Skip to content Skip to navigation

Friday Cyber News, October 12 2018

Cyber technology-related news and links from around the web, for the week of 10/6 - 10/12:

1. A GAO report released Tuesday found major vulnerabilities in DoD weapons systems, including unencrypted communications, default passwords, and unpatched known security lapses that allowed penetration testing teams to "easily take control" of systems, see in real-time what operators were seeing on their control panels (and cause pop-up messages to appear on their screens), and view, change, and delete system data. The iceberg diagram on page 26 of the report is a familiar and foreboding indicator of a lot of upcoming work. [The Hill]

2. A breach that for years had exposed Google+ profile data to outside developers was discovered this spring, but Google decided against disclosing it for fear of regulatory scrutiny, as Facebook was dealing with the fallout from its Cambridge Analytica debacle at the same time. Google's lawyers determined that because no misuse of data was evident and because individual users who had been affected could not be identified, there was no duty to disclose. In response to the news that Google's decision was made to avoid regulation, Senate Commerce Committee Chairman Thune remarked that self-regulation was no longer sufficient for large tech companies like Google. [WSJ x2] 

3. Attempting to strike a balance between preserving free speech and removing incendiary fake articles, Facebook's disinformation-prevention efforts in the Philippines are fighting a Sisyphean battle, providing a glimpse into the challenges facing upcoming election protection efforts. [NY Times]

4. Tech workers are beginning to raise ethical questions over the technologies they're being asked to build, particularly when the end users of those technologies are governments, defense departments, or companies with previous lapses in fairness. ("Are we the baddies?") [NY Times; Mitchell & Webb] 

5. Case in point, Amazon's machine learning-enabled recruiting tool is being retired because it downplayed women's accomplishments, giving lower scores to activities like "women's chess team" and graduates of all-female colleges. Totally unrelated to a lack of female programmers, I'm sure, Amazon has patented an addition to Alexa that identifies when someone in the room with Alexa is crying, and classifies this as an "emotional abnormality." [Reuters; Telegraph]

6.​ So, that Bloomberg hardware hacking story last week. We still don't know: In a letter to the Senate Commerce and House Energy and Commerce committees, Apple denied it had found any evidence of a supply-chain compromise of its chips and DHS backed those denials, while Bloomberg doubled down with a further accusation of an unnamed US telecom affected by the compromised chips. Here's a good round-up of what we do know, and what's possible. [The Hill; The Verge; Bloomberg; Medium]

7. Admins of .gov domains will now be required to log in with a second-factor code from Google Authenticator. Those admins won't be able to store top-secret data in Google's cloud, though, as Google has pulled out of bidding on the Defense Department's JEDI cloud storage program. (Yes, yes, the government finds their lack of faith...disturbing). Microsoft, in contrast, has developed the security capabilities to join Amazon as a viable storage provider by Q1 of 2019. [Fedscoop; Bloomberg; Nextgov]

8. A new DHS report outlines cyber threats to precision agriculture, including manipulation of machinery or crop data, and espionage through co-optation of foreign-made drones. In agriculture privacy news, an AI facial-recognition program is being deployed at fish farms to prevent the spread of sea lice by tracking the health and movements of individual salmon, over, presumably, the objections of the ACLU (Atlantic Coho Liberties Union). [FCW; Bloomberg]

9. Vietnam is preparing to enforce a law requiring local offices and local data storage facilities for companies processing the data of Vietnamese citizens, against which Facebook and Google are pushing back. [Reuters]

10. Rob Storch, Inspector General of the NSA, wants to encourage whistleblowers, touting the agency's rights and protections--and a gingerbread house with windowpanes made of sugar--for those who speak out. [NPR]

Thanks for reading,

Allison
Stanford Cyber Initiative
fsi.stanford.edu/cyber

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)