report said it takes an average of 205 days to detect a malware breach, Kam said. As more organizations hire forensic specialists to look for breaches, more breaches will be found, he said. As chip-and-pin security technology is enabled on credit cards, criminals will increasingly target healthcare fraud and identity theft, he said. The public also will start to see the impact criminal exploitation has on healthcare payers like Medicare, Medicaid and private insurers, he said, and attacks will spread to more industries. Attacks on the energy sector may be next, because “state-sponsored attacks will go wherever there’s valuable data to be found,” Kam said.