Skip to content Skip to navigation

Friday Cyber News, January 11 2019

Cyber technology-related news and links from around the web, for the week of 1/5 - 1/11:

1. Nearly a year after US officials accused the Russian government of hacking into the electric grid, the culprit--a common pitfall that also affected earlier breaches, like those of Target and Home Depot--is the network of contractors and sub-contractors who work with multiple utilities and are insufficiently protected against nation-state cyberattacks. Representatives McNerney and Latta are introducing grid security legislation that wouldn't address the contractor problem directly, but would encourage more collaboration between the DOE and individual utilities, and would create a program to identify and test the cybersecurity of products used in electric grid infrastructure. [WSJ; McNerney]

2. In response to the sale of location data to unregulated entities like bounty hunters, Senators and an FCC commissioner are calling for more transparency into how, and to whom, consumers' mobile phone location data is sold. Relatedly, when location tracking goes wrong, the erroneous output is sometimes, accidentally, an individual's house, which then becomes suspected as the location of numerous stolen devices, kidnapped children, and criminal activities. [Motherboard; Gizmodo]

3. Have you noticed that the people sharing questionable or click-baity political articles on Facebook are more likely to be older? A new study shows that older social media users are more likely to share fake news, perhaps not identifying it as such due to a lack of digital literacy or cognitive decline. The authors also suggest a selection bias, in that older people who still use Facebook regularly are more likely to be interested in partisan political issues, like gerrymandering, wall-building, and of course, AOC. Unfortunately, a recent study shows that the average user derives $1,000 of value per year from his or her account, making the simple solution to this problem economically unrealistic. In other Facebook news, the company has patented a means of tracking users through the lens-scratch and camera-dust aberrations that show up on their photos. [Verge; PLoS ONE; Gizmodo]

4. In Vietnam, anti-government comments on Facebook have led state-backed media to accuse Facebook of violating the country's new cybersecurity law. [Reuters]

5. Linked to recent decreases in the prices of cryptocurrencies, Ethereum Classic experienced two double-spending attacks this week. These attacks become easier to mount when mining resources are relatively less expensive to amass. [Coinbase Blog]

6. De-identified and PHI-stripped medical datasets, such as activity tracker data, still provide sufficient information to re-identify participants, as a new study from MIT, UC Berkeley, and UCSF has found. The privacy protections for big data in healthcare often focus on only a subset of available data, address access by individuals and institutions rather than the accumulated data itself, and do not provide for equitable data collection. [JAMA; Nature]  

7. Identifying patterns in young children's use of emoji shows that even pre-literate kids are using emoji to express ideas and emotions, but that their use of the images differs from those of adults: kids are more likely to send long strings of emoji with individual characters multiply repeated, and "Kids don't use the faces that convey a note of irony, such as the otherwise-popular tears of joy" (Good, I can't stand that crying-laughing face). [Wired]

8. County officials' Facebook pages are public fora, ruled a Federal Appeals Court judge in Virginia this week, and no one can be blocked from accessing and commenting therein. The case is expected to be used as precedent for other political social media accounts that have blocked individuals. [Ars Technica] 

9. The state of North Dakota is considering a change to its IT structure that would give one agency oversight of cybersecurity for every public institution in the state: local governments, schools and universities, courts, and the state legislature. And, more trouble out of the Carolinas: an analysis of South Carolina's voting machines found that software deficiencies led to hundreds of miscounted ballots. The errors weren't sufficient to influence election outcomes, but point to mishandled priorities in the state's election preparations. [StateScoop x2]

10. Unpublished page from many a company's PR playbook? This breach announcement bingo card is sure to come in handy soon. [@Viss]

Thanks for reading,

Allison
Stanford Cyber Initiative
fsi.stanford.edu/cyber

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)