Skip to content Skip to navigation

Friday Cyber News, March 24 2017

Cyber technology-related news and links from around the web, for the week of 3/18 - 3/24:
1. China and Russia are both preparing for cyber war, with different meanings for the term; China tends toward cyber espionage and suppression of the online communication of actors they see as threatening the regime. Russia has perhaps more urgent geopolitical goals, and attacks Ukraine's electric grid, Polish financial systems, and email accounts of political actors worldwide. Also, a Russian dossier detailing election manipulation strategy emerges in Bulgaria. [CSM Passcode; Buzzfeed; WSJ]

2. Despite continuing worry over a Bitcoin hard fork, excitement about blockchain uses is growing: proposals for public sector data managementmedical device security, and opioid prescriptions this week indicate desire for the platform as well as its cryptocurrency engine. [Motherboard; McKinsey; CSO Online; Annals of Surgery]

3. Legislation that would require security disclosure and consent for manufacturers of smart cars and smart planes was reintroduced in the Senate this week, as well as legislation requiring drone operators to create policies for data collection, data retention, and warrant requirements. Meanwhile, the Senate voted to retract protections enacted during the Obama administration that would prohibit ISPs from selling your browsing history without your consent. ISPs are now free to share "location tracking, social security numbers, browsing data and app usage", and consumers are free to look into using VPNs. [Inside Privacy x2; The Hill]

4.  To repair their John Deere smart tractors, farmers have to turn to unlicensed Ukrainian firmware that allows the tractor to be repaired without manufacturer authorization of each part, which is often expensive. [Motherboard]

5. Orin Kerr and Bruce Schneier investigate the current state of encryption workarounds, and whether they address law enforcement and security agencies' underlying goals. Pair with: the current state of NIST's Computer Forensic Tool Testing lab, which purposely avoids testing encryption. [SSRN; Atlantic]

6.​ Researchers from the University of Kent have found that ransomware developers could maximize profits by making a few small changes--looking at the age of the victim's hardware and software, and how many files they have, for example, to estimate how much files are worth--and now we have to hope that ransomware authors don't read academic economics literature. [Cyberscoop]

7. The US is planning to temporarily restrict electronics in the cabins of US-bound flights from certain countries in the Middle East and Africa, on certain airlines. The TSA claims the ban is in response to a threat, but it must have been a very specific threat to exempt checked bags and particular carriers--notably, US-owned airlines. [Washington Post]

8. The Third Circuit Court of Appeals upheld the ruling of a lower court that failing to produce a password--in this case, claiming not to remember it--can lead to being held in contempt of court indefinitely. The facts of this Philadelphia case are not flattering to the defendant, but the primary principle that passwords and "contents of the mind" fall under the 5th amendment is at stake in the case. [The Register]

9. A study from UT Austin shows that maintaining legacy IT systems is less secure than updating the systems, for federal agencies. Previously, some had argued that a very old system would be less likely to be targeted because hackers would be unfamiliar with its code. [CyberScoop]

10. According to a recent study by online training company CBT, people who identify themselves as tech-savvy are 18% more likely to be victims of online identity theft, and those with PhDs are victimized more often than those with only a high school diploma. BRB, changing some passwords... [CSO Online]

Thanks for reading,
Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)