Can you believe the first three months of 2018 have already passed? That’s a quarter of the year, or if you’re a fan of stats, already 25% of the way toward 2019! Time flies when you’re having fun – and even if you’re not, apparently.
Speaking of things moving quickly, the 24-hour news cycle isn’t contained to world events. News in technology breaks just as quickly as you can refresh your browser and since most of us are quite busy during the week, we’re prone to missing important and interesting stories.
With that in mind, we thought it would be a good opportunity to provide a first-quarter technology news round-up for those that might have missed a few notable headlines so far in 2018.
In case this is your first look at our round-ups, we outline a few hand-picked stories and provide an addendum at the end of the story which provides actionable information from the article in a business context.
RECORD BREAKING DDOS ATTACKS
2018 is shaping up to be a banner year in the cybersecurity space. Late in February one of the largest DDOS (distributed denial of service) attacks ever was recorded. A 1.3 Tbps sustained traffic attack against GitHub, an online code repository, was recorded for eight straight minutes. This massive attack broke the previously held record which was attached to the Mirai botnet back in 2016.
The attack was executed using memecached amplification.
Memecached servers are typically used to help responsiveness of database-driven websites. They essentially polish the memory caching system to make everything run faster.
Luckily GitHub experienced relatively minimal impact from the massive attack, defensive measures were sufficient enough to squash the attack. Threatpost offered an explanation for how attacks with memecached servers are performed:
In the case of memcached amplification attacks, adversaries are able to send a small byte-sized UDP-based packet request to a memcached server. The packets are spoofed to appear as if they were sent from the intended target of the DDoS attack. In response, the memcached server responds by sending the spoofed target a massively disproportionate response.
Small Business Takeaway: Contained within the article is a warning about this being the start of a new era of bigger DDoS attacks. While GitHub was able to escape unscathed, most SMBs are relying on antiquated (or free) cybersecurity software. The old saying that prevention is worth more than pounds of cure still rings true here. If your business IT systems need a cybersecurity overhaul, act quickly.
FITNESS DATA BREACH
Maintaining a healthy and active lifestyle is one of the best ways to ensure a person lives a long and healthy life. While many of us mean to properly exercise throughout the week, it can be easy to eschew our goals during the busy work week. Especially for office workers, who are prone to the illnesses associated with sedentary lifestyles more than others.
Technology has provided a means for us to stay on top of this, apps that monitor our movements and nutrition are used every day. One popular option, MyFitnessPal which is an extension of Under Armour, suffered a massive breach affecting some 150 million users of the MyFitnessPal app.
The leak may have provided undisclosed parties with email addresses, usernames, and passwords.
CNBC ran an article discussing some of the more re-assuring information from the event:
Payment information, which Under Armour collects and processes separately, has not been affected by the breach. Under Armour does not collect government identifiers, like social security numbers and driver's license numbers.
Under Armour took steps to notify affected users, and is now is working with data security firms and law enforcement to assist in its investigation.
Small Business Takeaway: A business that collects customer information, even innocuous data like email addresses and usernames is never immune to cybersecurity threats. Even though no financial information was reported to have been revealed through MyFitnessPal’s breach, the company’s stock dropped 3.8% after the news broke.
If you're running an online business operated by collecting information from customers, employee and contractor education about cyber security best practices should be the second priority, immediately after implanting techniques to secure and store that customer data properly.
Perhaps one of the most notable stories of the first quarter of 2018 will be the volatile relationship between Facebook and user privacy.
News broke earlier in March about a possibly shady relationship between a 3rd party data company, Cambridge Analytica, and Facebook which gave the company far more access to Facebook’s user database than the average person may feel comfortable with.
Related to this story was the infamous memo from Facebook VP Andrew Bosworth.
For our part, we’re going to focus on a more technical aspect of Facebook’s criticism, regarding allegations that the company used users cell phones to collect data. An article in Money summarized it well:
While it may seem like Facebook is listening to you, it’s highly unlikely the social media network is tracking your every word through your phone’s microphone. That would require Facebook to record you at all times, which is unrealistic given the sheer size of data storage that would require, Antonio Garcia Martinez, a former Facebook employee, wrote in an op-ed for Wired in November.
Small Business Takeaway: Facebook has provided a unique and powerful way for advertisers to reach their target markets. While the means of gathering said data are going to be under scrutiny, there are simple ways you can protect yourself from unwanted observation.
If you’re concerned about your microphone being leveraged by companies, you can view tips in the article from Money to shut down your microphone from being accessed by various apps, including Facebook.
If you’re someone who travels often for work, you probably know better than most about the current state of airport bathrooms. Even outside of airports, there’s always that uncomfortable situation when you need a stall but aren’t sure if space is vacant or not.
Nothing more awkward than attempting to push on a locked stall door only to have it bang against the latch. But as always, technology is working on a solution to this problem!
Los Angeles International Airport (LAX) is responding to feedback from their passengers about the need for better management of restrooms. By teaming up with tech companies Infax and Tooshlights, airport visitors will soon be able to easily identify when a stall is in use or vacant.
Here’s a short clip from the article in the Los Angeles Times:
The new "smart restroom" pilot project will be introduced Wednesday on a bathroom at Terminal 4, which is occupied by American Airlines, American Eagle and Qantas. Lights that turn green when a stall is vacant and red when a stall is occupied are being installed above each stall.
The Tooshlights system will be tied in with technology by Infax to keep track of how often a bathroom is used and when it needs to be cleaned. The new digital system keeps track of the number of people who use a bathroom and alerts a janitor to clean it when it has reached a specific passenger usage threshold.
Small Business Takeaway: If you happen to be flying in or out of Los Angeles, you may be able to look forward to cleaner restrooms without awkward locked-door encounters sooner than later!