At a glance.
- Most Internet-of-things transactions are said to be insecure.
- A misconfigured database exposes Virgin Media customer information.
- Vulnerable Microsoft subdomains pose a risk to users.
- Huawei seeks to reassure users that its backdoors represent no threat.
Zscaler study finds that most IoT transactions aren't secure.
A study by Zscaler of shadow IT, that is, software and devices users introduce into networks without the customary administrative sanction, presents a risk of data exposure, particularly insofar as the shadow IT touches the Internet-of-things (IoT). IoT transactions are generally, Zscaler says, not properly secured.
Virgin Media discloses a "data incident."
Virgin Media has disclosed a “data incident” in which some personal information belonging to about nine-hundred-thousand customers was exposed. The company says its taken steps to close the breach, which it attributes to an inadvertently misconfigured marketing database.
The exposed data included what Virgin Media characterizes as “limited contact information,” that is, names, home addresses, email addresses, and phone numbers. The company says no paycard information was compromised.
Microsoft subdomains may be vulnerable to takeover.
The alert service Vulnerability claims that more than six-hundred Microsoft subdomains are susceptible to takeover. Forbes notes that while no exploitation has been seen in the wild, a proof-of-concept is out. Microsoft says it’s working on a fix.
Huawei insists that it would only use the good kind of backdoor.
Huawei continues its charm offensive with a too-earnest-to-be-slick video in its Twitter feed that offers a sparkling little cadenza on what counts as a backdoor. Some backdoors, it says, are good, like those used for lawful interception of traffic, and there’s no real cause to be concerned about these, because they’re used only by duly constituted authority for narrowly defined purposes. That of course is a conceptual backdoor big enough to drive a busload of Shenzhen operators through, so few commentators seem to have been reassured. Does Huawei have a point about backdoors? To be sure--there are many things that get called "backdoors." The questions in Huawei's case arise because of its close relationship with China's security services, and its stated policy of refusing to comply with improper requests from the Chinese government has been received with widespread skepticism.