Hackers Next Point Of Attack: Hotel Key Cards

Who would have thought that over 14 years ago hackers had the technology to use old and invalid hotel key cards to break into rooms at hotels? Tomi Tuominen and Timo Hirvonen — who are security consultants for Finnish data security company F-Secure — have cracked the 14-year old mystery. Like previously stated, their discoveries have led them to believe that hackers can use any type of hotel card (expired,invalid,active) to create a master key and enter any room. This makes it easy for thief’s to quickly enter hotel rooms and steal belongings without leaving a trace. Luckily, these researchers have worked with Assa Abloy (the world’s largest lock manufacturer) to fix the software.

While the update was issued to lodging locations that use this system and software in February, it has been estimated that there are still hundreds of thousands that are still using old software. Albeit, the researchers have assured people that the risk for any type of software breach is very low because they will not be publishing their findings or methodology. All that could be said about what was causing this hole in the security was a minor technical design flaw.

From this article I have two takeaways. One being that hackers are ruthless and are constantly doing whatever they can to find a flaw in any type of software. Hotel key card software would have been the last places I would have expected – this is probably why I am not a hacker. Secondly, it just reinforces my point from previous blogs that we need to do more as a nation and society to invest in cyber defense mechanisms. We are all prone to hackers and need to do everything in our power to make sure we have the proper anti-spyware software installed to our devices.

Article Used: https://www.reuters.com/article/us-cyber-keys/hotel-key-cards-even-invalid-ones-help-hackers-break-into-rooms-idUSKBN1HW1QB

WSJ Breaks down How Expensive A Pizza Night With A Friend Is In Terms Of Data

Ever since Cambridge Analytica and the Facebook data breach, journalists have been writing copious amounts of articles about how much data users are truly giving up when they use the FANG* (Facebook, Amazon, Netflix and Google) apps. This WSJ article outlines a normal pizza night a person may have with a friend. One thing that I found interesting about the article was that the authors were describing the Internet of Things without even noticing it. Who am I to say they didn’t notice it? Maybe they did notice it and didn’t want the idea of IoT to take away from the premise of the story. Anyways, back to the timeline of events the authors outlined with the apps the fictional girl used:

Text friend via iMessage on Apple phone –> Order pizza using Amazon Alexa and the Dominos Pizza app that has credit card already stored on it –> Drive to Dominos using Google Maps –> Take selfie and upload to Facebook –> Order movie on Apple TV (or Amazon Fire TV Stick) 

During that time, it is very important to note that the Internet of Things was powered by the FANG companies, but I believe it is equally important to realize how much data the users gave up. The two friends who were hanging out that night potentially gave up 53 pieces of information combined. Additionally, it is important to note and for people to understand that there is a difference between user-provided data and company collected (e.g., the girl provided Dominos with her credit card but the Google Maps app collected her speed and the closest cell towers during her trip). This distinction is imperative because of the 53 pieces of information that the girls potentially “gave up” only 28% were user provided. The other 72% were company collected. Furthermore, of that 53 pieces of information Facebook accounts for about 23 pieces or roughly 43%. 

The article went on to explain that it would take a person who has a reading speed of 250 words a minute over 5 hours to read all of the privacy policies from the companies that were used to make pizza night successful. And while I didn’t list what type of information was given up in this scenario there was a lot of information that is collected by these companies that didn’t come up in the scenario (i.e., Facebook tracking a users Bluetooth signal).

My biggest takeaway from all of this is the difference between user-provided data and company collected. I didn’t know there was a difference before reading this article . It definitely puts into perspective what companies are collecting from me just to turn a profit. One of the weirdest things I did notice is that Facebook keeps track of your battery level. Why do they need that?

Reference the article I have attached below and let me know in the comments what you think about all of this and what you think the strangest or most unnecessary piece of information companies collect from us!

*FANG was a term coined by CNBC contributor, Jim Cramer. He uses it to classify high performing technology stocks. 

Article used: https://www.wsj.com/graphics/how-pizza-night-can-cost-more-in-data-than-dollars/

If You Need An Extra Day To File Your Taxes – You Can Thank A Computer Glitch At The IRS

Benjamin Franklin once said, “there are only two things certain in life: death and taxes.” And while tax day is usually a certain date — April 15th — in the United States (unless the 15th falls on a Friday or over the weekend), this year an extra day was granted to all United States citizens. Was the IRS feeling extra generous? I don’t think so. According to Reuters.com, several computer systems at the United States were hit with a computer glitch. This computer glitch forced the IRS to extend the deadline one day for citizens to submit their individual income taxes.

While the IRS did say that the last day is the busiest day of the year AND that almost 5 million people were trying to submit their taxes by the Tuesday at midnight deadline, I am skeptical of the rhetoric they used in their original statement: computer glitch & system issue. With all of the recent data breaches occurring throughout the United States (reference my blog on MyFitnessPal) I am having a hard time accepting what the IRS has said at face value. Yes, over 5 million people trying to access a server may cause a system to shutdown or glitch, but shouldn’t they be prepared for this? More people are probably filing their taxes online over the past 5 years, one might think that they have created a stronger server to handle the kind of traffic the IRS does. Or at least I am under the impression that they have the technology to handle the traffic.

I am blogging about this article because it had me thinking about the cyber security threats that Penn State faces on a daily basis – close to 2 million. If Penn State has a number like that, how many people do you think are trying to hack into the IRS? On the busiest day of the year, I am sure the system is probably the most vulnerable. Thus, a computer glitch makes me skeptical. I don’t think that this was just some mere computer glitch/system overload. And while I may sound cynical, I think that we may have to brace ourselves for the event that the IRS could have been hacked yesterday.

