Saturday, September 28, 2019

“Those Irresistible Price Alerts: ‘HOT!! Chicago to Barcelona, Spain for Only $272’ - The New York Times” plus 1 more

“Those Irresistible Price Alerts: ‘HOT!! Chicago to Barcelona, Spain for Only $272’ - The New York Times” plus 1 more


Those Irresistible Price Alerts: ‘HOT!! Chicago to Barcelona, Spain for Only $272’ - The New York Times

Posted: 27 Sep 2019 06:26 PM PDT

Penny Yim-Barbieri, 47, a freelance translator based in Las Vegas, didn't have the Cook Islands on her travel radar when she got an email alert from Scott's Cheap Flights about round-trip tickets to Rarotonga from Los Angeles at $495. She and her husband jumped on the deal and soon found themselves scuba diving in the South Pacific with humpback whales.

"We're divers and hikers, so we have to save on flights so we can do other stuff," said Ms. Yim-Barbieri, who estimates she's purchased about 30 bargain international flights found by Scott's in the past two years.

When it comes to self-booking, it's a golden age for price alerts, which have expanded from sale emails sent by airlines, travel agencies and other operators to fare predictions and deal disseminators, in both free and paid forms, and arriving by email, smartphone texts or push notifications.

"There is an increase in flight price-tracking capabilities, largely because of the ability of these companies to use machine learning to more accurately gauge whether a fare is a deal, and whether it is likely to go up or down," said Maggie Rauch, the senior director of research at Phocuswright, a travel industry research firm.

Flights tend to generate more deal options, but new websites, online features and mobile apps also offer savings on cruises and hotels. The following sites aim to help you get a great deal on the major expenses of travel.

Beware the seductive powers of flight alerts. At 1:37 p.m. on a recent Friday, it was hard to plug away at the deadline for this story when SecretFlying, a new flight deals app, sent this push alert to my phone: "HOT!! Chicago to Barcelona, Spain for only $272 round trip."

The app, launched in 2018 as a paid subscription service and free as of March, allows users to register for flight alerts based on preferred departure cities. The deals lean to international flights, which Tarik Allag, SecretFlying's founder, said offers bigger discounts, though domestic deals are also available. Users receiving alerts are routed to online travel agencies or aggregators for next steps in booking.

"If you have a specific destination and a specific date in mind, then maybe SecretFlying may not be the place to get it," Mr. Allag said. "But if you are somewhat flexible, there are incredible deals to be had."

Flexibility with your destination is key in taking advantage of Scott's Cheap Flights, which allows users to set their home airport and receive emails pegged to them. The service specializes in international fares, but also covers deals in Alaska, Hawaii, Puerto Rico and the Virgin Islands.

"On average, we see deals $550 off normal prices," said Scott Keyes, a co-founder and the chief executive of the company. "We're not interested in $50 or $75 off."

Paid subscribers, like Ms. Yim-Barbieri, fork over $49 a year for the first look at deals and for "mistake fares," or rock-bottom deals that usually result when the airline makes an error. Mr. Keyes found such a round-trip flight from New York City to Milan for $130 in 2013, which eventually led him to launch his company in 2015.

Founded in 2017, Matt's Flights sends out deals once or twice a week to subscribers of its free email, which covers domestic and international flights from United States and Canadian airports, in more than 60 cities. After a 14-day free trial, premium subscribers paying $49.99 a year can narrow search results by region and can request custom searches for a particular route. Matt's doesn't make the booking for you — results link users to Google Flights to search for the deal — but it offers customer service via email for premium members who have booking questions.

More on finding travel deals …

Matt Guidice, the founder of Matt's Flights, said the service has more than 500,000 free subscribers and that travelers typically save from $200 to $400 on international tickets and from $50 to $200 for domestic fares.

Always free, flight searches on Kayak usually come with advice on whether to buy a ticket now or wait as fares may drop. By toggling a button on the search page, users can track prices on a flight and receive email updates on current fares, which often become more volatile as departure nears.

According to Giorgos Zacharia, the chief technology officer for Kayak, 47 percent of the time users save an average of $163 using flight alerts. About a third of the time, flight prices go up by an average of $138.

CruiseWatch.com, a cruise search site, sends free price alerts to registered users. The site allows you to search for a cruise then set a price alert tailored to price drops and specific cabin types, such as interior or balcony rooms. Users can also set a maximum budget to see if or when a cruise falls into that range.

The Germany-based service is tailored to American travelers because they are the biggest market in cruising, according to its chief executive Markus Stumpe. While it doesn't sell cruises — bookings are handled by travel agency partners — the site offers free advice and strategies for saving money, including how to cancel and rebook if a cruise price drops more than the value of a cancellation fee. According to the company, cruise fares tend to drop around 100 days before sailing and users report typical savings of around $300.

