Skip to content Skip to navigation

Friday Cyber News, February 9 2018

Cyber technology-related news and links from around the web, for the week of 2/3 - 2/9:

1. Privacy reporter Kashmir Hill introduced as many IoT devices as possible into her home, and monitored them for a month to track what data they were reporting, and how efficiently and effectively her ISP would be able to track her and gain insight into her activities. It also turned out to be annoying to live in, as Alexa wouldn't talk to the smart coffee maker, the smart bed wanted her husband's email address, and every strand of smart Christmas lights had to be turned off via a separate voice command. [Gizmodo]

2.  Cyber crimes are underreported, in part due to haphazard data collection and the accurate perception that most cyber crimes go unsolved, which leads to an underestimation of overall crime rates. How sophisticated can cyber crime get? My favorite researcher of overly complex cybersecurity obstacles, and possibly magician, Yuval Elovici, has done it again: his two new papers this week show how hackers can leak information, via magnetic perturbations, from within an isolated VM without root access, running on a physically isolated, air-gapped computer, to a nearby cell phone, which is in airplane mode and in a Faraday cage. [NY Times; ArXiv.org x2]

3. Walking back his dismantling of the Office of the Cybersecurity Coordinator in the State Department, Secretary of State Tillerson proposed the combination of the Office of the Cybersecurity Coordinator and the Bureau of Economic Affairs’ Office of International Communications and Information Policy, to form a Bureau for Cyberspace and the Digital Economy. [The Hill]

4. David Runciman visits the NIPS conference, and draws parallels between our goals for AI and our apprehensions about its power, and the corporations we depend upon to build that AI, but mistrust to manage it. [London Review of Books]

5. A new whitepaper critiques the "responsible encryption" called for by Deputy Attorney General Rod Rosenstein and FBI Director Christopher Wray as a reframing of the same dangerous backdoor/key escrow proposals of years past. [CIS]

6.​ YouTube, facing criticism for conspiracy-theory videos and RT programming, is planning to tag videos from state-sponsored media (including, e.g., PBS) and to promote videos debunking conspiracy theories alongside those promoting them. Reddit has also banned a subreddit dedicated to creating realistic and racy face-swapping videos, in keeping with its policy on explicit video and imagery content. [WSJ; The Verge]

7. The Consumer Financial Protection Bureau has scaled back its probe of Equifax's data breach, apparently reserving full-scale probes for those breaches affecting more than 143 million Americans. [Reuters]

8. Apple, Cisco, Allianz, and Aon are teaming up to give customers of Allianz discounts on their cyber insurance policies for using the former two companies' products, and a security evaluation from Aon. [Cyberscoop]

9. Financial analysts are taking advantage of Bitcoin's recent price decrease to pile on with vague calls for regulation and less vague Congressional testimony from the chairmen of the SEC and CFTC suggesting federal (as opposed to state-by-state) money-transmitter licensing. "The vast majority of cryptocurrencies are Ponzi schemes," said the President of the World Bank, while Unicef announces it has found a way to use Ethereum to raise money for Syrian children. Some cryptocurrency miners are relocating to Canada after China's moves to restrict trading and mining, and Nathaniel Popper notes that cryptocurrencies are coming to campus, with a nod to our own BPASE (!). Back at home, Facebook is "investigating" how its ban on cryptocurrency-promoting ads was circumvented by replacing the "o" in "bitcoin" with a "0". Indeed, h0w cou1d thi$ h@pp3n. [Bloomberg; The Hill; Politico; Bloomberg; Guardian; Bloomberg; NY Times; Vice]

10. Hackers are impersonating the Internet Crime Complaint Center, sending victims malware-laced documents on which to ostensibly report their previous cyber victimization. [The Hill]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)