Skip to content Skip to navigation

Friday Cyber News, February 24 2017

Cyber technology-related news and links from around the web, for the week of 2/18 - 2/24:

1. The year ahead in Congressional cyber debates includes multiple committees to investigate Russian hacking during the election, renewing Section 702, and that elusive cybersecurity executive order. To help out those committees a bit, Russia's defense minister finally acknowledged the existence of its "information warfare" troops. [Cyberscoop; AP]

2. Daniel Susskind argues that the common conception that machines cannot replace humans for complicated tasks is wrong: just because humans can't describe the processes they use to complete a task doesn't mean that a computer can't complete the task just as well or better. Case in point, driving. This is bringing the debate over a universal basic income back into the news, as well as questions about where the job training and job transition programs are to help workers whose jobs are being automated away. [Oxford; NY Times; The Outline] 

3. 90 quintillion computations later, Google has found a collision for SHA-1, a relatively old hash function but one still in use in git and some certificates. Following their disclosure policies, in 90 days you, too, will be able to use their tools to produce PDFs that create a collision. That's sooner than Bruce Schneier's estimates of an organized crime syndicate's efforts, but too late to claim a collision reward "piñata". [Googleblog; Schneier; Bitcointalk]

4. In contradiction to a successful warrant last year requiring multiple employees to attempt to unlock a fingerprint-locked phone, a federal judge in Illinois has denied a warrant asking all occupants of a building to provide their fingers to attempt to unlock another device. The judge objected on the grounds of lack of specificity as well as 5th amendment protections, bringing back the debate over whether providing biometrics is self-incrimination. Not to worry, though; Cellebrite recently announced that they can unlock every iPhone up to the 6+. [Motherboard; Cyberscoop]

5. Northern Trust and IBM have debuted a private blockchain system for private equity trading. Meanwhile, the price of Bitcoin reached an all-time high, signaling confidence in blockchain systems generally. [Quartz; Cyberscoop]

6. Waymo (part of Alphabet) is suing Uber over alleged IP theft of its self-driving car guidance system; a former Waymo engineer who left for Uber downloaded over 14,000 files by installing specialized software and attempting to cover his tracks (using a burner laptop); however, Waymo was apprised of the situation by an inadvertently CC'd email. Here's the full complaint. [Bloomberg; Scribd]

7. A recently-discovered Cloudflare bug means that internet traffic for its more than 2 million hosted sites could have been publicly accessible. Cloudflare claims only 150 customers were affected, but we've seen how these initial estimates of the scope of a breach tend to inflate over time. [Cyberscoop]

8. Ford is skipping the step of self-driving car engineering that may require sudden human intervention in particularly tricky scenarios. Instead, their goal is a car with no means for human intervention at all, and the reason for this choice is that their engineers were constantly falling asleep in self-driving car prototypes. [IEEE]

9. The US Cyber Corps repays students' educational expenses if they take a cybersecurity-related job in the government. However, the current administration's hiring freeze impedes students' ability to do so, disrupting the program and keeping motivated students with relevant educational experience out of government. [Vocativ]

10. More North Korean cybercrime is expected after China halted its imports of North Korean coal--a key source of revenue--in response to the assassination of Kim Jong Un's half-brother, Kim Jong Nam, who had been living in a Chinese protectorate. (While we're on the subject, I can't leave without updating you on the most interesting story of the past two weeks; Kim Jong Nam, who had fallen out of favor after he was arrested attempting to take a child to Euro Disney using false travel documents, was assassinated in a Malaysian airport terminal by two young women smearing or spraying on his face what Malaysian authorities have identified as VX nerve agent. The young women claim they were told they were performing on a hidden-camera prank show, applied the substance with their bare hands and washed them immediately afterward, avoiding most of its ill effects, and may have been working with four North Korean men who left the airport shortly after the attack.) [Time; NY Times]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)