Skip to content Skip to navigation

Friday Cyber News, July 7 2017

Cyber technology-related news and links from around the web, for the week of 7/1 - 7/7:

1. Kaspersky's offer to let the US government inspect its products' source code in exchange for retaining government contracts is of little practical use; absence of evidence (of, e.g., Russian collusion with Kaspersky) is not evidence of absence. [Engadget; Lawfare]

2. Why aren't robots taking more jobs? Lack of trust, human saturation with robot management tasks, and process improvements more likely to be suggested by humans than robots. [Bloomberg]

3. Unsurprisingly, the UK has realized two years after the fact that providing the NHS's patient records to Google so that the company could test a DeepMind kidney disease identification app violated patient privacy and the UK Data Protection Act. [Inside Privacy]

4. On Monday, NASDAQ's API erroneously set prices of major stocks like Amazon, Apple, Google, and Microsoft to display as $123.47, causing investor unease over the huge losses that would represent for the first three stocks in that list. Steve Ballmer, presumably, was temporarily ecstatic. NASDAQ is blaming the glitch on a developer making test code public; developers giveth, and developers taketh away. [NJ; Youtube] 

5. ​Raytheon's director of government cyber solutions argues that Cyber Command needs tools that a 22-year-old boot camp grad can be easily trained to use, to make a cyber battle feasible. But what does it mean for cyber weapons systems to scale? Are cyber weapons meant to be infantry tools, or Seal Team 6 tools? To answer the question of why we aren't winning the cyber war, Stanford CISO Michael Duff provides a perspective on (non-governmental) institutional capabilities, and the growing sophistication of adversaries. [Fifth Domain; Argyle Journal]

6.​ Hackers are targeting US nuclear plants--with, it seems, phishing attacks--because hackers are targeting every sector of infrastructure, including hospitals, banks, intelligence agencies, retailers, and Hello Kitty fan sites. [NY Times]

7. Sure, you can't replace your actual fingerprints if one of them is compromised, but a new technique to generate unique, fingerprint-like patterns on small plastic particles implies you could use a set of these "fingerprints" as an authentication factor. [Futurism]

8. University of Chicago business professors argue, in an outlet that explicitly restricts out-of-network access to contributors' data via a paywall, that there should be a Network Portability Act allowing users to export their "social graphs" from platforms like Facebook and Twitter, for out-of-network use. As we saw in Facebook v. Power Ventures, the line between that social graph and data owned by the platform itself is very, very thin. Furthermore, the proposed use for extracting your social graph is maintaining Old Platform connections after transitioning to a New Platform, with the example given of phone number portability between carriers. This is akin to what Facebook and Google are attempting to do with their cross-platform verification options; create a pan-internet individual identity, the way a phone number is a pan-telephonic individual identity. It's possible that WeChat has already sufficiently accomplished this in China. But aside from the privacy and de-duplication issues with transporting a social graph (if Alice is connected to Bob on LinkedIn, and Bob is friends with Carol on Facebook, does Carol show up to Alice as a second-degree connection? What if Carol is listed as Cheryl on LinkedIn?) the use case isn't clear; a platform-only connection from Alice to Bob is of little use outside that platform unless Alice and Bob both also use a second platform (including the platform of knowing one another in real life), in the same way that knowing someone else's telephone number is of little use if you have chosen to no longer use a telephone. Making these connections useful would thus require users to willingly link all of their accounts on separate platforms, something that CNN found can be very upsetting, when it tried to link Reddit and Facebook accounts this week. [NY Times; Wikipedia; Newsweek]

9. South Korea's largest Ethereum exchange, Bithumb, was hacked, and funds--"billions of won", where 1B won is roughly $865,000--were allegedly stolen. While upsetting, South Korea has the security of another large system to worry about this week: the US's missile defense system, implicated in a recent North Korean test that demonstrates the capacity to reach Alaska and threaten the world's current stalemate with North Korea. [Motherboard; NY Times]

10. Microsoft's new chatbot ("Zo") has the same problem as its old chatbot ("Tay"). [BGR]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)