Tech Friday With Dave Hatter

posted by Brian Thomas - 

  • Texting while driving may raise your car insurance rates:
    • Arity, a unit of Allstate, analyzed data from 160 million trips taken by Allstate drivers
    • Most people assume that drivers using smartphones are more likely to get into accidents
    • Arity's research confirmed what we suspect, distracted drivers using their phones are more dangerous, in fact, the most distracted drivers cost insurance companies 160% more than the least distracted drivers
    • This is because they wreck more often and those wrecks are more severe
    • Claims for wrecks caused by distracted drivers cost insurance companies big bucks and lead to increased rates for us all
    • Arity is tracking smartphone use while driving so insurance companies can penalize or incentivize drivers based on their phone use
    • Allstate customers download an app that uses the smartphone's accelerometer and gyroscope to sense whether the device is being used
    • The app can also track when the phone is locked and what other apps are in use
    • Arity CEO Gary Hallgren said "We believe that people are coachable and that by driving less aggressively, using the phone less, there are opportunities to not only give a more accurate insurance price based on choices, but to give drivers more control."
    • Experts expect smartphone data to become commonly used by car insurers and others in coming years
    • Hallgren indicated that insurance companies who don't supply this type of technology risk losing their best customers to those who do for the discounts they could provide
    • As it stands now, customers must consent to the use of this technology and must download the app to track phone usage
    • There are ways to impact the use of an app like Arity, for example, you can put your phone in airplane mode or turn it off
    • If you're like me and you like to listen to books as well as podcasts of any 55KRC shows you missed, you can get the app started started and then put the phone in a cradle so the phone is not moving around 
    • While this approach has a certain privacy implications, it could save you significant premium costs
  • Software security risks are at a record high:
    • The number of security vulnerabilities in all types of IT software has reached an all-time high
    • The German Hasso-Plattner-Institute (HPI) reported 11,150 security risks registered globally in 2017
    • HPI researches bug reports from software vendors as well as other freely available sources to build their report
    • HPI also measures the severity of risks using the Common Vulnerability Scoring System (CVSS) which ranks risks as low, medium and high
    • In 2017, most risks ranked medium 
    • Why is this important? Our world is increasingly reliant on software, in fact, it's been said that "software is eating the world"
    • An ever increasing number of systems that were controlled by human beings, or mechanically controlled are now controlled by software
    • These older systems had a known and observable number of states that could be easily understood and tested exhaustively
    • Software is becoming increasingly complex and increasingly interconnected
    • "When we had electromechanical systems, we used to be able to test them exhaustively" said Nancy Leveson, a professor at MIT who has been studying software safety for decades
    • For six hours in 2010, the entire state of Washington had no 911 service due to a software bug
    • In the summer of 2015 United Airlines entire fleet was grounded due to a bug
    • On the same day, trading was halted on the NYSE
    • Six patients were killed by a Therac-25 radiation therapy machine due to a software flaw
    • Software failures tend to be failures of understanding and planning
    • Leveson says "The complexity is invisible to the eye"
    • In 2007, a Toyota Camry accelrated out of control which lead to the death of a passenger and a lawsuit
    •  Experts spent 18 months analyzing the code that controlled the car. They described it as "spaghetti code", programmer speak for code that has become complex, convoluted and difficult to understand and maintain
    • The team of experts demonstrated that there were more than 10,000,000 ways for the onboard computer to cause the unintended acceleration
    • The code that was supposed to prevent such a thing couldn't handle every possibility and failed. The plaintiff was awarded $3,000,000
    • Programmers and scientists are working on tools and techniques to reduce complexity and increasing visibility and testability, but there is no silver bullet in sight
  • The Equifax hack was worse than first reported:
    • The Equifax breach is among the largest in the US and one of the worst breaches if not the worst last year
    • Equifax announced that they had been hacked from mid-May to July and the breach was discovered on July 29th
    • Thieves made off with names, Social Security numbers, birth dates, addresses and other sensitive information
    • It was originally reported that information on 143 million Americans was stolen
    • But as is often the case, it's worse than initially reported
    • Up to 2.5 million more Americans were potentially affected, bringing the number to 145.5 million
    • According to confidential documents Equifax provided to the Senate Banking Committee and seen by CNN, additional information including tax IDs and driver's license details, may have been stolen
    • The new documents raise questions about how much information hackers may have accessed
    • Equifax spokesperson Meredith Griffanti told CNNMoney that the original list of vulnerable personal information was not intended to represent the complete list of potentiality exposed information
    • Sadly, this breach was preventable, according to a report on the data breach by William Baird & Co., hackers exploited a flaw in Apache Struts, a popular open-source software package. You can read the Baird report here: https://baird.bluematrix.com/docs/pdf/dbf801ef-f20e-4d6f-91c1-88e55503ecb0.pdf
    • Two Struts vulnerabilities have been discovered so far in 2017. One of these flaws has existed since 2008
    • In their statement, Equifax said "Criminals exploited a US website application vulnerability to gain access to certain files
    • Unfortunately, the flaw that allowed this attack was patched back in March of 2017
    • The flaw (CVE-2017-5638) was a result of Struts' parser, known as Jakarta, mishandling uploaded files. Hackers were able to remotely run code that was uploaded to the web server
    • Numerous security firms have reported that the flaw was was exploited in "a high number" of cases in March 2017
    • Cisco's Talos security division wrote "It is likely that the exploitation will continue in a wide scale since it is relatively trivial to exploit and there are clearly systems that are potentially vulnerable" 
    • This hack illustrates how critical is it to have good patch management discipline and apply patches in a very timely fashion
    • To determine if your information has been compromised and/or sign up for the free identity theft protection and credit monitoring, go here: https://www.equifaxsecurity2017.com/enroll/
Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here