December 1, 2018

Link: Marriott Hacking Exposes Data of Up to 500 Million Guests ☍

Nicole Perlroth, Amie Tsang, and Adam Satariano for The New York Times:

The hotel chain asked guests checking in for a treasure trove of personal information: credit cards, addresses and sometimes passport numbers. On Friday, consumers learned the risk. Marriott International revealed that hackers had breached its Starwood reservation system and had stolen the personal data of up to 500 million guests. […]

The breach hit customers who made reservations for the Marriott-owned Starwood hotel brands from 2014 to September 2018. The properties include Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Le Méridien, Tribute, Design Hotels, Element and the Luxury Collection. […]

The names, addresses, phone numbers, birth dates, email addresses and encrypted credit card details of hotel customers were stolen. The travel histories and passport numbers of a smaller group of guests were also taken.

It’s unfortunate that Marriott is left to clean up the mess from pre-merger Starwood, but I’m surprised nothing was caught during the due-diligence during the merger process. Outside of maybe recording the bare minimum about stays to a loyalty program, there’s no reason hotel data should be kept longer than absolutely necessary.

Furthermore, until there’s sizeable penalties for these data breaches, companies have no incentive to take preventative steps. Target? Nobody stopped shopping there. Anthem? Employers didn’t switch to other insurers in droves. Equifax? Things are essentially the same for them as it was before the breach. The only exception would be Yahoo, but it was already a sinking ship before the data breach.

Link: Non-Secure Network Connections in Carnival Cruise’s App ☍

Scott Gruby:

This past summer my family took a cruise on Carnival Cruise Lines to the Eastern Caribbean. There were a total of 17 of us and we had a good time. One of the suggested ways for everyone to stay in touch was to use the Carnival Hub App which is basically their goto app for up to date information on the ship which has a messaging component. For $5 per device for the cruise, it didn’t seem all that unreasonable except that just about everything on the cruise costs extra! […]

Connections using the app were NOT using SSL! Since the WiFi was unprotected (it would be cumbersome to give out the WiFI password to so many users), anyone with rudimentary hardware/software could sniff all the traffic. SSL certificates are cheap and easy to deploy, so there is no excuse for every service to be using them (I use them internally on all services running at my house).

Is it so bad that the app isn’t using SSL as no credit card data is flowing through the app? Absolutely! People could be chatting about which rooms they are in and when they are going to meet giving criminals information about when to go into their rooms. People could also tell their friends/family what they have in their rooms making them targets for criminals (“I put the laptop/camera under the bed”, for example). Not only was chat not SSL protected, all other aspects of the app’s communication were sent in clear text.

Yikes.

November 29, 2018

Link: Poor Mac Performance Without an SSD ☍

Michael Tsai compiled a number of anecdotes about this phenomenon that yours truly also encountered:

I spent many years using Macs booted from hard drives, including a 4,200 RPM one in a MacBook Pro. You would think a modern iMac would be faster than that, both because of the CPU and because the larger capacity drives have a higher data density. But it sure seems like macOS performs worse than it used to if you don’t have an SSD.

It seems the newer versions of macOS are especially tuned for SSD use on the boot drive. A family member’s 2012 Mac mini (8GB RAM and an i7) was painfully slow and replacing the hard drive with an SSD restored its performance to like-new (or better). The fleet of 2015-era iMacs at work have also gotten really awful, mirroring what others have said in the linked stories, so they’re getting SSD upgrades, as well.

Apple moving to an all-SSD future is completely reasonable, but making machines that are new or still under their factory warranty run worse than they should seems like a bad look, even if MacBooks are way more popular. It’s especially concerning when other operating systems appear to be fine.

November 26, 2018

Link: The Verge Doesn’t Work ☍

With the lead-up to Thanksgiving and travel, I missed that The Verge’s Tom Warren tweeted some rather incendiary comments that seem to reflect his site’s attitude towards a lot of things:

Nilay [Patel] made this point on Vergecast, but the people who have replaced their laptops with an iPad are people who do fuck all work. The rest of us hard working people use a laptop, because we have real stuff to do other than send emails and fart around. Don’t @ me ¯\_(ツ)_/¯

What an out-of-touch statement to make while representing a site that supposedly celebrates all technology, not just traditional laptops. I had plenty of reactionary thoughts because I understand that what works for me may not necessarily work for others, but Ben Brooks beat me to it and weighed in perfectly:

It’s disrespectful to tell someone that because they use an iPad instead of a laptop, they don’t do real work. The only caveat I’ll offer is it’s fine to tell someone this if they are a certified billionaire who actually just sits around all day doing nothing. Otherwise, the tech media at large needs to get over their ego and stop looking at new devices as a threat to devices they have loved, and instead see them as opportunity for creating better tools. Lets call that “optimism”, you can google that later.

In other words, we should all be rooting fo the iPad to succeed because if you really wiped the slate clean, the ideal tool is closer to an iPad than it is to a laptop. And I do believe we all want the ideal tools.

Even though this is a small site and traffic I refer elsewhere probably doesn’t even move the needle, I’m finding it harder and harder to link to The Verge for general tech news stories.

November 13, 2018

“Even today, someone who uses an iPad as their main computer is viewed as a kind of avant garde minimalist.”