Skip to content Skip to navigation

Friday Cyber News, June 15 2018

Cyber technology-related news and links from around the web, for the week of 6/9 - 6/15:

1. Apple's newest update disables the lightning port on users' phones after the phones have been locked for an hour, which addresses the methods used by companies like Cellebrite and GrayKey to gain access to data on locked phones. (It does not protect against Mitt Romney watching over your shoulder as you unlock your phone and announcing your passcode to a gathered crowd, as is apparently his custom). This latest step toward data protection is framed in terms of the battle over privacy, which is interpreted either as Warren and Brandeis' conception of a right to be left alone, or as a right to bodily self-determination, as in the landmark Katz and Carpenter cases. The distinction shows whether we think of data as something we own or something we are, and therefore how far we're willing to go to protect it. [Washington Post; NY Times; New Yorker] 

2. The Senate is considering a provision in the defense authorization bill that would establish a national policy for cybersecurity and cyber warfare, constraining the President's ability to decide those policies independently. Down the hall, Congress is considering a bill that would rename the DHS's National Protection and Programs Directorate as the Cybersecurity and Infrastructure Security Agency (CISA), to be headed by a Director of National Cybersecurity and Infrastructure Security, increasing focus on the cybersecurity of critical infrastructure. [The Hill;]

3. Project Maven caused Google to change its policy around defense-related contract work as a result of employees' ethical obligations, and they may have had security concerns as well; another contractor working on Maven was hacked by Russians, exposing project-related technology. [Wired]

4. False social media posts accusing two Indian men of being child kidnappers led to their murder, when they were attacked by a mob convinced by the posts. [CNN]

5. OPM is asking federal agencies to classify their cybersecurity workforce needs, and any plans for addressing hiring gaps. [Fifth Domain]

6.​ World Cup travelers were warned to watch out for hackers, and journalists at the US-North Korea summit were given USB-powered fans that many bystanders suspected of being malicious. [Reuters; BBC]

7. This week in cryptocurrency: A new paper that analyzes bitcoin price movements in association with Tether printing and trading finds that Tether issuances were used to inflate the price of bitcoin. Thailand's Securities and Exchange Commission published its cryptocurrency regulations, which explicitly allow trading in bitcoin, ethereum, bitcoin cash, ethereum classic, litecoin, ripple, and stellar, including as trading pairs for ICOs. Facing increasing inflation, more Venezuelans are turning bolivars into bitcoin. Wells Fargo prohibits its credit card customers from buying cryptocurrency with them. The US financial services industry is spending $1.7B on blockchain projects. [SSRN; Bitcoin News; Quartz; Bloomberg x2]

8. A new attack uses flaws in web caching to take over parts of Firefox, creating what the security researcher who discovered the attack calls a "low-fat botnet". [Dark Reading]

9. DHS is compiling a biometric database on travelers, including iris scans, palm prints, voice patterns, scars and tattoos, DNA, names, addresses, number plates, other documentation, which worries just about everyone, including those still affected by the OPM breach. [Naked Security]

10. Uber patented an AI application that detects whether a passenger is drunk. Someone is trying to phish Neopets users. James Comey used a personal email account to conduct government business while overseeing the investigation of Hillary Clinton's use of a private email server. [Independent; Motherboard; The Hill]

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email You can view news from past weeks, subscribe, and unsubscribe at