Data Sheet—Saturday, October 8, 2016

Oct 08, 2016

It was a crazy week for cyber news with revelations about Yahoo (again) and lousy opsec at the NSA (again). But if there is a common thread, it's that first reports are false or incomplete and the story is not what it seems.

Take the brouhaha over Yahoo using software to feed emails to the NSA. The news led to hyper-ventilating among privacy types and predictable high-horse behavior from rival tech giants like Google and Microsoft. But as Robert explained, a lot of this fulminating took place before anyone really knew the facts — which are still emerging in dribs and drabs.

Meanwhile, journalists (me included) breathlessly reported another security lapse at Edward Snowden's old stomping groups, Booz Allen, which led the FBI to arrest a contractor for stealing secrets. But now it turns out the guy was probably just a kook and a hoarder. It's still not a good situation but it sure doesn't look like the stuff of a John LeCarre novel.

So call it the fog of cyber war. In an era where everyone is amped up about cyber attacks, a lot of first impressions are tinged with paranoia and misinformation or are just flat out wrong. I don't know what to do about this except to say that, as with other dramatic events like mass shootings, it's best to take first reports with a giant grain of salt.

Meanwhile, there's a whole lot of other cyber news, including a remarkable court ruling about software patents for anti-virus tools, that you can read below. Stay skeptical and thanks for reading.

Jeff John Roberts

@jeffjohnroberts

jeff.roberts@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune's daily tech newsletter. You can reach Robert Hackett here via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Just what's in that Yahoo court order? The problem with secret courts is their orders are, well, secret. To clear up the mystery - and legality - of what Yahoo gave the NSA, lawmakers and civil libertarians are asking the U.S. to release the content of the court order justifying the email searches. (Fortune/Reuters)

IoT bot army bigger than we thought: More info is trickling out about the unprecedented DDoS attack that took down the website of security researcher Brian Krebs. The attack, which relied on enslaved IoT devices like home cameras, involved more than one bot network (Security Week)

A hoarder not a leaker? There was a big fuss this week after the US charged an NSA contractor with stealing secrets. But it looks like his motives might have been benign. Money quote: "Let’s just say he’s only a psycho hoarder and he keeps this stuff with his old copies of National Geographic and his collection of lunch boxes." (New York Times)

"Security fatigue" is officially a thing: So says a study that used the phrase to describe how Americans are tired of all the bother and nagging that goes with trying to lock down all their accounts. The result? People are "fatalistic" and can't be bothered. The upshot is the cyber crowd should focus on design - finding ways to deliver security with less pain. (BBC)

Apple and the FBI, take two: You knew this was coming — it turns out the Minnesota mall terrorist used an iPhone, and now the FBI says it can't get into the device. This sets the stage for Apple and FBI to reprise an earlier legal showdown that ended when the agency was able to crack a phone used by the San Bernardino killers. (Fortune)

Have some malware with your Wikileaks: Julian Assange is totally unconcerned that his document dump site is crawling with at least 30,000 malicious files. He says the toxic files, tucked into an email dump Turkey, are not a big deal since lots of stuff you download on the internet can contain malware. Not everyone sees it that way. (Motherboard)

Share today's Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

One of our most read stories this week is about software patents — which are widespread in the cyber-security industry, but are deeply unpopular with engineers. In a remarkable ruling about anti-virus patents, an appeals court said it's time to get rid of them altogether:

The end may be in sight for software patents—which have long been highly controversial in the tech industry—in the wake of a remarkable appeals court ruling that described such patents as a “deadweight loss on the nation’s economy” and a threat to the First Amendment’s free speech protections.

The ruling, issued on Friday by the U.S. Court of Appeals for the Federal Circuit, found that three patents asserted against anti-virus companies Symantec SYMC -0.36% and Trend Micro were invalid because they did not describe a patentable invention.

Read more on Fortune.com

ONE MORE THING

Pretty please buy my stolen NSA files: the hacking cabal known as the Shadow Brokers (almost certainly the Russian government) are grousing in their trademark Borat-style English that no one is bidding the stolen NSA they've put up for auction. It's a pretty safe bet they're trolling the heck out of everyone but it's still kind of funny/alarming. (Motherboard)

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions