Skip to content Skip to navigation

Friday Cyber News, April 28 2017

Cyber technology-related news and links from around the web, for the week of 4/22 - 4/28:

1. Reuters reports that a Thai father killed himself and his child on Facebook Live this week, adding to Facebook's difficulties in offering a service that broadcasts literally anything, until its content police can identify objectionable material. A policy solution to the problem would be amending Section 230 to define Facebook as a content producer rather than a conduit; the company would then be liable for everything posted to its platform. Stanford PhD student Emma Pierson points out that computer scientists need to start valuing the humanities and social sciences, lest their power go unchecked: "Ethics training is required for professionals in other fields in part because it’s important for doctors and lawyers to be able to act ethically even when no one’s looking over their shoulders. Further, computer scientists need to help craft regulations because they have the necessary technical expertise." For its part, Facebook put out a report this week demonstrating it is well aware it can be used as a propaganda tool and a megaphone for objectionable topics. [BBC; Wired x2; Facebook Newsroom]

2. Marketplace digs in to "robot-proof jobs": what are they, how can we train our workforce toward jobs that use the non-automatable skills of humans, and what has happened to jobs automated away by earlier technological revolutions, like many farming occupations, or travel agents? [Marketplace]

3. Fireye reports that state-sponsored hackers in China have targeted South Korean agencies involved in deploying a missile-defense system designed to protect South Korea against North Korea. [WSJ]

4. California's deputy CIO outlines the state's cybersecurity plans, which include a security operations center, ISO training for state employees, and a draft plan for statewide cyber defense of critical infrastructure, due in July. [StateScoop]

5. The FBI obtained a mass-hacking warrant to remotely access and fix devices that had been commandeered as part of the Kelihos botnet. Ostensibly, this is what we would like the FBI to use its hacking powers for: restoring stolen property to hacking victims. The botnet's Russian ringleader was also indicted. [Ars Technica; Justice.gov]

6.​ Email subscription manager unroll.me generated outrage after customers realized this week that it had been selling anonymized data on Lyft receipts to Uber, as a proxy for Lyft's business health. Their privacy policy was no more specific than it needed to be, and promises that they wouldn't touch users' "private stuff" were understandably misinterpreted. I'd recommend never giving an app full access to your email, for reasons explained in #7, below. In similar murky privacy policy waters, a lawsuit filed against Bose alleges that the company tracks what users of its headphones are listening to, and sells the information to a marketing firm. [Lifehacker; MacRumors]

7. It's still easy to spearphish someone, for reasons as varied as the availability of phish-ready urls (e.g., accounts-drive-google.com) to the persistence of human trust in colleagues, family, and Google Docs. Symantec has found that victims in the US are twice as likely (64%) to pay ransomware demands as victims globally, so phishing attacks aimed at getting US-based computer users to unwittingly download something are unlikely to decline. [GQ; The Hill]

8. Five to seven minutes of network traffic from Visa, Mastercard, and Symantec was temporarily routed through a state-owned Russian telecom after the telecom altered border gateway protocol tables to claim the relevant segments of traffic. Though presumably Visa and Mastercard are encrypting their traffic, this vulnerability in the BGP system can be combined with TLS attacks or used to identify more vulnerable third parties transacting with the larger financial companies. [Ars Technica]

9. The latest Wikileaks CIA release is Scribbles, a tool for invisibly watermarking Word documents suspected to be tempting to whistleblowers or leakers. The tool's restriction to Word means that watermarks are visible when opening files in OpenOffice, so double-check before you share. [Wikileaks]

10. The use of machine learning to predict crime had a notable blind spot, until now: the predictive policing white-collar crime map shows where financial crimes are likely to occur across the country. [The New Inquiry]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)