From counterfeit goods to weight loss scams, Google blocked more than 780 million ads in 2015 for violating policies, it said Thursday in a blog post. More than 12.5 million pharmaceutical ads that made misleading claims were blocked, while more than 10,000 websites and 18,000 accounts that pitched counterfeit products like fake designer watches were suspended. More than 30,000 sites that made misleading claims for weight loss through supplements -- a top user complaint, Google said -- were blocked, as were nearly 7,000 phishing sites. The company said it also disabled 10,000-plus sites offering "unwanted" software and slashed unwanted downloads through Google ads by over 99 percent. More than 17 million "trick to click" ads such as those that resemble system warnings from a person's computer were scrapped. Google said it also "stopped showing ads on more than 25,000 mobile apps because the developers didn't follow our policies." For instance, two-thirds of the violators had placed their ads so close to buttons that users accidentally clicked the ads. The company said more than 1.4 million applications from sites and mobile apps that wanted to display Google ads but didn't follow policies were rejected. Users also provided "4+ billion pieces of feedback" through the "mute this ad" functionality telling Google they didn't want to see an ad on a site again. Besides rolling out a new design to help users manage their ads settings last year, the company said it's updating policies on weight loss ads and new protections against malware and bots in 2016.
Brother printers, a General Electric dishwasher, Whirlpool smart dishwasher and Gmate Smart blood glucose monitor are among the first devices available for Amazon’s Dash Replenishment program, the retailer said Tuesday. Under Dash Replenishment, connected devices automatically order physical goods from Amazon when supplies are running low, the company said. For device makers and developers, Dash Replenishment Service APIs (application program interfaces) are available for integration into any device that can connect to the Internet, Amazon said. Developers can begin an integration using HTML containers and REST (representational state transfer) API calls, it said.
Kaspersky Lab and WISeKey are jointly developing technology to safeguard financial data exchanged via wearables, the companies said Thursday. The technology will integrate authentication and data encryption into wearables, allowing them to “safely connect, communicate and exchange financial data,” they said. The market for wearables is growing at a 35 percent annual rate, they said, citing Tractica, but many connected devices and the data they exchange are “worryingly unprotected." Security will become more critical as wearables are increasingly used to make payments, they said. Bulgari currently integrates WISeKey’s security software, Wis.Watch, into its smartwatches, enabling a user to securely identify and authenticate a device and connect it to a smartphone to access apps, personal data and cloud storage, said the companies. Under the partnership, Kaspersky Lab’s secure software development kit for mobile devices will be included, adding a layer of security that will lead to “ultra-secure” mobile payments, said the companies, who called the cooperation between them a “breakthrough in IoT cyber-security.” Kaspersky CEO Eugene Kaspersky said millions of devices in use today “were never designed to be secure” and there’s an “urgent need to establish and implement higher levels of security for IoT devices.” The collaboration will be based on WISeKey’s NFCTrusted technology and its Cryptographic Root of Trust for IoT that’s been installed on more 2.6 billion desktop, browsers, mobile devices, SSL certificates and connected devices, said the companies. Existing wearables can be retrofitted with the Kaspersky security layer by adding asymmetric identification at the device level, a WISeKey spokesman told us. The technology will be applicable to other IoT sectors, said WISeKey CEO Carlos Moreira.
The National Association of State Chief Information Officers will make cybersecurity, flexibility in federal regulations, FirstNet and information sharing its 2016 federal advocacy priorities, said a NASCIO news release Tuesday. “Cybersecurity is a top concern for state CIOs and with the tremendous growth in data that we anticipate, securing our public networks and the state’s digital assets are and will remain a top priority for NASCIO,” said President Darryl Ackley, secretary of information technology for New Mexico. NASCIO will also work with federal regulators to reduce regulatory burdens that hamper state government, it said. NASCIO also will closely watch the FirstNet process as states move closer to the opt-in/opt-out decision slated for 2017, it said. Some state CIOs are their state's single point of contact for FirstNet and it's crucial that CIOs stay informed of major developments, especially as FirstNet evaluates and awards bids this year in response to its request for proposals, said the group.
House Oversight Committee Chairman Jason Chaffetz, R-Utah, criticized the Office of Personnel Management Thursday for not providing what he views as sufficient information to the committee on data that contractor CyTech gathered in an inspection of OPM’s networks prior to the June disclosure of two breaches that exposed personally identifiable information (PII) stored on the networks. The breaches, revealed in June, exposed Social Security numbers and other PII belonging to more than 21 million people who were involved in federal background checks. OPM wiped information that CyTech’s CyFIR digital forensics tool gathered during the OPM networks inspection before the agency returned the tool to CyTech. “We’ve been asking for months” for the information CyTech gathered in its inspection of OPM’s networks, Chaffetz said Thursday during a House Oversight hearing. “It’s in your systems. We know it because we’re looking at hard copies. And we’re checking to see if you give it to us as well. And you’re not. And that’s why you’re going to be back before this committee.” OPM has attempted to “provide a response to every question that's been asked,” said Office of Congressional, Legislative and Intergovernmental Affairs Director Jason Levine. “We do expect another set of documents coming” in January “if not in the next couple weeks.” OPM has in the past “been challenged with this level of a document production” but is now prioritizing document requests to Congress, Levine said.
