Welcome to Zero Day’s Week In Security, ZDNet’s roundup of notable security news items for the week ending October 9, 2015.
From The Hill: Senate Democrats press T-Mobile on data breach “Three Senate Democrats are seeking answers from credit agency Experian about the recent data breach that exposed up to 15 million T-Mobile customers. Sens. Richard Blumenthal (D-Conn.), Bill Nelson (D-Fla.) and Brian Schatz (D-Hawaii) – all leading Democrats on the Senate Commerce Committee – wrote the two companies Wednesday, requesting information on how both firms were handling fallout from the hack. “Experian and T-Mobile’s recent incident demonstrates the need for legislation,” the letter said.” See also: In wake of hack, anti-CISA group targets Experian (The Hill)
From Reuters: Exclusive: Uber checks connections between hacker and Lyft “Eight months after disclosing a major data breach, ride service Uber [UBER.UL] is focusing its legal efforts on learning more about an internet address that it has persuaded a court could lead to identifying the hacker. That address, two sources familiar with the matter say, can be traced to the chief of technology at its main U.S. rival, Lyft.”
From CNET: New California law requires police to get warrants for online data “If the police want to take a look at your email, they’ll now have to get a warrant. At least in California. Gov. Jerry Brown signed a privacy bill into law Thursday requiring law enforcement agencies in California to get a warrant for online data. The bill had the support of Silicon Valley and privacy advocates, showing that tech firms are resisting government collection of customer data in the aftermath of Edward Snowden’s surveillance revelations. A federal law is pending with similar restrictions. For now, federal law enforcement doesn’t need a warrant to access online data, even in California.”
From ZDNet: HTC says monthly Android security updates are “unrealistic” “The recent Stagefright vulnerability that could affect hundreds of millions of Android phones may have been a blessing in disguise. Responding to the situation, Google in August announced monthly security update availability for its Nexus phones. Samsung also commited to “near monthly” updates and LG has followed suit. HTC, however, has not. President of HTC America, Jason Mackenzie, tweeted over the weekend that the company “will push for them, but unrealistic for anyone to say guaranteed every month.””