Skip to content Skip to navigation

Friday Cyber News, September 9 2016

Cyber technology-related news and links from around the web, for the week of 9/3 - 9/8:

1. Google, Facebook, Amazon, IBM, and Microsoft are working together to ensure that AI benefits humanity. They're coming around to the view of many scholars, including Harvard's Sheila Jasanoff that more technology doesn't have to mean less humanity. Technological progress, Jasanoff argues, should be looked at in terms of who progresses, and in what cost; disruptive technologies can exacerbate gaps between old and young, rich and poor, and aren't as uniformly good as they are pitched to be. [NY Times; Mother Jones]

2. Automatic sorting tools--algorithms--are becoming increasingly prevalent in employment and in punishment processes, and their methods are rarely made available for public analysis, creating a class of people inexplicably targeted by these systems. Predictive policing tools use data that is reflective of policing methods, not of the rate of crime itself. These tools can be used to facilitate discrimination, and the problem isn't eliminated by forcing users of the algorithm to promise they won't act in a discriminatory manner while using it, as AirBnB is doing. [Guardian; Upturn; Real Life; The Hill]

3. Google's latest effort to prevent people from joining ISIS involves curating anti-ISIS YouTube videos and displaying them as ads beside the results for searches determined to be linked to pro-ISIS viewpoints. Why not target ISIS-minded searchers for surveillance instead? Google may already do that, but the educational video content is being viewed more than twice as much as the average ad. [Wired]

4. China is planning to use a blockchain to disburse social security payments. They're joining Sweden, Delaware, Singapore, Estonia, the UK, the Republic of Georgia, and more, in using blockchains for government services, from real estate and bank transaction ledgers to storing health records and land ownership records. [Bitcoin News; ExtraNewsFeed]

5. A group of educational researchers co-led by Stanford's Mitchell Stevens has released guidelines on student data privacy including a model policy for responsible use of student data. Proper use involves a balance between preserving student privacy and allowing the system to learn which students are at risk of failing and which educational techniques produce the best outcomes across classes and subjects, as with machine learning techniques that study communication between teachers and students to identify the building blocks of knowledge transmission. [Chronicle of Higher Ed; Nautilus]

6. The privacy of genetic data may be less important than what treatments and insights can be devised through the use of that data. Furthermore, the interconnected nature of the genome means it may be impossible to selectively redact information about sensitive characteristics, or even to give thorough consent to the many ways genetic data might be used after it is collected. Is it time to shift focus from how data is collected and stored, to how it is mined and used? [Nature]

7. Two catalogues of cyber tools were leaked this week: one offering "weaponized information" (polluting search results, for example), and another offering stingray-like devices and surveillance tools to law enforcement. [Motherboard; The Intercept]

8. The FBI deployed malware to track visitors to websites on a hosting service that used Tor. Some of those websites were delivering illegal content, but others weren't--including TorMail, an email service. The ACLU is investigating why users of TorMail, which isn't illegal and wasn't being targeted by the FBI, were indiscriminately delivered the same malware used to track visitors to illicit sites. Don't just blame the FBI, though--Germany also indiscriminately scraped and stored information on internet searches, albeit using the NSA's XKeyscore tool, and France's intelligence service detected that the NSA was spying on it, while only using 2.5% of the NSA's budget. Apparently France wasn't supposed to talk about its discovery of the NSA's snooping, but with that rate of return on investment, who can blame them. [The Hill; Ars Technica; TechDirt]

9. In November 2015, there were 3.2 million devices on the web using known private keys for HTTPS certificates. Now, there are 40% more. Why is the situation getting worse? Devices not getting patched, more IoT devices coming online (some of those smaller devices would do well with lighter crypto), perhaps a feeling of safety in numbers? [Sec-Consult; Bank Info Security]

10. Plug a USB stick--a $5 Raspberry Pi Zero, or a $50 Hak5 Turtle--into a computer that's turned on, but locked. The device siphons off the hash of the computer's login credentials, which can often be used to log in to the machine. The attack works on Windows and on OS X, as does another recently described backdoor that can steal screenshots or documents from a computer as well as execute commands. [Ars Technica; Secure List]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)