Skip to content Skip to navigation

Friday Cyber News, November 18 2016

Cyber technology-related news and links from around the web, for the week of 11/12 - 11/18:

1. Facebook has been having a "Dewey Defeats Truman" moment for months: beholden to the advertising revenue its algorithm optimizes for, the platform has been gamed by fake news sites and refuses to solve the problem. Insiders claim that a fix was made, but because it affected conservative-leaning fake stories more than liberal-leaning ones--no surprise, as conservative sites share more fake stories than liberal ones--it was shelved. That's a shame, because finding truthful and valuable stories is a great problem for an algorithm (that was part of what the original PageRank was meant to do) and Facebook shouldn't step away from this engineering challenge. The National Security community (and even Lindsey Graham!) is rightly worried about Russian influence on the election, but Macedonian fake-news peddlers had quite an influence themselves and profited off the election, which should be worrisome to both Facebook and elected officials. Google is attempting to ban fake news sites from receiving ad revenue in an attempt to make the fake news business less attractive to those Macedonians, and "renegade Facebook employees" are taking the matter into their own hands. Adding another wrinkle to the fake news problem, Adobe debuted VoCo, which is "photoshop for audio" that can convincingly edit recordings and introduce words that were never said. Better do something soon, Facebook. A randomized controlled trial of Danish Facebook users found that those who quit using the site for a week or more reported improved life satisfaction. [Buzzfeed; Guardian; Gizmodo; O'Reilly; LA Times; NYMag; NYTimes; Buzzfeed; Techworm; Discover]

2. Security analysts found a secret backdoor in software on Android phones that sends text message, location, and call data to China. More than 700 million disposable and prepaid phones, some of which were used in the US, are affected. [NY Times; CyberScoop]

3. A day in the life of NYC's $10M cyber crime lab: where uncrackable devices go, as well as cases involving cell phone tracking data, internet activity, and secure messaging. [Fortune]

4. Useful to cyber insurance providers also: how to assess the collateral damage of a cyber attack. [Lawfare]

5. Twitter rolled out anti-harassment tools this week that are primarily aimed at hiding abuse from its target rather than removing it, but it's a step forward. They also suspended a number of racist, misogynist, and anti-semitic accounts. [Buzzfeed x2]

6. The UK has passed the "Snoopers' Charter": a law that requires ISPs to store browsing history for one year, requires companies to decrypt data on demand and disclose security features in their products before their release, and has been opposed by much of Silicon Valley, British privacy rights groups, UN representatives, and the EFF. Meanwhile, Google is investing heavily in the UK, adding 3,000 jobs in a new London headquarters. [ZDnet; BBC]

7. The graphic guide to international cyber norms you didn't know you needed, hosted by a graduate-educated version of Clippy: Dr. Cy Burr. [NewAmerica]

8. By monitoring fluctuations in wifi signal, your hand motions while typing in a PIN--and thereby the PIN itself--can be reconstructed. And PoisonTap is a cost-effective device that uses the USB port of a locked computer to gain access to its internet activity. [Morning Paper; Wired]

9. NIST released new IoT security guidelines this week, amidst discussion of how to use incentives to combat botnets like Mirai: holding the customer responsible seems unfair, holding the manufacturer responsible ignores the small and transitory nature of many companies making cheap security cameras, holding ISPs responsible comes into conflict with net neutrality principles, and holding hackers themselves responsible is, of course, difficult. [Infosec Magazine]

10. This week in cyber dystopia: DDoS attacks aimed at emergency call centers in the Western US caused outages of 911 services. App-related distracted driving has led to the biggest spike in traffic fatalities in 50 years. Wal-mart is telling its employees not to download an app designed by a pro-unionizing group, citing security concerns with giving the app names, zip codes, and phone numbers. [CyberScoop; NY Times; WSJ]

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at