Skip to content Skip to navigation

Friday Cyber News, January 20 2017

Cyber technology-related news and links from around the web, for the week of 1/14 - 1/20:

1. A recap of the past eight years in cyber policy: the internet moves faster than government. Counted against positives like the US-China cyber espionage agreement and the establishment of NIST guidelines and an independent Cyber Command are numerous breaches of government offices, slow responses to nation-state hacking, and a steady stream of cyber crime in the private sector. The CIA has new rules for handling the data of Americans: the data must be subject to the same protections regardless of where it was collected (i.e., within or outside the US) but querying a database is not considered collection and does not require special permission. [NextGov; Just Security]

2. Microsoft is in court this week over their right to inform customers when the government obtains a warrant to read their emails (and those customers' right to know their emails are being searched). The question involves an interpretation of Fourth Amendment rights that would involve a third party (Microsoft) asserting those rights on a customer's behalf. [CSO]

3. A 23-year-old in Maryland, an expired domain name, made-up details: six million shares on Facebook. We're familiar with the template of fake news creation and dissemination. In South Sudan, though, fake news and Facebook rumors are fanning the flames of genocide. [NY Times; Buzzfeed]

4. Retired General James Cartwright was pardoned for his role in confirming details of the Stuxnet attack to media, and the sentence of former soldier Chelsea Manning, who provided Wikileaks with military documents and video of air strikes that killed a Reuters journalist, was commuted; she will be released in May. [Cyber Scoop; CNN]

5. A cyber weapons dealer signed a $2.5M contract with Mauritania--a country known for its human rights violations--and delivered some, but not all, of the promised hacking and surveillance tools. Mauritania, in return, is holding hostage a contractor sent to help with the installation and use of the software that was delivered. [Motherboard]

6. The NHTSA concluded its review of Tesla's autopilot feature after a fatal crash last year, and found no fault with autopilot; in fact, crashes involving Teslas decreased 40% after the introduction of autopilot, providing evidence for the public safety benefits of self-driving, or driver-assisting, cars. Other manufacturers of self-driving cars are considering hiring remote human operators on stand-by to direct cars that encounter very complex situations. Uber, meanwhile, is paying a $20M settlement to the FTC over lying to drivers about median wages and the terms of car loans they could receive. [Techcrunch; Wired; MarketWatch]

7. Mark Zuckerberg, whose recent PR blitz may be related to his political aspirations revealed in a (denied) request to Facebook's board to continue to control the company while serving in a theoretical government role, requires a team of 12 people to curate his Facebook page and delete harassing comments. If preventing harassment on Facebook requires 12 people, what hope is there for the regular user? [Bloomberg Businessweek]

8. Security journalist Brian Krebs believes he has tracked down the "author" of the Mirai botnet, and it started with a Minecraft fight. The trail of message board evidence highlights both the difficulty of attribution and the hunch that the balance of cyber investigatory techniques is shifting toward these non-traditional methods. Meanwhile, Tor is strengthening its encryption and upgrading privacy settings to make sites on the dark web harder to find. [Krebs; Wired]

9. Iran's cyber army has attacked Turkish utilities, Saudi banks, and Israeli satellites, and its former commander was murdered after accusations that he had leaked information to an opposition movement within Iran. [Al-Arabiya]

10. This week in "we can do better": iOS10 devices crash when texted three particular emojis in a row. A large-scale simultaneous comparison of online and offline prices from large retailers showed that prices differ 28% of the time. The Executive Director of the National Cyber Security Alliance suggests cyber security education should have its own slogan, or a "Smokey the Bear"--because "don't copy that floppy" worked so well, right? [ZDnet; American Economic Review; CNN]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)