Five Companies That Dropped The Ball This Week10:00 AM EST Fri. Aug. 10, 2012
Hackers used good old-fashioned social engineering to dupe an Apple support technician into giving them the password for Wired reporter Mat Honan's iCloud account. Armed with this information, hackers proceeded to wipe all data on Honan's Apple devices and take over his Twitter account, using it to spew racist and homophobic messages.
First, a flaw in Amazon phone support process allowed hackers to access Honan's account page, which displays the last four digits of a user's credit card number. Then, because Apple only required the last four digits to verify a customer's identity, hackers were able to access Honan's Apple ID account and start their devastating tap dance on his privacy.
Apple has changed its phone support policy for resetting customers' passwords, and plans unspecified additional measures to ensure this doesn't happen again, but the incident exposed a giant hole in the security of a system that encompasses more than 400 million user accounts.
Amazon also deserves a dressing-down for its role in the Honan hack fiasco. Its policy of allowing people to call customer support and add a credit card to an account simply by providing their name, email address and billing address paved the way for all of the hacker misdeeds that followed.
Like Apple, Amazon has since changed its phone support to prevent this method from being used in the future, but you have to wonder how many times it has been used previously by hackers whose goal it was to keep their tracks hidden.
Google's privacy headaches continued as the Federal Trade Commission hit Google with a $22.5 million fine for overzealous data collection practices.
According to the Associated Press, the FTC began looking into the matter six months ago after a Stanford University researcher found that Google had bypassed security mechanisms in Apple's Safari browser designed to prevent tracking of users' web surfing habits.
For a company that flies the "Don't Be Evil" flag, this sort of thing is going to inevitably trigger snickering within the IT industry.
A10 Networks is facing a $112 million settlement charge after a San Jose, Calif., federal court ruled in favor of Brocade in the companies' two-year-old intellectual property dispute.
Not only did A10's AX series load balancers infringe on Brocade's patents, but A10 was also found to have misappropriated four Brocade trade secrets and used proprietary code in its products, according to the court ruling. Specifically, the court ruled that A10 CEO Lee Chen had directly recruited an engineer to work simultaneously at both A10 and Foundry -- which was acquired by Brocade in 2008 -- thus violating his Foundry work agreement.
The once high-flying smartphone maker HTC reported a 27 percent drop in fiscal second-quarter revenue, and also slashed its previous revenue guidance for the current quarter. Investors didn’t like that much, and the ensuing sell-off of HTC shares lopped more than $1 billion from the vendor's market capitalization, according to a report from The Wall Street Journal.