ICYMI:; Backdoor concerns; TalkTalk losses; EBay exploit; Safe-Harbour 2; Malwarebytes flaw
The latest In Case You Missed It (ICYMI) looks at; Investigatory Powers Bill; TalkTalk woes continue; EBay exploit unfixed; EU-US Privacy Shield agreed; Malwarebytes apologises for flaw.
Theresa May home secretary
MPs in the UK science and technology committee released a report which says firms fear a rise in hacking due to encryption 'back doors'. The Investigatory Powers Bill is described as ‘confusing' and committee chairman Nicola Blackwood said: "There remain questions about the feasibility of collecting and storing internet connection records (ICRs), including concerns about ensuring security for the records from hackers.”
“Customers have lost faith in TalkTalk as a trustworthy brand," following the October breach of the broadand, TV and telecoms provider, according to Imran Choudhary, consumer insight director at Kantar Worldpanel quoting his own company's research on the impact of the personal data loss. It reports that TalkTalk has lost some 250,000 customers since the breach and has seen its share of the home services market fall by 4.4 percent in terms of new customers. Clearly data loss has become a brand-reliability issue.
EBay has no plans to fix a severe active code exploit on the company's global sales platform.
Check Point Software's research team disclosed details of a vulnerability in mid-December last year but on 16 January eBay stated that it had no plans to fix the vulnerability. This particular vulnerability, though not yet seen exploited in the wild, is particularly large and Check Point's proof of concept, according to the company, works.
A last minute agreement on EU-US Safe Harbour transatlantic data transfers has been announced, called The EU-US Privacy Shield, but civil liberties objections remain.
US authorities have pledged that the US will avoid “indiscriminate mass surveillance” of EU citizens and a US ombudsman will follow up on complaints from EU citizens made via European data protection agencies (DPAs) while the European Parliament will play the role of watchdog for citizens over any new Safe Harbour agreement. But the status of the interim arrangement is questioned.
Malwarebytes' CEO has apologised and launched a bug bounty scheme after Google Project Zero researchers exposed the latest in a long line of anti-virus product flaws.
“I'd like to take this opportunity to apologise,” said Malwarebytes CEO Marcin Kieczynski in a 1 February blog in which the company owned up to several security flaws in its anti-virus software that are still three-to-four weeks away from being fixed.