5 Companies That Had A Rough Week

This week's roundup of companies that had a rough week include Microsoft's partial about-face on Windows XP support, Apple's $32-million fine surrounding unauthorized credit card purchases by children, the latest security breach at a major retailer, a blow to net neutrality backers, and the dark side of the Internet of everything.

At first glance, you'd think this is a good thing. Microsoft has been pounding the drums so loudly about the need for customers to get off Windows XP by April 8 when it ends support for the OS, but this week's announcement is sowing confusion among customers and partners.

Microsoft now says it will provide antimalware signature updates for Windows XP through April 2015. The company said that's designed to give customers more time to migrate.

"I'd be happier if they stuck to their guns with the deadline," Michael Goldstein, president and CEO of LAN Infotech, a Fort Lauderdale, Fla.-based Microsoft channel partner, told CRN. He said the extension would eliminate only a portion of the security risks XP users will face after April. Another partner said the move sends "mixed messages" that make things more complicated for the channel.

Apple will pay at least $32.5 million in refunds to parents whose children made unauthorized purchases on iPhones and iPads in a settlement with the Federal Trade Commission announced this week. The Washington Post said the settlement is the first major punishment handed to a major technology company over the handling of children's applications.

Parents began complaining several years ago when they discovered charges on their credit cards -- some for thousands of dollars -- resulting from their children's use of such games as Tap Pet Hotel and Smurf's Village, according to The Washington Post story. The FTC said Apple deceived consumers by allowing unlimited in-app purchases for 15-minute periods without informing anyone and didn't provide enough safeguards for the games.

Under the settlement Apple must refund all unauthorized payments to customers, with $32.5 million set as the minimum total.

Another week, another retailer security failure ...

Neiman Marcus CEO Karen Katz apologized this week to customers whose credit and debit card information was compromised in a data security breach. News of the break-in, which is believed to have occurred last year, was publicly disclosed last weekend.

The company has neither disclosed the number of customers affected by the incident nor said which specific data was stolen. The retailer has said that customer Social Security numbers and birth dates were not taken.

News of the Neiman Marcus break-in comes on the heels of the massive security breach at retailer Target in which hackers are believed to have stolen data from 40 million credit and debit cards and the personal information of at least 70 million customers, including names, mailing addresses, email addresses and telephone numbers.

The U.S. Circuit Court of Appeals ruled this week that the Federal Communications Commission overreached when it set down rules preventing network operators from assigning content providers to faster or slower parts of the Internet.

The FCC established the net neutrality rules requiring that network companies like Comcast and Verizon treat all content equally. Backers of the policy said such rules were needed to keep the Internet fair and open and prohibit network operators from discriminating against some content providers or giving preference to companies that can pay higher fees. Network operators said such rules made it difficult to manage online traffic and Verizon took the case to court.

The court ruling said the FCC doesn't have the jurisdiction to regulate Internet service providers in the same way it regulates phone companies. That means the concept of net neutrality is on life support -- at least for the moment.

A cyberattack that sent 750,000 spam emails between Dec. 23 and Jan. 6 used more than 100,000 Internet-connected smart devices, including such consumer gadgets as televisions, media players and even a refrigerator. A favorite tactic of Internet attackers is to infect and take over PCs and then use them to create networks of "zombie" computers to send spam, launch denial-of-service attacks and carry out other nefarious plots.

But a new report from Proofpoint, a security-as-a-service provider, says that as more devices become "smart" and connected to the Internet, those devices become vulnerable to similar attacks. The Proofpoint report said it "observed and profiled" the Dec. 23 to Jan. 6 attack that sent 750,000 malicious email communications from a network that included more than 100,000 everyday consumer gadgets including home-networking routers, multimedia centers, televisions and one refrigerator that had been infected with "thingbots." Proofpoint said the incident marked the first time the security industry had proved that such everyday devices were part of a cyberattack network.