Summary:
Bitcoin, phishing, and AlphaBay, Theodore Price's story has all the elements for a good tech detective thriller. The Pennsylvania man is headed to trial, but will his confession to stealing Bitcoin wallets stand up in court? Initially investigated to stealing a few laptops and some jewelry, Price upped the ante by confessing to buying software on AlphaBay that used a phishing attack to replace his victims' Bitcoin wallets with his wallet, one of small value. Can you prove Bitcoin theft in court? We'll see.

Summary:
It used to be that time was money, but now data is money. Any data. IRobot, the maker of the Roomba robotic vaccuum, sees the device as enabling an ecosystem of smart home IoT components. The Roomba, could, they say, create a detailed map of a home while going about its business of sucking up floor-level debris. The information would be provided to IoT home device manufacturers. Privacy advocates feel this is a dirty trick. Jim Killock, executive director of the Open Rights Group, called it "creepy" [Ed. in both senses, we presume].

Summary:
The economy of scale can lead to a lack of diversity in electronic devices, and this hit home when a basic wifi vulnerability was revealed at Black Hat. Broadcom supplies the wifi chips that are used iPhones, Samsung Galaxies, and Google Nexus devices, and unless those users upgrade to the July releases of their OS and security fixes, not only are they vulnerable to remote exploits, they can also become a vector for compromising any other device within wifi range. The exploit can launch itself against any device with the Broadcom chip, and it needs no other access point --- no compromised app, no evil router, etc. Just the chip, please.

Summary:
A journalist and a data scientist walked into a data broker and ordered the browsing history of 3 million German users. The data tender gave them 3 billion entries. The journalist and the data scientist unraveled the "anonymized" entries and exposed embarrassing information. That exploit was presented at DefCon. The two person team said that most of the information came from a browser plug-in called "Web of Trust".

Perhaps "Web of Trust" should have been named "We Will Embarrass You". Its business model depends on users giving up their browsing history in exchange for a website rating service. The provider makes money by selling the browsing histories to third parties, like the ones that sold German user data to the journalist and data scientist. This actually old news: 'Web Of Trust' Browser Add-On Caught Selling Users' Data - Uninstall It Now in the Hacker News from November 7, 2016.

Summary:
Security researcher Jon Hendren of Upguard devotes one day a week to a sort of treasure hunt. Instead of taking a metal detector for a walk on the beach, he looks for leaky buckets, particularly for misconfigured settings on Amazon Web Services storage containers. He hit a small jackpot when he found personal information for 1.8 million Illinois voters. The Election Systems & Software company said they had stored backup copies of voter information with AWS. Hendren notified the company and the leak was patched. If anyone else accessed the data, forensic experts hope to find them. Hendren says that the misconfiguration is all too common.

Jim Allen, a spokesman for the Chicago Board of Elections, said the leak did not contain or affect anyone's voting ballots, which are handled by a different vendor. [Ed. And does the Chicago Board of Elections intend to check compliance by that vendor?]

Summary:

The US military is organized into several structures, including 4 "departments", and nine "combatant commands". A tenth command has been added by elevating Cyber Command from its position within NSA. However, it will still be led by the director of the NSA for at least the next year while the process of nominating and confirming a replacement runs its course. Defense Secretary Jim Mattis will choose the nominee.

Cyber Command is described as the Pentagon's offensive cyber-force, yet its new importance is said to "bolster US defenses".

Summary:
This is a good article about the wider problems of hacking election software. It is not just the ballot casting and tabulating that is at risk, but the infrastructure around registering and verifying voters is also a "juicy" target for hackers. Some people suspect that electronic pollbooks were hacked in the 2016 presidential elections, others feel that a few operational problems are par for the course. Was there hacking? Can we protect our systems before the next election? It is a question of national importance, but it is up to each state to find a solution.

Summary:
The security firm Symantec warns that a hacker group called "Dragonfly" may have gathered a significant capability to infiltrate and disrupt energy grids in the US, Turkey, and Switzerland.

Summary:
The US General Services Administration removed Kaspersky Lab from its list of approved vendors. Although Kaspersky produces an effective anti-virus product, there are suspicions about the Moscow-based vendor and its possible collusion with the Russian government. Nonetheless, many state, county, and municipal governments continue to use the product, leaving questions about the security of their services, now and in the future.

Summary:
The acting directory of the US Department of Homeland Security, Elaine Duke, has ordered the removal of Kaspersky software from federal civilian agency computers within 90 days. The US military does not use Kaspersky. Although the security firm denies any ties to the Russian government, the founder has ties to Russian military intelligence in his background.

The DHS order does not apply to state and local governments, and many of these entities use Kaspersky and have said they will continue to do so.