5 Companies That Had A Rough Week

The Week Ending May 15

This week's roundup of companies that had a rough week includes businesses and IT organizations facing a July deadline for the end of Windows Server 2003 support, companies facing a significant security threat to their virtualized systems from VENOM, two leading telecommunications companies who are paying more than $150 million to settle "cramming" charges, Google's latest "right to be forgotten" headache, and privacy complaints against Facebook in Europe.

Security Threats Imminent For Windows Server 2003 Server Laggards

Businesses that have been procrastinating about upgrading their Windows Server 2003 installations are in for a shock in two months when Microsoft ends support for the aging server operating system.

Security experts expect a wave of attacks against vulnerable Windows Server 2003 systems around July 14 when that support officially ends and Microsoft stops issuing patches and security updates, according to a CRN story this week. That will make Windows Server 2003 "one of the least secure systems in existence," said Piero De Paoli, senior director of global enterprise security product marketing at Symantec.

Some 30 percent of businesses plan to continue running Windows Server 2003 past July 14, according to a March survey conducted by Bit9 + Carbon Black. Those businesses, it's clear, are leaving themselves open to a major security breach.

VENOM Strikes With A Vengeance

IT managers scrambled this week to determine their data centers' exposure to a critical vulnerability known as VENOM (virtualized environment neglected operations manipulation) that attacks virtual machines.

VENOM works by letting an attacker running a virtual machine in a virtualized or cloud environment escape its virtual machine guest and obtain code-execution access to the host, the host network and other systems.

VENOM targets a vulnerability in the QEMU virtual floppy disk controller that's used in the Xen and KVM environments and the native QEMU client. But it's not an issue in VMware or Microsoft Hyper-V virtualized environments.

Verizon, Sprint To Pay $158 Million To Settle 'Cramming' Charges

Verizon Wireless will cough up $90 million and Sprint will pay $68 million to settle allegations that they billed customers for millions of dollars in unauthorized charges for premium text services, according to the Wall Street Journal.

The two companies neither admit nor deny the charges in the settlement announced this week with the Consumer Financial Protection Bureau, the Federal Communications Commission and several state attorneys general, according to the story.

Cramming is a practice where phone companies bill customers for third-party services, such as daily horoscopes, sports scores and trivia, without direct authorization from consumers. The settlement calls for $120 million of the fine to be refunded to customers.

Google Under Pressure To Explain Its 'Right To Be Forgotten' Decisions

A group of 80 Internet scholars and academics sent Google an open letter this week demanding that the giant company be more transparent in how it handles "right to be forgotten" requests in Europe to remove information from its search engine. The letter complicates the issue for Google, which already considers itself to be in a no-win situation.

One year ago the European Court of Justice ruled that Internet search engines must remove information that's considered inaccurate, inadequate, irrelevant or excessive. Google has said that since then it has processed 253,617 requests to remove 920,258 links and it has approved about 40 percent of those requests, according to The Telegraph website.

The academics' letter says the public should be better informed about the type and quantity of information Google is removing from its search results. It also asks Google to disclose its guidelines for its decisions.

Facebook Facing Allegations Of Violating European Privacy Laws

Google isn't the only company with European regulatory headaches this week. Belgium's privacy watchdog has accused Facebook of violating European privacy laws by tracking people online without their consent and failing to answer regulators' questions about its privacy policies, a Reuters story said Friday.

Belgium's Privacy Protection Commission issued a report Friday that analyzed changes Facebook made to its privacy laws in January. The report charged that Facebook "tramples on European and Belgian privacy laws" and refuses to recognize Belgian and other EU national jurisdictions by claiming it's subject only to laws in Ireland, where it has its European headquarters.

The Reuters story said the Belgian commission is working with its German, Dutch, French and Spanish counterparts -- a sign that this could spell bigger problems for Facebook down the road.