Hotel room prices fluctuate less than flights, but the app Pruvo offers the assurance that if a rate drops after you've booked it, you'll know about it and can rebook. Once users share an existing reservation with Pruvo, it tracks your hotel reservation and if a better rate comes along for the same hotel, on the same date, in the same room category, it contacts you. As long as the booking lies outside of the penalty window for cancellations, the service tells users how to cancel their reservation and make a new one at the lower price.

According to Pruvo, hotel prices drop about 40 percent of the time after booking — on average 14 percent of the original booking price. Most drops are a result of competition between online travel agencies cutting their booking commissions, according to Doron Nadivi, the chief commercial officer of Pruvo. The service is free; the company makes money through commissions from its hotel and travel agency partners.

Last summer, Google.com/travel enhanced its free hotel search analyses. It began offering price insights on hotels searched on a mobile platform that lets searchers know if a price is low, high or typical; indicates whether prices are trending up, down or holding; and compares an individual hotel to similar hotels nearby.

In a recent search for hotels in New York City in October, I got a best rate of $132 a night for the Pod 51 Hotel in Manhattan, indicating it was a "deal" at 21 percent less than usual. It also showed rates at "similar hotels nearby," including the Vanderbilt YMCA at $100 and the Fifty Hotel & Suites by Affinia at $197. Clicking on its "price insights" tab, I got more data; Google called the rate low, with typical rates running $155 to $297, and displayed a graph showing rate fluctuations for the past month.

With such searches for hotels in a city over specific dates, Google and Kayak will allow you to activate a hotel price alert that follows rates in the destination.

#SocialSec: Hot takes on this week's biggest cybersecurity news (Sept 13) - The Daily Swig

Posted: 13 Sep 2019 12:00 AM PDT

Disquiet for some as DNS-over-HTTPS is readied for prime time; Apple hits back at Google over iPhone hack warning; and a parody music video tackles phishing head-on

Apple this week hit back at recent research by Google about a supposedly "sustained effort" to hack iPhones as part of a sophisticated surveillance operation that's said to date back at least two years.

Hacked websites were being used to serve exploits to surfers who visited them using their iPhones.

The sophisticated attack had "the capability to target and monitor the private activities of entire populations in real time", Google's Project Zero researchers warned.

Exaggeration, according to Apple, which contended Google is spreading FUD over the impact of already patched iPhone bugs.

In downplaying the extent of the admittedly sophisticated attack, Apple confirmed it had targeted China's Uighur Muslim minority.

Apple said the assault was "narrowly focused, not a broad-based exploit of iPhones 'en-masse' as described" and only affected fewer than a dozen websites.

Apple's counter-offensive – which came days before the company introduced the iPhone 11 in a major revamp of the product line – was discussed by show co-host Graham Cluley in this week's edition of the ever dynamic and fun Smashing Security podcast.

Play DoH

Your own correspondent had the honour of appearing as a guest on Smashing Security this week, where we also discussed the privacy benefits and previous controversies about DNS-over-HTTPS (DoH), an emerging internet protocol.

The DoH protocol hides DNS queries inside regular HTTPS traffic, making it more difficult for third parties such as governments or ISPs to keep tabs on surfer's internet browsing.

Mozilla last week announced plans to roll out the technology as a default option, initially to US web users and starting later this month.

In promoting the technology, which has been offered as an option in Firefox since June 2018, Mozilla was at pains to address concerns over parental controls and DNS-over-HTTPS.

The browser-maker said it would disable the protocol if it detects them, a response that drew a cautious welcome from ISPA, as The Daily Swig reported earlier this week.

In the wake of Mozilla's announcement, Google released a blog post saying it planned to introduce DNS-over-HTTPS in October.

Although the security community in general remains upbeat about the security and privacy benefits of DoH, concerns remain in some quarters about how the technology would work in practice.

DoH means that Firefox will concentrate all DNS traffic on Cloudflare, and they send traffic from all their users to one entity and this could actually work in favour of, rather than contrary to, government surveillance, some argue.

A serious topic, to be sure, but during the podcast we also discussed whether DoH should be pronounced like Homer Simpson's catchphrase (D'oh) or dough (as in bread making), inspiring a putative meme in the process:

Show me the 'sploits

Discussions about bug bounties recently made their way to the mainstream press, with a Daily Mail interview with celebrated security researcher Mark Litchfield.

Litchfield, one of a handful of elite hackers who have earned $1m or more through HackerOne's bug bounty program, said that his main motivation was being rewarded for his skills, rather than making the internet safer.

"I'm in it for the money – it's my time, my skills and I should be fairly paid," he told the tabloid. "I don't care about making the internet safer."

BlueKeep

Staying with bugs, a community-developed exploit module for the infamous BlueKeep (CVE-2019-0708) vulnerability in Windows was released by the Metasploit Project late last week.

