Skip to content Skip to navigation

Friday Cyber News, February 17 2017

Cyber technology-related news and links from around the web, for the week of 2/11 - 2/17:

1. Spyware developed by the NGO group, a cyber arms dealer that sells exclusively to governments, was used against public health researchers and advocates of Mexico's soda tax, raising questions about who may have been controlling the tools, and for what economic end. [NY Times]

2. This week the security conference RSA took over San Francisco, bringing security product vendors and cryptographers to discuss the future of cybersecurityIoT security labels, the most popular attack vectors, and the political encryption debate. [Tech Target; Fortune; Fifth Domain]

3. Cameroon's internet has been down since January 17th, an intentional outage meant to quell dissent in the country and an increasingly popular technique used by authoritarian regimes to control the spread of information. [Vice Motherboard; NY Times]

4. The average monthly salary in Macedonia is $371, so of course they're taking advantage of ad revenue from Google and others to build fake news sites that bring in $1,000 a month. Apple's SVP of software and services is stepping forward to say that tech companies have a responsibility to people who obtain news through their platforms, and that Apple in particular wants to ensure that all Apple News sources are legitimate. Mark Zuckerberg released a feel-good letter this week promising AI solutions to everything from better news curation to more diverse perspectives, faster identification of crime and self-harm reported on the platform, and the support of groups formed on Facebook that are important to community. [Wired; Recode; The Guardian]

5. Yahoo's price fell $250M in its deal with Verizon following investigations into its massive data breaches. Verizon and Yahoo-turned-Altaba will share ongoing legal responsibilities related to the breaches. Meanwhile in financial news, New York state is adopting a rule that will "require banks, insurance companies, and other entities regulated by the state's Department of Financial Services to establish cybersecurity programs to protect sensitive data and secure the financial services industry." [Bloomberg; The Hill]

6. Microsoft will begin grading customers' Office 365 security settings, and reporting those grades to cyber insurers, in an effort to quantify security postures. No additional software or security settings are assessed, however. Microsoft is also encouraging tech companies to sign on to a 'digital Geneva convention' that involves protecting customers from nation-state attacks and promising not to conduct offensive cyber operations. [WSJ; Techcrunch]

7. The law has not decided whether fifth amendment protections against self-incrimination extend to not being forced to decrypt one's digital belongings, and a man detained in Philadelphia under suspicion of possessing illegal images may be detained indefinitely until the question is resolved--or he agrees to decrypt. [Ars Technica]

8. Cross-browser fingerprinting combines OS and hardware information with browser settings to identify and track internet users' browsing activity even when they switch browsers. Relatedly, it's important for reporters to use VPNs, because their targets can identify IPs related to news organizations, tipping them off to a supposedly secret investigation. [Ars Technica; CyberScoop]

9. An Asilomar retreat focusing on the future of AI talked less about machines taking over, and more about machines taking jobs--hollowing out the middle class and making discussions of a universal basic income more realistic. [Wired]

10. A university's IoT devices were hacked and used to DDoS the school's network by flooding it with searches for seafood restaurants. [ZDnet]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)