Skip to content Skip to navigation

Friday Cyber News, September 1 2017

Cyber technology-related news and links from around the web, for the week of 8/26 - 9/1:

1. Kenya's Supreme Court nullified its August election results, requiring a new election be held within 60 days, after irregularities and disruptions to electronic vote tallying were uncovered. [NY Times]

2. The FCC's API for receiving comments on proposed rules allowed users to upload any arbitrary PDF file to be hosted on the FCC's .gov domain. This did not turn out well for Commissioner Ajit Pai. [The Hill]

3. The FDA announced a recall of 465,000 pacemakers made by the former St. Jude Medical that need to be patched, requiring patients to come into the doctor's office to receive a software patch. Symantec estimates patch compliance at 85%; will patch rates increase when the insecure device is inside the body? [Motherboard; Symantec]

4. This week in hacking analytics: Details behind a spearphishing campaign waged by a group named WhiteBear against diplomatic organizations, embassies, and national defense groups shows how a suite of malware components--some common and others unique to WhiteBear's activities--are combined and used to differentiate and trace phishing campaigns. And, in a release of approximately 320 million hashed passwords from the HaveIBeenPwned site, all but 116 were cracked, providing information on how to effectively blacklist common passwords, storage errors that link user information with passwords, and even bugs in Hashcat itself. Perhaps the 116 users with uncrackable passwords could share some tips. [Securelist; Cynosureprime] 

5. The Cyberspace Administration of China has strengthened its real-name registration guidelines, indicating that any site that does not verify users' identities cannot allow users to post anything. [Quartz]

6.​ Does your cyber insurance policy cover "fraudulently induced" losses, or only losses directly tied to computer violations? Two conflicting federal district court decisions illustrate the importance of specific wording in cyber insurance policies to cover losses from spoofed emails directing companies to transfer funds to fraudulent accounts. [Inside Privacy]

7. What does a content moderator do all day? This short documentary follows a group of Indian content moderators keeping explicit images off of Facebook, fake users off dating sites, and assessing 2,000 images per hour. [Vimeo: Field of Vision]

8. The Open Markets project has been ousted from the think tank New America, in suspiciously close proximity to a dust-up over a blog post, and associated press release, that were critical of Google, which provides funding to New America. While associated emails released by New America suggest a longer history of employer-employee conflict, Google's management of this story reflects on their policy positions, and a statement that "Eric [Schmidt] never threatened to cut off funding to New America and [Google] had no role in eliminating the Open Markets Initiative" is a far cry from one supporting academic dissension and criticism. Where Google resists censorship and where the company--even tacitly--supports it could suggest to governments wanting their own censorship-related concessions from Google what a quid pro quo arrangement might look like. Google faces relatively little threat from academic think-pieces critical of its business practices--if academic think-pieces alone held such sway, we'd all be much healthier eaters and better versed in Lacan--and Open Markets' ideas were not unique, as similar "Google is a monopoly" ground has been tread by personalities from Paul Krugman to Kashmir Hill to Peter Thiel. Firing one research program at one think tank would be a petty way for Google to flex its muscle over this issue, and its response should reflect its desire to serve as a platform, not a gatekeeper. Meanwhile, Google is complying with EU demands associated with a $2.7B antitrust fine, and a Google routing error kicked much of Japan off the internet for a little less than an hour on Friday. [NYTimes; The Intercept; Gizmodo; Bloomberg; The Hill]

9. Burger King has launched its own cryptocurrency, the "WhopperCoin", which attempts to strain the definition of cryptocurrencies to include transparently managed customer loyalty programs. Call me when we can mine WhopperCoins, with a side of ASIC chips. [BBC]

10. AI has been accused of taking our jobs; is it also stealing our hearts? The answer to the question of whether machine learning can predict "human mating", as posed by psychologists from Northwestern, UC Davis, and the University of Utah, is no. Thankfully. [Psychological Science]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)