Skip to content Skip to navigation

Friday Cyber News, February 8 2019

Cyber technology-related news and links from around the web, for the week of 2/2 - 2/8:

1. For Silicon Valley, ethics has progressed beyond the trolley problem to thornier questions, like "Which authoritarian regimes is it okay to make rich by letting them invest in your company?", "Is it worse to pay teens for their mobile activity data or to sell them lollipop-flavored nicotine?", and "If you refuse to work with the Department of Defense, is it okay to work with Beijing?" In response, VCs are suggesting companies identify what a "minimal virtuous product" would be, rather than the previous "minimum viable product" standard for going to market. [Washington Post]

2. On Thursday, German regulators ruled that Facebook cannot combine user data across platforms and websites (e.g., between Facebook itself, Instagram, and WhatsApp) without user permission, so expect another click-box to pop up shortly and be summarily clicked and ignored. [NY Times]

3. Law enforcement indicted 20 members of a Romanian cyber crime ring for money laundering, fraud on Craigslist and eBay, and phishing schemes to gather payment card information. [Cyberscoop]

4. In advance of the Nigerian election, false news stories about both candidates are circulating on Twitter, Facebook, and WhatsApp. Meanwhile, a cyber attack on Australian Parliamentary computer systems doesn't appear to be related to their upcoming May election. [African Arguments; WSJ]

5. Evading comment on how his devices were hacked--or his iCloud account?--Jeff Bezos responds to extortion efforts by the head of the publishing group AMI by printing his demands, and descriptions of Bezos' stolen digital assets, in full. [Motherboard; Medium]

6. A proposed bill before San Francisco's Board of Supervisors would make the city the first to ban local government agencies (including law enforcement) from using facial recognition technology. Amazon offered some legislative principles for the use of facial recognition software this week, including that "When facial recognition technology is used in law enforcement, human review is a necessary component to ensure that the use of a prediction to make a decision does not violate civil rights" and the recommendation of a 99% confidence score threshold. [StateScoop; AWS]

7. Duke Energy faces a $10M fine for violating rules designed to keep the electric grid safe from cyber attacks, including improperly configured firewalls, failing to monitor for malicious activity, failing "to protect sensitive information on its most critical cyber assets" and allowing "employees without proper clearances to access computerized records for more than four years." [WSJ]

8. Even blockchains require trust, argues Bruce Schneier, it's just trust in the authors of their underlying code rather than trust in bankers or SEC chairpeople. A good example of the unfortunate confluence of both types of trust: a Canadian cryptocurrency exchange lost approximately $137M in deposits when its founder, the only person with the password to several wallets, died unexpectedly. [Wired; Ars Technica] 

9. Users must be notified of screen recording, Apple warns app developers, after concerns about privacy were raised by a report showing that many apps do not disclose screen recording and find ways to sell the data to third parties. [Ars Technica]

10. XRP is the first visualization target for Google's new project to make the blockchains of the top 3 cryptocurrencies easily searchable, joining work by Chainalysis and Sarah Meiklejohn. Possible motivation: this SEC solicitation for a blockchain analysis tool that is not specific to bitcoin. Bitcoin trading in Venezuela is reaching new highs as uncertainty over the Presidential transition exacerbates the country's financial instability. [Forbes; FBO; Cointelegraph]

Thanks for reading,

Allison
Stanford Cyber Initiative
fsi.stanford.edu/cyber

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)