Skip to content Skip to navigation

Friday Cyber News, September 30 2016

Cyber technology-related news and links from around the web, for the week of 9/24 - 9/30:

1. The judicial system's poor understanding of cyber technologies is leading to contradictory decisions, superficial lines of questioning, and decisions that misunderstand or avoid major privacy issues. Groups in academia and in Washington are attempting to remedy this, including the Cyber Initiative-Hoover-CISAC boot camps for Congressional staffers. [Washington Post]

2. Anonymous sources with 20/20 hindsight rush to decry Yahoo's lack of focus on security following its record-breaking breach, noting that its Paranoids group of security engineers were often ignored or overlooked on Marissa Mayer's list of priorities. Still waiting for the Stamos statement...maybe in October, which is Cyber Security Awareness month again ("Infosectober"). [NY Times; DHS]

3. Security journalist Brian Krebs was the target of the largest DDoS attack in history, reaching up to 1Tb/s and using IoT devices including security cameras. Krebs was brought back online with the help of Google's Project Shield, designed to protect journalists and advocates from these types of attacks, after Akamai and Cloudflare were unable to stem the flood of requests. [Passcode; Ars Technica]

4. Attention to state-sponsored hacking has shifted toward Russia recently, and away from China (Fancy and Cozy bears, not Deep Panda bears), but if the US cyber porridge is too hot, where are those bears turning instead? China's focus may have shifted to hacking within Asia, including Taiwanese political parties, government agencies in Hong Kong, and potentially Vietnamese airports. [CNN]

5. Even if the content of your iMessages is securely encrypted, Apple logs and stores metadata about those messages that it can share with police. And we know how well police safeguard data, as the hundreds of police offers who misused databases to stalk people demonstrate. Metadata is also being used to identify users of dark web forums, as behavioral pattern analysis can link posting activity across pseudonyms and platforms. [The Intercept; The Week; Dark Reading]

6. Newly proposed legislation would subsidize cyber insurance: the Data Breach Insurance Act would offer a tax break of 15% of the cost of data breach coverage, following on the tail of a RAND study suggesting that while the mean price of a breach may be pulled higher by massive events like Target or Sony, the median cost of a breach is a more manageable $200,000, leading many companies to choose to invest elsewhere. Some companies, though, are investing heavily in the legal aspects of security: IBM bought an entire consultancy's worth of people to train Watson for risk management and compliance applications. [The Hill; American Banker]

7. ProPublica's series on machine bias highlights the advertising categories into which Facebook slots its users, as well as the discrepancy between the level of detail offered to advertisers (high, e.g., "bought a car in the last week") and the level of detail described to users (medium, e.g., "has recently bought a car"). German regulators this week told Facebook not to collect data on users of its subsidiary WhatsApp, citing privacy concerns and calling the system requiring an opt-out of data sharing unfair and deceptive. [ProPublica; The Hill]

8. This week in cryptocurrencies: A profile of Vitalik Buterin, founder of Ethereum, highlights the difficulty with governing a decentralized system. A Q&A with the CEO of Overstock highlights his plans for a blockchain-based stock exchange. The Japanese company Coincheck has made a deal with local utility providers to allow customers to pay their utility bills in bitcoin, moving another step toward legitimizing cryptocurrency transactions for day-to-day business. Congress has created the Congressional Blockchain Caucus, to examine the adoption and regulation of blockchain technology (ok, but will they put their voting records and proposed legislation on a blockchain? Multisig verification to approve a bill?). [Fortune; Politico; Bitcoin News; The Hill]

9. A map of photos posted on Wordpress arranged by their geotagged coordinates highlights the sometimes hidden property of photos taken on smartphones and newer digital cameras, as well as the way these coordinates can be used to expose the locations of fugitives or cheat at guess-the-location contests. Some platforms, like Facebook, strip these coordinates automatically for photos they host. [Atlas Obscura]

10. "Investor and serial entrepreneur" J Greathouse (you'll see what I did there in a second) advises women in tech to obscure their online personas by not posting pictures of themselves or their team online, and only using their initials, to avoid revealing the terrible secret of their gender. In a twist becoming less and less rare, the humanities are way ahead of tech on this one; just ask Currer Bell and George Eliot. [Wall Street Journal, who will apparently publish anyone's half-formed ideas!]

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at