Skip to content Skip to navigation

Friday Cyber News, August 11 2017

Cyber technology-related news and links from around the web, for the week of 8/5 - 8/11:

1. Yes, if the government disclosed all vulnerabilities it finds (or buys, or actively seeks out) that would amount to cyber disarmament. The question remains whether the population of vulnerabilities that companies would want disclosed overlaps completely with the population of vulnerabilities that the NSA and Cyber Command most want to retain for their own use. The Fancy Bear hacking team, meanwhile, has been using leaked NSA exploits to monitor hotel guests via the hotel wifi. [Lawfare; Wired]

2. If your voter records have been breached ("if"), can you sue? Likely no; the standards for real or imminent harm usually require a financial loss, though they are inconsistently applied. The amount of damages to recover is similarly inconsistently calculated, and does not account for discovering additional victims later in the process. [Lawfare]

3. Microsoft is releasing more information about its Coco Framework, designed to speed up blockchain-based transactions, and currently compatible with Ethereum. The framework requires the use of hardware with an isolated secure computing area, called a trusted execution environment. Find the Coco white paper here. [Reuters; Github]

4. Last month, the UN GGE failed to reach a consensus on how international law applies to states' use of cyber technologies. Does this portend retrenched antagonism, and will the discussions even continue next year? [The Diplomat]

5. After introducing a known vulnerability to a DNA sequencer, researchers at the University of Washington were able to create DNA that, when sequenced, delivered malicious code to the sequencer. [TechCrunch]

6.​ Facebook aggressively copies smaller startups making products that it wants to include in its platform, like bite-sized streaming video or video-chat hangouts. Facebook even runs focus groups targeted at users of the apps it wishes to replicate, to get a better sense of how they use them. Is Facebook too big to compete against? [WSJ]

7. Bill Burr (not the comedian) was the author of a 2003 NIST Special Publication that provided some guidelines for passwords that will be familiar: special characters, capitalization, numbers and letters, and frequently changed. He has since seen the error of his ways, and regrets promulgating these rules rather than accepting that longer passwords, even if composed entirely of lowercase alphabetic characters, can be harder to crack. As guidelines for IoT security draw bilateral support (from government and security researchers), they will include the removal of easily cracked or hardcoded passwords, one of the primary means by which botnets take over cameras and routers, and a partial driver of ransomware. AIG and other insurers note that inquries about cyber insurance by Chinese companies increased 87% in the month after WannaCry, an indication that widespread hacks lead to growth in cyber insurance. [WSJ; Reuters]

8. The internet ecosystem is increasingly built around, by, and for ads, leading to worse experiences and raising the question of where an equilibrium can be reached between ad-clogged Facebook and Twitter feeds and ad-drenched websites and Google search results. [The Ringer]

9. Uber drivers have found that staying offline in a coordinated way can force surge pricing, due to Uber's algorithmic constraints. [Telegraph]

10. An algorithm trained on emoji is better at detecting sarcasm in tweets than one trained on text alone. Also gold: "I'm a Google Manufacturing Robot and I believe humans are biologically unfit to have jobs in tech." [Technology Review; McSweeney's]

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email You can view news from past weeks, subscribe, and unsubscribe at