Connect with us

Tech News

Cloudbleed: What the average person must know about Cloudflare’s security crisis

(TECH NEWS) Security breech in widely used internet security company leaves many accounts vulnerable. If you want your adult site activity and bank passwords made public, ignore this story.

Published

on

cloudbleed

What Exactly Happened?

Over the past 24-hours, you may have seen a series of articles asking if you should be worried about Cloudbleed, a massive new online security bug discovered on February 24. We’ll cut to the chase: Yeah, you probably should be worried.

bar

Cloudbleed rundown

Before we sound the alarms, let’s go over what exactly Cloudbleed is. On Friday, Tavis Ormandy of Google’s Project Zero found a vulnerability in Cloudflare, one of the world’s leading internet security companies.

The bug apparently resulted in Cloudflare-backed websites leaking data for months – as far back as September 2016.

The code has now been fixed, but Cloudflare’s clients include huge companies like Uber, OKCupid, ZenDesk, Bain Capital and FitBit, meaning your sensitive data from any of those companies or a long list of others could have been compromised.

Cloud-what??

The name Cloudbleed was inspired by the 2014 security bug Heartbleed, another massive security bug that affected up to 500,000 websites. This time around, while only 3,400 websites are believed to have the Cloudbleed bug.

However, many of those sites leaked private data that came from other Cloudflare clients, so the actual number of sites with compromised data could be much higher.

The Cloudbleed bug is no longer active – it was stopped within just 44 minutes of finding out about it and completely solved within 7 hours – but there is no way to get back all the data that may have been leaked.

But I Don’t Use Cloudflare…

Even though the name Cloudflare may not be familiar, chances are a website you frequent uses their service for security online. However, Cloudflare says that during the peak of Cloudbleed about “1 in every 3,300,000 HTTP requests through Cloudflare” potentially resulted in memory leakage, which is about 0.00003% of requests. The data leaked could have been passwords and usernames, private photos or videos, or behind-the-scenes things like server information.

Cleaning up the bleed

Here’s the thing with Cloudbleed – as far as we know, it’s over. You can use this easy search engine to see if services you use rely on Cloudflare and promptly change your passwords, but nothing you can do now will reverse the leaked data.

You should not jump ship on all websites that use Cloudflare for security, and instead should just get more used to changing your passwords regularly.Click To Tweet
Using two-step verification when offered is a good idea, too.

For now, the biggest significance of Cloudbleed is that it reminds us that services like Cloudflare do provide stronger, more secure protections than the average company would probably implement on their own, but that convenience also leads to a new series of risks. Maybe this is a massive understatement, but the saying “No use crying over spilled milk” seems especially relevant here. When you spill milk, you clean it up, but there isn’t much more you can do.

#CloudBleed

Brian is a staff writer at The American Genius who lives in Brooklyn, New York. He is a graduate of Washington University in St. Louis, and majored in American Culture Studies and Writing. Originally from California, Brian has a podcast, "Revolves Around Me," and enjoys public transportation, bicycles, the beach.

Tech News

Having your license plate data stolen is worse than you think

(TECH NEWS) California’s license plate camera system not only records everyone, but has some glaring security issues that could expose sensitive data.

Published

on

license plate camera

Turns out, California’s been recording millions of license plate information. What’s the deal?

Another day, another privacy violation. That’s sure what it seems like in our increasingly connected world – from our speakers spying on us, to our phones recording our every move – but that shouldn’t stop us from interrogating what is happening and whether or not it should continue.

For instance, should the government be allowed to store images of license plates for no apparent reason? Because that’s exactly what’s happening in California.

Okay, it’s probably happening in plenty of other states too, but California’s recent audit revealed the extent of their privacy violations. In fact, 99.9% of all license plate images stored had no connection to cases from law enforcement. This is bad enough, but the audit also revealed that this information was shared with all sorts of agencies for no justifiable reason.

And it should come as no surprise, but California’s audit also revealed that none of these agencies are up to snuff when it comes to the state’s 2016 privacy policy. In fact, few of the agencies audited even had reliable protections on their cloud based storage system, which leaves them vulnerable to outside attacks. This would be bad enough if they’d only stored information collected for legal purposes, but the storage of plenty of innocent civilian’s records makes it much worse.

Don’t get me wrong, California isn’t the only state to have troubling policies when it comes to ALPRs (automatic license plate readers). In fact, it’s been revealed that many of these cameras are connected to the internet – and make it terribly obvious to boot. That means if you live in an area with a heavy concentration of ALPRs, any stranger might easily be able to learn about you: your preferred route to work, the times you’re typically out of the house, sometimes even where you live. In short? Not great.

There is some glimmer of hope, though. Last year, Virginia became one of the few states to more strictly regulate ALPRs. After being sued by the ACLU, a Virginia court ruled that a license plate can only be recorded and stored if said plate was part of an on-going investigation. They’re now one of 16 states to have some sort of regulation on LPRs.

In the meantime, if you’re in California – or one of the 34 other states without regulations – drive carefully. You never know who’s watching.

Continue Reading

Tech News

Futuristic air commuting via drone-like air taxis is around the corner

(TECH NEWS) German aviation company, Volocopter, and southeast Asia rideshare company, Grab, partner to take business to the skies in Singapore.

Published

on

air taxis taking flight

Move over, Jetsons! You too, Leela and Fry! You’re not the only ones living in the future. If Volocopter and Grab have their way, you’ll soon be able to hail an air taxi as painlessly as you hail a rideshare, at least if you live or travel in Singapore.

