Skip to content Skip to navigation

Friday Cyber News, September 8 2017

Cyber technology-related news and links from around the web, for the week of 9/2 - 9/8:

1. US credit reporting bureau Equifax discovered that it had lost the personal information--names, birth dates, addresses, social security numbers, and driver's license numbers--of 143 million individuals in a data breach, which conveniently was discovered days before Equifax executives, including the CFO, sold stock they owned in the company. Equifax CEO Richard Smith "noted that he's aware the breach affects what Equifax is supposed to protect." Soon, having a social security number that isn't publicly known will be a rarity. If you think the problem is that we entrust social security numbers and driver's license data to third-party credit agencies rather than keeping it with the IRS and the DMV, perhaps you'll be heartened to know that a major security flaw in Apache web app software used by both of those agencies was recently discovered as well. [CNBC; ZDnet] 

2. On Monday, the People's Bank of China outlawed ICOs (initial coin offerings, used to create new digital currencies); despite ambiguity in the wording of the decree that virtual tokens should not be circulated as currencies, Bitcoin and Ethereum trading continued. Undaunted, Filecoin's ICO raised $257M over one month; Filecoin offers decentralized digital storage, and users receive filecoins for offering up their extra storage space. Meanwhile, Russia plans to use an ICO to raise $100M to build a Bitcoin mining operation that will challenge China for a share of the global mining market. [Business Insider; Coindesk; Crypto Insider] 

3. The US House of Representatives approved self-driving car legislation that would prevent states from banning self-driving cars and permit up to 25,000 vehicles to take to the streets (later to increase to 100,000) without meeting existing safety standards. Self-driving cars have to be as safe as human-driven cars, but will not have to meed additional performance standards. Self-driving trucks, which were not included in this bill, are up for discussion next. The bill is called the SELF-DRIVE Act, and those who think that academia doesn't influence policy should consider that contorted acronyms were popular in the academic literature before they reached the Hill. [Reuters; Annals of Internal Medicine] 

4. State election agencies need money to protect and upgrade their electronic voting systems and voter registration databases, and to train election officials in secure data management. Unfortunately, the money is not forthcoming; neither the federal government nor most state budgets are allocating more money to protect election systems. Funding allocated by 2002's Help America Vote act has almost all been spent, and most of what remains unspent has yet to be allocated to specific states. [Politico] 

5. A Russian company bought $100,000 worth of political ads on Facebook during the 2016 election, an amount that is less than a rounding error for Facebook. [NYTimes; Daring Fireball]

6.​ Symantec reports that a new wave of power grid hackers achieved on/off access to circuit breakers. These operational network systems are key to grid stability, and malfunctioning operational system components have been the cause of previous widespread blackouts. [Wired]

7. DolphinAttack uses ultrasonic frequencies to communicate with your Siri, Alexa, or Google Home without your knowledge. At least we won't have to hear our AI-enabled devices conspiring with one another to take down the human race. [FastCo] 

8. To compete against Facebook and Google, the behemoths of online advertising, Verizon and AT&T are attempting to leverage data they collect about users' location, web browsing, and app usage habits. Verizon is asking customers to opt-in to data collection with the promise of 'rewards': Uber rides, Apple Music, and preseason football tickets. While an opt-in system is better than no notification at all, the question of what an individual's data is worth is tricky to define, and 'four months of Apple Music' is too simplistic an answer. Without considering network effects, the ~$10/year that you individually are worth to Facebook probably seems low for the benefits, to a Facebook user, of the platform. Your data is relatively cheap until it is used against you in a court of law, lost to a hacker, or used to select your tax return for auditing, at which point it becomes extremely valuable (how much would I have to pay you to hand your data directly to a hacker intending to misuse your identity?). When a price is so difficult to define, it's better not to sell to the first bidder, even for free Uber rides. [Wall Street Journal; Taxprof]     

9. Krebs dives deeply into a rabbit hole to string together a series of usernames, domain registrations, and forum posts tying Marcus Hutchins, the "malwaretech" blogger arrested over allegedly selling Kronos banking malware, to FlippertyJopkins, a then-15-year-old distributor of an MSN Messenger password-stealing program. [Krebs on Security]

10. Having failed out of medicine ("...artificially intelligent only in the most rudimentary sense of the term"), IBM's Watson is joining the army. [Statnews; Nextgov] 

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)