Skip to content Skip to navigation

Friday Cyber News, January 18 2019

Cyber technology-related news and links from around the web, for the week of 1/12 - 1/18:

1. After finding 364 pages and accounts engaging in "coordinated inauthentic behavior" (none dare call it propaganda?), Facebook has deleted them, and found that the pages "frequently posted about topics like anti-NATO sentiment, protest movements, and anti-corruption" and spend $135,000 on ads. [FB]

2. Lacking insight into the algorithm that calculates their credit scores, Germans took advantage of a ruling allowing them to request their own data by pooling it, creating a crowdsourced approximation of how the algorithm works and uncovering several inconsistencies in how scores are calculated. [Techcrunch]

3. An 87 GB database containing 773 million email addresses and 22 million unique passwords was leaked on cloud storage service MEGA, and by now the answer to Troy Hunt's breach indexing website "Have I Been Pwned?" is simply "yes". (You can also check whether a password you've used is a common one, e.g., "Ulysses", and will you see it in a breached data set? Yes, I said yes, I will, yes). [Cyberscoop; Troy Hunt; HaveIBeenPwned]

4. Breaking with precedent, a US District Court judge for the Northern District of California ruled that suspects cannot be compelled to provide biometric features, like faces or fingerprints, to unlock devices that would potentially incriminate themselves. [Forbes]

5. You have to appreciate the headline: "The American military sucks at cybersecurity". The Pentagon's Inspector General recently released a report on cybersecurity within the DoD and found many common problems: weapons systems with easily-hackable passwords, encryption applied incorrectly or not at all to sensitive data, contractors with inconsistent use of multifactor authentication, and a lack of follow-through on recommended steps for improvement. [Motherboard]

6. Representatives from 90 advocacy groups, including the ACLU and the EFF, wrote an open letter to Amazon, Microsoft, and Google asking them not to sell facial-recognition tools to the government, making what I see as the wildly bold assumption that the government isn't capable of employing engineers who can build their own facial recognition tools. [The Verge]

7. Initiatives to combat the spread of digitally manipulated audio and video include forensic techniques, like detecting abnormalities in blinking; digital watermarking at the moment of creation; and authenticated alibi services, or continuous "life-logging" to provide contradictory evidence to a manipulated digital record. [Foreign Affairs]

8. No, the price-to-earnings ratio collapse of tech stocks over the past year isn't the end of tech, or the beginning of the end: it's the end of the beginning. [Atlantic]

9. Tim Cook outlines his vision for comprehensive Federal data privacy legislation: "the Federal Trade Commission should establish a data-broker clearinghouse, requiring all data brokers to register, enabling consumers to track the transactions that have bundled and sold their data from place to place, and giving users the power to delete their data on demand, freely, easily and online, once and for all." [Time]

10. Hostile takeovers of cryptocurrencies! A project called Valor is attempting to raise funds to short XRP (Ripple), fork it, and distribute its own Valor tokens in exchange for devalued XRP. [Axios]

Thanks for reading,

Allison
Stanford Cyber Initiative
fsi.stanford.edu/cyber

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)