Skip to content Skip to navigation

Friday Cyber News, May 27 2016

Cyber technology-related news and links from around the web, for the week of 5/21 - 5/27:

1. To write better code, read novels--the humanities are essential to producing software that humans want to engage with. We also need to understand philosophy, lest we make unfalsifiable security claims -- and history, to avoid creating a "useless class" of human through the development of AI, and to ensure we design tech that's usable by our older selves and by internet-citizen 13-year-olds. [NY Times; PNAS; Guardian; Smashing Mag; Washington Post]

2. Symantec released evidence linking North Korea to the SWIFT attacks on global banking. The North Koreans certainly need the money, and are less concerned with diplomatic repercussions. A new victim, a bank in Ecuador, was recently revealed. [NY Times; WSJ]

3. The algorithms used in criminal sentencing to assess the risk of re-offending are biased: black defendants facing similar charges are considered higher-risk. The risk score calculation doesn't explicitly take race into account, but it asks questions about educational level, parental relationships, and socioeconomic status that can strongly indicate race. Black users of AirBnB also face discrimination, though the algorithm isn't to blame, individual hosts are--this may be a case where the algorithm could help ensure fairness, though. [Pro Publica; CityLab]

4. The scary thing about China's Great Firewall isn't how to circumvent it--or your ability to use encrypted iMessages on an iPhone bought in China--it's how well it works, for the majority of citizens. Restricting content based on your country's proclivities is also gaining traction in the EU, where some countries want to enforce rules that services like Netflix must offer a certain percentage of locally-made content. [Washington Post; NY Times]

5. Tech stalking is a problem we need to consider as we build services: Anti-choice activists are using GPS to track women in and around abortion providers, and to specifically serve ads to their phones; Twitter will send your address to the user you file a complaint against, even if the complaint is that the user is harassing you. [Salon; Business Insider]

6. Google is moving toward a continuous authentication model, in a bid to throw out passwords and verify user identities by typing speed, location, facial recognition, and a combination of other factors harder to spoof. [Guardian]

7. The price of Ethereum, a blockchain-based technology for making and sharing commitments, is on a tear. Partially responsible for its success is its use by an organization called DAO to form a venture capital fund. Investors gonna invest. But how will the law treat DAO (and other DAOs, which stands for "distributed anonymous organizations")? [Vox; Coindesk]

8. A citizen science effort to examine how police are tracking social media--you can request your own records, too. Silicon Valley's conflicts with law enforcement and government surveillance are leading them down the opposite path: collecting less information, and evaluating the risk of storing it more carefully. Our co-director Dan Boneh recommends obfuscation techniques for app developers worried about the security of devices and the information they may be collecting or sending off via a backdoor. [LittleSis; Washington Post; Obfuscation Center]

9. Hospitals thought they were getting a good deal: pay a couple thousand in Bitcoin and get rid of your ransomware problem. But then, a Kansas hospital paid and didn't get their files back. Don't negotiate with cyber criminals, but do share data about them--even though retailers are pushing back on mandatory breach notification rules similar to those under which the financial sector operates, the benefits of sharing threat information outweigh the costs. The House of Representatives demonstrates with a Dear Colleague letter advising two-factor authentication and encrypted messaging. [Kaspersky; The Hill; WSJ; Daily Dot]

10. Hacker Phineas Fisher released a how-to video for SQL injections attacking police websites--specifically a Catalonian department. It's on. [Motherboard; Tune.pk] 

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)