Skip to content Skip to navigation

Friday Cyber News, December 16 2016

Cyber technology-related news and links from around the web, for the week of 12/10 - 12/16:

1. Everything you wanted to know about how Russia hacked our election (except how to fix it). '“There shouldn’t be any doubt in anybody’s mind,” Adm. Michael S. Rogers, the director of the National Security Agency and commander of United States Cyber Command, said at a postelection conference. “This was a conscious effort by a nation-state to attempt to achieve a specific effect.”' The CIA agrees, as do all 17 US intelligence agencies. Similar warnings against Russian influence in the politics of other nations have been raised by Germany, France, Britain, Poland and Sweden, much of NATO and the security committee of the European Union. [NY Times; NY Times; USA Today; CBC]

2. Facebook is making a slow U-turn on their fake news problem, and has announced it will start flagging fake news shared on its platform and employing independent fact checkers to evaluate popular stories. Although I have some questions about the design of the warnings (is "before you share this story, you might want to know that independent fact-checkers have disputed its accuracy" the clearest way to convey that information?) I'm glad they're agreeing to address this problem. Why is preventing fake news so important? The success of any educational endeavor depends on reaching a populace that understands how to evaluate information and why it is important to do so. If we disagree that finding the truth is beneficial and that believing a falsehood is harmful, we have nothing. This is not a partisan or even a uniquely American position, and even the Pope has publicly spoken out against fake news, comparing the spreading of disinformation to coprophilia. [Politico; NPR; The Guardian]

3. Yahoo just announced a massive breach--no, not the one from September, a new one--and it involves one billion accounts. And they don't know exactly when or how it happened. And the leak included passwords encrypted using MD5 (insufficient), unencrypted security questions (very insufficient), and "proprietary code" allowing anyone to log in as any account without a password (a backdoor). Verizon, still working out the terms of their purchase of Yahoo, is at least getting their money's worth on due diligence. [USA Today]

4. "How much technology has contributed to the widening income gap in the U.S. is a matter of debate; some economists treat it as just one factor, others treat it as the determining factor. In either case, the trend line is ominous." [New Yorker]

5. Google Translate was getting better incrementally; then it got a lot better all at once. Google is optimizing the way it leverages AI, and it's not just for translation. IEEE just published a draft guide for developing ethical AI, which goes a bit deeper than "don't be evil." [NY Times; TechCrunch]

6. Legal scholars have held that while law enforcement can compel you to provide a fingerprint, they can't compel you to provide a password. An appeals court in Florida recently ruled that a defendant can be compelled to provide a password because when law enforcement already possess the password-protected device in question, providing access to it is not self-incriminatory. I expect this decision to be overruled; stay tuned. [Consumerist]

7. We're worried about self-driving vehicles and drones being hacked, but what about the system on which both depend: GPS? Stanford professor and GPS pioneer Per Enge is researching how to make our GPS-reliant systems resilient to cyber attack, including by using multi-source verification, backup systems, and planes that can jam and repel spoofed signals. [Stanford Engineering]

8. This week in commerce: Overstock became the first publicly-traded company to distribute stock via a blockchain. The Shadow Brokers have moved to a direct-to-consumer business model to sell purloined NSA exploits. [Wired; Motherboard]

9. A tidy news cycle in less than 24 hours: Uber launched self-driving cars in SF, a self-driving car ran a red light in SF; the CA DMV demanded Uber cease experimenting with self-driving cars and get a permit. [NY Times; Wired; Quartz]

10. This week in cyber dystopia (I mean, besides story #1): pilots can lose control of Boeing 787s if the planes aren't rebooted at least every three days. That's right: your airplane has to be turned off and turned back on again more frequently than your router. Uber's forensic investigator wrote in a court declaration that “Uber’s lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses.” Many troves of consumer data offered for sale to investment groups still include personally identifying information. [Points Guy; Reveal News; FT]

Year-end prognostication exercise: What will be the biggest cyber news story of 2017? What will be the trends, economic indicators, or new products? What will the cyber dystopia bring? Give us your cyber predictions for 2017, and some will be featured in the Cyber Initiative's end-of-year newsletter. The most accurate prediction wins a prize in December 2017! Tell us here.

Clarifications and updates for last week's newsletter: North Korea denies that it attacked South Korea's cyber command (I wouldn't expect otherwise--but the investigation is ongoing). The pizza in Pizzagate is NY-style; the primary restaurant in question is in DC (both NY and DC restaurants received threats). And DHS says that its poking around on the website of the Secretary of State of Georgia was for routine license checks. [Cyber Scoop]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)