Skip to content Skip to navigation

Friday Cyber News, October 7 2016

Cyber technology-related news and links from around the web, for the week of 10/1 - 10/7:

1. It's already a great Infosectober: Reuters broke the biggest story this week, that Yahoo had secretly scanned all of its customers' email for information provided by US intelligence (sources differ on whether it was the NSA or the FBI) even though, crucially, the company was not legally required to do so. Nevertheless, they forged ahead without alerting their security, and the decision to scan indiscriminately (and install a government-provided rootkit to do so) supposedly led directly to Alex Stamos' departure as CISO. That makes him now a sort of human warrant canary at his new job as CISO of Facebook, which, along with Google, Microsoft, and other email providers, were quick to issue statements that they have done nothing of the sort with their users' email. Yahoo, meanwhile, is trying to distract us with their fancy deep-learning nudity classifier. [Reuters; Yahoo Engineering Tumblr (Yes, Their Official Research Blog is a Tumblr)]

2. It's beginning to feel a lot like Snowden: another Booz Allen Hamilton contractor working at the NSA was arrested for improperly removing information from the facility where he worked. Though Harold Thomas Martin III is not being charged under the espionage act like Snowden (yet?) speculation has arisen that the exfiltrated material was the Shadow Brokers exploits revealed a few months ago. Incidentally, Booz Allen Hamilton offers clients an insider threat detection program that by now must have a lot of training data to work with. They've also got a $13.2M contract to support the Army's cybersecurity, so I can't wait to see what leaks next. [New York Times; Washington Technology]

3. Whisper Systems, makers of the Signal messaging app, received a subpoena from the Justice Department (along with a gag order about the existence of that subpoena) asking for any information the company had on two phone numbers that may have been Signal users. One of the numbers was not a user, and the only information Whisper Systems had on the other user was the time the account was created (dated in Unix time) and the time the account had last connected to Signal--no personal information, no names, no text of messages, no location or operating system info. The lack of information means Whisper is unlikely to have to deal with future subpoenas, but also raises concerns that legislators could try to mandate metadata collection in the future, to help law enforcement. [New York Times]

4. A newly passed Russian law requires internet communications providers operating within the country to provide decryption capabilities to the government, and the Russian FSB (what became of the KGB) plans to decrypt all internet traffic in Russia in real-time. They're not saying how they'll do it, suggesting equipment that can perform man-in-the-middle attacks. Complying with these laws will be uncomfortable for companies like WhatsApp, Telegram, and Google, and may force them to stop operating in Russia. [SC Magazine]

5. Marc Andreessen on the future of AI: software is eating the world as quickly as rising-cost sectors (like healthcare) will eat the economy if we can't speed their rate of technological adoption. Retail is a good example of automation that has increased productivity while saving--and even adding more--jobs. Tyler Cowen and Alex Tabarrok debate whether machines will take our jobs; wages are stagnating globally, but supply of computer intelligence is much larger than supply of human intelligence, so humans may still take home higher salaries than the computers that assist them. [Vox; Marginal Revolution]

6. The computer fraud and abuse act is making it difficult for whistle-blowers, government agencies, and well-intended citizens alike to determine when companies are engaging in discriminatory practices, like age discrimination in hiring, or race discrimination in the sharing economy. [New Yorker]

7. Viewing through a VR headset the experiences of a cow raised for food, or a piece of coral subjected to ocean acidification can promote feelings of interconnectedness with nature that last for a week or more, researchers say, but does it translate into action--donations to activist groups, for example, or eating less meat? (And is there a market for VR, especially if it's just going to show you depressing stuff?) Without concrete effects, VR is about as useful as a good novel. Although, if we can combine it with this method to make a chatbot out of a deceased friend, we're well on our way to recreating "Her", "Vanilla Sky", "Minority Report", etc. [Technology Review; Guardian; The Verge]

8. This week in Blockchain: A report on the state of blockchain healthcare applications. Don Tapscott suggests that smart contracts on the blockchain could be used to directly compensate musicians for their work. Sweden is taking steps toward eliminating non-digital currency, showing a market ripe for cryptocurrency capitalization? [Tierion; LinkedIn; New Yorker]

9. Perhaps showing caution after an example was made of St. Jude Medical, Johnson & Johnson have proactively warned customers about a cyber vulnerability in one of their insulin pumps, and have provided instructions on securing the device in question. This is the first time a manufacturer has directly warned customers about a cyber vulnerability in a medical device. [Reuters]

10. Sure, sure, it's a series of tubes, but where do all the tubes go? Quartz goes deep with a series of maps of the internet, and some neat interactive scroll-y graphics. [Quartz]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)