BlueKeep is a recently patched RDP flaw in Windows that Microsoft unusually warned might be wormable in the same way as WannaCry at the time it released a fix.

Infosec search index

In other news, the most Googled people, businesses, scams and breaches in the history of cybersecurity were spotlighted in a study that came out this week.

Among the findings was that the 2017 Equifax breach has become the most searched for data breach ever. The Heartbleed security bug was searched for more than any other security threat, even WannaCry.

More surprising still was that Shark Tank investor and infosec entrepreneur Robert Herjavec emerged from the study as possibly the most famous person in security.

John McAfee appeared in second place in the list ahead of Kevin Mitnick, the self-styled "World's most famous hacker", Bruce Schneier, and Troy Hunt.

The study (PDF) – put together by managed threat detection firm Redscan – was based on analysis of Google Trends global search history dating back to 2004.

Searches for cybersecurity jobs, courses, and salaries are growing quickly, indicative of a rising interest in security careers and demand for talent, according to Redscan.

Gone phishing

Finally, a new Host Unknown music video landed this week for a song entitled 'Lost all the Money'. The music video – a parody of Nelly's 'Ride Wit Me' – serves to shine the spotlight on phishing attacks.

The release represents the eagerly awaited third song from UK-based infosec community stalwarts Thom Langford, Andrew Agnês, and Javvad Malik.

Previous releases by the trio include 2014's seminal 'I'm a C I Double S P', follow up by 2016's 'Accepted the Risk'.

In an ego-crushing snub, none of the trio's previous videos earned a Pwnie Award, the infosec world's equivalent of the Oscars.

“Those Irresistible Price Alerts: ‘HOT!! Chicago to Barcelona, Spain for Only $272’ - The New York Times” plus 1 more


Those Irresistible Price Alerts: ‘HOT!! Chicago to Barcelona, Spain for Only $272’ - The New York Times

Posted: 27 Sep 2019 06:26 PM PDT

Penny Yim-Barbieri, 47, a freelance translator based in Las Vegas, didn't have the Cook Islands on her travel radar when she got an email alert from Scott's Cheap Flights about round-trip tickets to Rarotonga from Los Angeles at $495. She and her husband jumped on the deal and soon found themselves scuba diving in the South Pacific with humpback whales.

"We're divers and hikers, so we have to save on flights so we can do other stuff," said Ms. Yim-Barbieri, who estimates she's purchased about 30 bargain international flights found by Scott's in the past two years.

When it comes to self-booking, it's a golden age for price alerts, which have expanded from sale emails sent by airlines, travel agencies and other operators to fare predictions and deal disseminators, in both free and paid forms, and arriving by email, smartphone texts or push notifications.

"There is an increase in flight price-tracking capabilities, largely because of the ability of these companies to use machine learning to more accurately gauge whether a fare is a deal, and whether it is likely to go up or down," said Maggie Rauch, the senior director of research at Phocuswright, a travel industry research firm.

Flights tend to generate more deal options, but new websites, online features and mobile apps also offer savings on cruises and hotels. The following sites aim to help you get a great deal on the major expenses of travel.

Beware the seductive powers of flight alerts. At 1:37 p.m. on a recent Friday, it was hard to plug away at the deadline for this story when SecretFlying, a new flight deals app, sent this push alert to my phone: "HOT!! Chicago to Barcelona, Spain for only $272 round trip."

The app, launched in 2018 as a paid subscription service and free as of March, allows users to register for flight alerts based on preferred departure cities. The deals lean to international flights, which Tarik Allag, SecretFlying's founder, said offers bigger discounts, though domestic deals are also available. Users receiving alerts are routed to online travel agencies or aggregators for next steps in booking.

"If you have a specific destination and a specific date in mind, then maybe SecretFlying may not be the place to get it," Mr. Allag said. "But if you are somewhat flexible, there are incredible deals to be had."

Flexibility with your destination is key in taking advantage of Scott's Cheap Flights, which allows users to set their home airport and receive emails pegged to them. The service specializes in international fares, but also covers deals in Alaska, Hawaii, Puerto Rico and the Virgin Islands.

"On average, we see deals $550 off normal prices," said Scott Keyes, a co-founder and the chief executive of the company. "We're not interested in $50 or $75 off."

Paid subscribers, like Ms. Yim-Barbieri, fork over $49 a year for the first look at deals and for "mistake fares," or rock-bottom deals that usually result when the airline makes an error. Mr. Keyes found such a round-trip flight from New York City to Milan for $130 in 2013, which eventually led him to launch his company in 2015.

