Security analysts and journalists continue to digest the Equation Group story. The scope of US-Iranian cyber conflict draws fresh attention.
Reports allege the US State Department has not yet succeeded in cleaning up its compromised unclassified networks.
Gemalto and the telco buyers of the firm's SIM cards work to understand GCHQ's and NSA's alleged intrusion into their systems: keys used in point-to-point encryption keys appear to have been compromised. Ki shared secret keys, widely used in telecom encryption, seem to have been the vulnerable point. Gemalto investigates, large telcos prepare for general SIM card replacement, and Gemalto sustains a significant hit in the stock market (despite its protest that its devices are secure).
Another company, Lenovo, also endures significant reputational damage as the market processes the discovery that the device manufacturer pre-loaded Visual Discovery into its PCs. Microsoft, McAfee and others have pushed out cleanup help, and Lenovo (with some backing and filling) also seems to be belatedly remediating its products. The core issue is said to be the ease with which Visual Discovery's private key can be compromised, exposing users to man-in-the-middle attacks.
The company whose software attracted such odium, Superfish, unrepentantly blames the general outrage on vulnerabilities introduced by third-party Komodia. Journalists give Superfish decidedly mixed reviews as a company — Forbes is in the middle with its "interesting history" verdict. Meanwhile a class-action lawsuit has been filed in California against Lenovo.
Privacy concerns loom large for both the incoming US Congress and the President's cyber-policy outreach to industry.