Harman said it’s buying auto cybersecurity firm TowerSec. Harman will integrate TowerSec’s technology into its security framework, which will “ensure that we remain one step ahead to protect existing and future connected systems,” said Harman CEO Dinesh Paliwal in a Tuesday news release. “While we have been partnering with HARMAN as a supplier, now we will leverage the Company’s scale, network and deep connected car domain experience to meet the demands of our target markets, including providers of gateways,” said TowerSec CEO Saar Dickman.
Henry Schein Practice Solutions will pay $250,000 to settle FTC allegations the provider of office management software to dental practices "falsely advertised the level of encryption" to protect patient data, the agency said Tuesday in a news release. The commission voted 4-0 to issue the administrative complaint. The FTC said it will publish a description of the consent agreement, which will be subject to public comment through Feb. 4, in the Federal Register soon. The agency alleged the company marketed "deceptive claims" for two years that its Dentrix G5 software provided industry-standard encryption of sensitive patient data as required by the Health Insurance Portability and Accountability Act (HIPAA). The FTC said the company was aware its software "used a less complex method of data masking to protect patient data than Advanced Encryption Standard," which is the recommended industry caliber. “If a company promises strong encryption, it should deliver it," said Consumer Protection Bureau Director Jessica Rich. Under the settlement, Schein "will be prohibited from misleading customers about the extent to which its products use industry-standard encryption or the extent to which its products help ensure regulatory compliance or protect consumers’ personal information," the FTC said. Schein must also notify all affected customers that the software doesn't provide industry-standard encryption. The company disagreed with the commission about how "we used the word 'encrypted' in Dentrix G5 marketing from early 2012 to January 2014," and the "product works, and works well," emailed a Schein representative Tuesday. "We have always communicated to customers that the ultimate responsibility for data security and HIPAA compliance resides with each practice." The settlement doesn't "represent an admission of wrongdoing regarding the Dentrix product," said the representative. "We made a decision to settle with the FTC to avoid long and costly litigation," she said. "We continuously upgrade and improve our product and service offerings, and advise our customers that they also need to take steps to protect the security of their data."
The Defense Department's Joint Functional Component Command for Space hired Kratos Defense & Security Solutions to do end-to-end satellite RF monitoring, interference detection and mitigation services aimed at safeguarding the commercially leased spectrum used by the military's U.S. Central Command and U.S. Pacific Command, Kratos said in a news release Tuesday. Phil Carrai, president-Kratos' Technology and Training Solutions Division, said military communications' increasing use of commercial spectrum means "newer, lower cost methods of providing resiliency to interference are fostering the convergence of DOD and commercial protected communications applications."
U.S. Cellular successfully implemented use of the industry stolen phone database, the carrier said in a letter to the FCC. The carrier had promised to notify the agency when it did so, it said. The letter was posted in docket 14-143.
Oracle is settling FTC charges that the company deceived consumers about security updates to its Java platform, standard edition software (Java SE) that's been installed in more than 850 million personal computers. The FTC said in a news release Monday that Oracle will be required to give consumers an easy way to uninstall older, insecure versions of Java SE under the proposed consent order. The company is also required to inform consumers via social media and its website about the settlement and how consumers can remove older versions of Java SE, which are vulnerable to hacking, the FTC said. The commission voted 4-0 to issue the complaint and accept the proposed consent order, which will be published in the Federal Register soon and then be subject to public comment until Jan. 20. At that time, the commission will decide whether to make the proposed consent order final. The FTC alleged Oracle had been aware of "significant security issues" with older Java SE versions, which support browser-based features such as calculators, online gaming, chat rooms and 3D images. The agency said the security flaws "allowed hackers to craft malware that could allow access to consumers' usernames and passwords for financial accounts" and launch phishing attacks. The FTC complaint also alleged Oracle promised consumers Java SE installed updates would protect their systems, but the company failed to say the update "automatically removed only the most recent prior version of the software" not earlier versions that might be installed. The agency said no versions released before Java SE version 6 update 10 were uninstalled. The FTC also alleged internal Oracle documents showed the company was aware of the problem in 2011 and "a large number of hacking incidents were targeting prior versions." Oracle had notices posted on its website about the need to remove older versions, but it didn't indicate the process didn't automatically remove older versions. Oracle did not comment.