Another thought piece from Wired on data regulation. Last week an author contended data should be treated like a commodity, like oil or grain. This week Tom Simonite wonders whether an ethics code, something like a Hippocratic Oath, for data scientists should be implemented. The idea behind the concept is that it would keep machine learning systems honest, or at least within ethical bounds. “We have to empower the people working on technology to say ‘Hold on, this isn’t right,’” DJ Patil, chief data scientist for the United States under President Obama, told Simonite this week.
A big win for the DOJ this week following the shuttering of Infraud, an online forum Deputy Assistant Attorney David Rybicki called "the premier one-stop shop for cybercriminals worldwide." It wasn't hyperbole; the collective behind the forum was responsible for $500 million in losses. Over the course of seven years the forum’s members targeted more than 4.3 million credit cards and bank accounts too. Krebs, per usual, has a thorough breakdown of the site, including screenshots, for those looking to learn more.
Some troubling news when it comes to email security this week. At least according to one study carried out by two companies, Agari and Farsight, which discovered 99 percent of the sites they looked at didn't use DMARC. DMARC, or Domain-based Message Authentication, Reporting & Conformance, is an email authentication protocol. Without it, it's easier for attackers to spoof companies in spam emails, something which could trick victims into logging into sites, opening malicious attachments, or surrendering sensitive data.
Naturally the New York Times has the Winter Olympic Games - which kicked off this week in Pyeongchang - covered from all angles, even the cyber angle. Nicole Perlroth digs into how many computer systems have already been targeted by attackers and which ones might be next. There’s no breaking news here; hackers gonna hack, but it's a good read that recaps where things stand geopolitically with some key insight from FireEye's John Hultquist added in for good measure.
5. PSA: If Your Security Starts and Ends With Bug Bounties, You're Gonna Have a Bad Time by Thomas Claburn
Props to The Register for distilling this week's Senate's subcommittee on consumer protection, product safety, insurance, and data security down to one concise idea: Bug bounty programs are all well and good but they're no silver bullet. "Everyone has gotten so enamored of bug bounties that they maybe have forgotten other investments in security that they should do first or alongside bounty programs,” one of the panelists, Katie Moussouris, the founder/CEO of Luta Security said at the hearing. "They're not a cost effective replacement for penetration testing,” she added. Those looking for more on this should check out this excellent Twitter thread from Katie. Her statement is a good read too.