Nothing thrills me like being airborne, so I am excited to read this. The dreams of my childhood are unfolding before me. Electric air taxis transporting us across the urban landscape? Yes, please, and hurry up. Are you with me?

Imagine what a powerful–and fun–flex it will be to summon your own private electric multicopter and hop from rooftop to rooftop (AKA VoloPort to VoloPort), arriving at your destination in high style. Eyebrows will go up, and jaws will drop as you saunter into your appointment with a nonchalant air of confidence. In my mind, clients and investors will rush to sign contracts with you, and potential mates will move you up to the top of their short lists.

This is the reaction I imagine at first, when Volocopter and Grab launch their test commercial flights in 2022. If we are to believe the hype, this experience won’t always be such an exclusive one. The long-term goal (at least ten years) is to offer affordable and accessible rides for the general population, not merely the posh and pompous among us.

Drone-type electric Volocopter air taxis are single-passenger multicopters. Other companies are also dabbling in these vertical takeoff and landing (VTOL) aircraft as well, but the Volocopter 2X has beaten them to the punch with successful test flights in Germany, Dubai, and Las Vegas.

By many accounts, multicopters with several chopper blades are simpler to navigate and more stable than a traditional, single-blade helicopter. However, flying requires mucho power, which must be why Volocopter has set its sights on multiple, short flights vs. long-distance transportation. They currently are projecting a maximum distance of 17 miles and 30 minutes per ride.

Singapore-based Grab is already part of daily life in Southeast Asia, much as Lyft or Uber is in the U.S. and elsewhere. Singapore is one of the fast-growing financial hubs in Asia, one of the Four Asian Tigers. Wealth and commerce abound in this charming island nation/city. In general, Singaporeans are quick to embrace modern solutions that add value and convenience to their lives. As such, it’s a dream location to test the waters for using VTOLs as a means of transportation.

Therefore, it makes sense that German aviation startup, Volocopter, and popular southeast Asian rideshare company, Grab, would team up in Singapore to make this futuristic dream a reality. No word yet on the cost-per-ride of traveling via the uncrowded skies of Singapore, but one can assume it will start out fairly prohibitive. Testing these flights with commercial clients first ensures that the math checks out for now.

However, Volocopter foresees a time when their VTOLs can land in a park or parking lot as easily as at a sanctioned rooftop VoloPort. Bring on the glory days of your average commuter as they hop from home to work to the nightclub with the greatest of ease. I want to live in this reality.

By 2035, Volocopter and Grab predict building up the capacity to deliver up to 10,000 Grab air taxi rides per day in Singapore alone. The commute to work never looked faster, easier, or sexier. One day in our nearish future, we may shrug and see air taxis as a mundane part of daily life, a mere getting from point A to point B.

I expect it to stay exclusive and kind of a thrill a while longer. However, if you’re planning to travel in Singapore, and your company is an early adopter of the first commercial Volocopter air taxi flights, rest assured your glamorous sunnies and fanciest gear will not look out of place–yet.

Continue Reading

Tech News

You’ve seen the job listings, but what exactly *is* UX writing?

(TECH NEWS) We seeing UX writer titles pop up and while UX writing is not technically new, there are new availabilities popping up.

Published

on

UX writing

The work of a UX writer is something you come across everyday. Whether you’re hailing an Uber or browsing Spotify for that one Drake song, your overall user experience is affected by the words you read at each touchpoint.

A UX writer facilitates a smooth interaction between user and product at each of these touch points through carefully chosen words.

Some of the most common touchpoints UX writers work on are interface copy, emails and notifications. It doesn’t sound like the most thrilling stuff, but imagine using your favorite apps without all the thoughtful confirmation messages we take for granted. Take Eat24’s food delivery app, instead of a boring loading visual, users get a witty message like “smoking salmon” or “slurping noodles.”

Eat24’s app has UX writing that works because it’s engaging.

Xfinity’s mobile app provides a pleasant user experience by being intuitive. Shows that are available on your phone are clearly labeled under “Available Out of Home.” I’m bummed that Law & Order: SVU isn’t available, but thanks to thoughtful UX writing at least I knew that sad fact ahead of time.

Regardless of where you find a UX writer’s work, there are three traits an effective UX writer must have. Excellent communication skills is a must. The ability to empathize with the user is on almost every job post.

But from my own experience working with UX teams, I’d argue for the ability to advocate as the most important skill.

UX writers may have a very specialized mission, but they typically work within a greater UX design team. In larger companies some UX writers even work with a smaller team of fellow writers. Decisions aren’t made in isolation. You can be the wittiest writer, with a design decision based on obsessive user research, but if you can’t advocate for those decisions then what’s the point?

I mentioned several soft skills, but that doesn’t mean aspiring UX writers can’t benefit from developing a few specific tech skills. While the field doesn’t require a background in web development, UX writers often collaborate with engineering teams. Learning some basic web development principles such as responsive design can help writers create a better user experience across all devices. In a world of rapid prototyping, I’d also suggest learning a few prototyping apps. Several are free to try and super intuitive.

Now that the UX in front of writer no longer intimidates you, go check out ADJ, The American Genius’ Facebook Group for Austin digital job seekers and employers. User-centric design isn’t going anywhere and with everyone getting into the automation game, you can expect even more opportunities in UX writing.

Continue Reading
Advertisement

Our Great Partners

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!