I’ll try to end on this note on a positive note — after today you won’t have to file your taxes for at least another 365 days! Let me know what you think about this computer glitch at the IRS in the comments below!

https://www.reuters.com/article/us-usa-taxes/irs-gives-taxpayers-one-day-extension-after-computer-glitch-idUSKBN1HO354

Musk’s Next Hyperloop Test Aiming For 311 MPH


Ever since 2013, Elon Musk has been teasing the public with the idea that there will be a day where a person can travel from Washington D.C. to New York City in under an hour. This will all be possible with Musk’s Hyperloop. Currently, the fast rail train can travel from NYC to D.C. in about 3 hours. Musk plan’s to cut this down by two hours by allowing his Hyperloop to reach half the speed of sound and be able to stop within 3/4 of a mile.

Musk began sending out tweets over the weekend about his plans for the upcoming test. Back in August, when the most recent test of the Hyperloop occurred, Musk was able to have the Hyperloop reach a speed of 220 MPH. By raising the standards for his next test, the Hyperloop will need to increase its speed by almost 90 MPH to reach half of the speed of sound or 311 MPH.

While the SpaceX and Tesla CEO did seem confident in his estimates, he did say that since the distance being traveled is not super long, the pod could end turning into shredded metal. Either way, Musk was excited.

Overall, I believe that this is a step in the right direction for the future of transportation in our country. In addition to that, I think the idea of being able to travel from NYC to D.C in under an hour plays nicely into the concept of the Internet of Things. Imagine in the winter time that your Tesla outside of your hotel is started and warmed up for you and drives you to the nearest Hyperloop station where you make it home in an hour to catch your favorite TV show.

Let me know in the comments what you think about the Hyperloop! Do you think you would ever use one and if so, how do you think this would better your life?

 

https://www.cnbc.com/2018/04/09/elon-musks-hyperloop-test-aiming-for-half-the-speed-of-sound.html

BIG Day On Wall Street For Music Streaming Provider

In class, we learned about several different types of business models. The music streaming company, Spotify, has successfully turned itself into the largest streaming app in terms of active users (71 million) through the use of the subscription business model. Apple is a close second with 46 million subscribers. To further my connection about the class discussion, we also talked about ways for new ventures to raise money — family and friends, angel investors, and etc. Now when companies are past the point of asking friends and families for money or a venture fund, they turn to Wall Street. Spotify finds an investment bank to underwrite their initial public offering (IPO) and the company hopes that when the stock becomes for sale on the stock exchange, the value rises and the company generates some cash. Spotify did just that. The stock was listed at $132 and closed for the day up 12.9 percent in its first day of trading. This stock price also put Spotify at the top of the list for largest music streaming provider by market cap ($26.5 Billion).

It is important to note that even though Spotify had revenues of $5 billion in 2017 it still has yet to turn a profit. Now that the company is publicly traded it will be required to release its earnings on a quarterly basis. If analysts don’t like the numbers they are seeing, Spotify could see its shares take a nose dive. This could be detrimental for the future of the company. As I stated earlier, Apple is the second largest in terms of subscribers. Therefore, this competition could be good for the streaming industry as a whole, but bad for Spotify if it fails to miss its earning estimates for consecutive quarters.

Lastly, I want to know what type of music streaming platform you use and why? I personally am in love with the interface of Apple Music. I think the mental model that is associated with the app is incredibly sleek and I think it has come a long way to add features that it was lacked from Spotify. All I know is that I am going to miss my student discount in a few months. Hopefully, I can still login into my PSU email for sometime down the road to take advantage of that $5 discount.

 

https://www.reuters.com/article/us-spotify-ipo/spotify-shares-jump-in-record-setting-direct-listing-idUSKCN1HA12B

 

 

Where Is My Personal Data Safe?

Just like there are four seasons in a year, which occur every three months, it seems as if there is another company disclosing that x-amount of user’s data has been exposed to an unauthorized party — every three months. On Thursday, Under Armour had announced that roughly 150 million users of its MyFitnessPal app were affected by a company data breach. MyFitnessPal is an app where users can easily track their calories, workouts, and nutrients on a daily basis. I was drawn to this article because I am a user of the app and I was curious to read about another data scandal.

Under Armour has made the claim that even though the data was exposed to an unauthorized party, the usernames and passwords that were exposed have not been used to access the accounts of the MyFitnessPal users. But does this make it okay? Often times people use the same usernames and passwords for several different accounts. Can Under Armour confirm that the information leaked hasn’t had a trickle-down effect on my other accounts? While part of me wants to believe that there is an Edward Snowden of the hacking world and this person is just exposing the weak cyber security in place at these companies, another part of me wants to believe that this data is being sold on the dark web for people to mishandle. Either way, it is becoming more and more apparent that companies need to be doing more to ensure that the data of its users is secured.

While I did state that it feels that data breaches are beginning to happen more frequently, it doesn’t seem as if people care (or at least millennials). My friends and I discuss what is going on with these companies, but that doesn’t mean we stop using these apps or services. We act as if it’s no big deal. We are desensitized to the fact that unauthorized parties have access to our own personal data. The Facebook situation can be used as a prime example because all of my friends — myself included — still use the app. This is after it was discovered that Facebook knows a lot more about us than we originally thought and an unauthorized party had access to this data.

I wish I had the solution to these problems. I truly do. I wouldn’t do it for the money I would do it because it’s right. The #DeleteFacebook movement on Twitter is pointless and a terrible ploy by the company to save its dying business. In times like this, we need to work together as a country to work out these problems. If we don’t act quickly, we could see another blog like this in a few months from now.

Article: https://www.washingtonpost.com/news/the-switch/wp/2018/03/29/under-armour-announces-data-breach-affecting-150-million-myfitnesspal-app-accounts/?utm_term=.761d3ecd55ea