Skip to content Skip to navigation

Friday Cyber News, December 1 2017

Cyber technology-related news and links from around the web, for the week of 11/25 - 12/1:

1. Another NSA leak, this time of an Army intelligence sharing system called Red Disk, was the result of an unsecured AWS storage bucket. Veracode reports that more than 90% of firms using the same software library that, unpatched, led to the Equifax hack, have also failed to patch it. Why are simple routes of vulnerability still so effective? [ZDnet; The Hill]

2. A bug in MacOS High Sierra was discovered--and quickly patched--this week, which allowed anyone to log in as an administrator (root) and no password. Also at issue was the way the bug was disclosed, via public tweet, rather than being privately reported to Apple to allow a patch to be developed before opening up the vulnerability to anyone with access to an unattended Mac. [CNET]

3. Denmark, Germany, Norway, Spain, The Netherlands, United Kingdom and United States are working on an agreement, to be solidified by 2019, meant to guide the deployment of offensive cyber operations. [CyberScoop]

4. The Supreme Court heard oral arguments this week on a case that asks whether law enforcement should need a warrant to obtain cell phone location records, usually stored by service providers. In 2012, the Supreme Court ruled that a warrant is required to use a GPS tracking device to monitor a suspect's location, which makes the case more about ownership of the tracking data, and the specificity of location records, which usually only provide a 2-mile-radius "general area" the suspect's phone was in when it made a call. Related: the Motherboard Guide to Avoiding State Surveillance. And if you're not worried about the police tracking you through your phone, but are worried about who else may be tracking you: many popular Android apps were found to come with dozens of third-party trackers. [NPR; Motherboard; Intercept]

5. The GDPR--and its increase in fines for breached companies--is driving increased demand for cyber insurance, as it turns out that 4% of yearly revenue is at an attention-getting level. And, a good reminder that we should be more specific when talking about 'cyber' insurance, given the term's many legal, technical, and political uses. [Lexology; Slate]

6.​ Russia intends to develop a separate DNS infrastructure for use only by BRICs countries--Brazil, Russia, India, China--ostensibly to protect against other countries' cyber weapons and influence over internet access. [RT]

7. The MIT Media Lab is working on a social network that puts control of its filters--what posts you see and by whom--in the user's hands, noting that while current platforms allow you to advertise to 40-year-old women in Seattle, they don't allow you to read perspectives from those tightly categorized users, an oversight of how we may want to curate our filter bubbles, or dip into others occasionally. And, the origin of Silicon Valley's dysfunctional attitude toward hate speech online may be the 1989 ban of a Stanford newsgroup with posts of racist jokes. [Medium; New Yorker]

8. A Canadian man pleaded guilty to a 2014 spearphishing attack of Yahoo, which led to the breach of 500 million user accounts. Russian co-defendants (who have not been extradited) were alleged to have helped and to have been working to find the accounts of individuals of interest to Russia's FSB. [Ars Technica]

9. Is it a back-handed compliment to promote something by way of a list of unpopular ideas (about blockchains)? (I like Stellar's consensus protocol too). The price of Bitcoin topped $11,000 this month, so it may be a good time to look at unpopular opinions to temper enthusiasm. Cautiously enthusiastic: the head of the New York branch of the Federal Reserve mentioned this week that the Fed is considering its own digital currency. [Conspiratus; Bloomberg; The Hill]

10. Someone put a mock cryptocurrency mining rig in the trunk of their Tesla, to take advantage of the unlimited electricity available at supercharging stations. [Vice]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)