Founded in 2017, Matt's Flights sends out deals once or twice a week to subscribers of its free email, which covers domestic and international flights from United States and Canadian airports, in more than 60 cities. After a 14-day free trial, premium subscribers paying $49.99 a year can narrow search results by region and can request custom searches for a particular route. Matt's doesn't make the booking for you — results link users to Google Flights to search for the deal — but it offers customer service via email for premium members who have booking questions.

More on finding travel deals …

Matt Guidice, the founder of Matt's Flights, said the service has more than 500,000 free subscribers and that travelers typically save from $200 to $400 on international tickets and from $50 to $200 for domestic fares.

Always free, flight searches on Kayak usually come with advice on whether to buy a ticket now or wait as fares may drop. By toggling a button on the search page, users can track prices on a flight and receive email updates on current fares, which often become more volatile as departure nears.

According to Giorgos Zacharia, the chief technology officer for Kayak, 47 percent of the time users save an average of $163 using flight alerts. About a third of the time, flight prices go up by an average of $138.

CruiseWatch.com, a cruise search site, sends free price alerts to registered users. The site allows you to search for a cruise then set a price alert tailored to price drops and specific cabin types, such as interior or balcony rooms. Users can also set a maximum budget to see if or when a cruise falls into that range.

The Germany-based service is tailored to American travelers because they are the biggest market in cruising, according to its chief executive Markus Stumpe. While it doesn't sell cruises — bookings are handled by travel agency partners — the site offers free advice and strategies for saving money, including how to cancel and rebook if a cruise price drops more than the value of a cancellation fee. According to the company, cruise fares tend to drop around 100 days before sailing and users report typical savings of around $300.

Hotel room prices fluctuate less than flights, but the app Pruvo offers the assurance that if a rate drops after you've booked it, you'll know about it and can rebook. Once users share an existing reservation with Pruvo, it tracks your hotel reservation and if a better rate comes along for the same hotel, on the same date, in the same room category, it contacts you. As long as the booking lies outside of the penalty window for cancellations, the service tells users how to cancel their reservation and make a new one at the lower price.

According to Pruvo, hotel prices drop about 40 percent of the time after booking — on average 14 percent of the original booking price. Most drops are a result of competition between online travel agencies cutting their booking commissions, according to Doron Nadivi, the chief commercial officer of Pruvo. The service is free; the company makes money through commissions from its hotel and travel agency partners.

Last summer, Google.com/travel enhanced its free hotel search analyses. It began offering price insights on hotels searched on a mobile platform that lets searchers know if a price is low, high or typical; indicates whether prices are trending up, down or holding; and compares an individual hotel to similar hotels nearby.

In a recent search for hotels in New York City in October, I got a best rate of $132 a night for the Pod 51 Hotel in Manhattan, indicating it was a "deal" at 21 percent less than usual. It also showed rates at "similar hotels nearby," including the Vanderbilt YMCA at $100 and the Fifty Hotel & Suites by Affinia at $197. Clicking on its "price insights" tab, I got more data; Google called the rate low, with typical rates running $155 to $297, and displayed a graph showing rate fluctuations for the past month.

With such searches for hotels in a city over specific dates, Google and Kayak will allow you to activate a hotel price alert that follows rates in the destination.

#SocialSec: Hot takes on this week's biggest cybersecurity news (Sept 13) - The Daily Swig

Posted: 13 Sep 2019 12:00 AM PDT

Disquiet for some as DNS-over-HTTPS is readied for prime time; Apple hits back at Google over iPhone hack warning; and a parody music video tackles phishing head-on

Apple this week hit back at recent research by Google about a supposedly "sustained effort" to hack iPhones as part of a sophisticated surveillance operation that's said to date back at least two years.

Hacked websites were being used to serve exploits to surfers who visited them using their iPhones.

The sophisticated attack had "the capability to target and monitor the private activities of entire populations in real time", Google's Project Zero researchers warned.

Exaggeration, according to Apple, which contended Google is spreading FUD over the impact of already patched iPhone bugs.

In downplaying the extent of the admittedly sophisticated attack, Apple confirmed it had targeted China's Uighur Muslim minority.

Apple said the assault was "narrowly focused, not a broad-based exploit of iPhones 'en-masse' as described" and only affected fewer than a dozen websites.

Apple's counter-offensive – which came days before the company introduced the iPhone 11 in a major revamp of the product line – was discussed by show co-host Graham Cluley in this week's edition of the ever dynamic and fun Smashing Security podcast.

Play DoH

Your own correspondent had the honour of appearing as a guest on Smashing Security this week, where we also discussed the privacy benefits and previous controversies about DNS-over-HTTPS (DoH), an emerging internet protocol.

The DoH protocol hides DNS queries inside regular HTTPS traffic, making it more difficult for third parties such as governments or ISPs to keep tabs on surfer's internet browsing.

Mozilla last week announced plans to roll out the technology as a default option, initially to US web users and starting later this month.

In promoting the technology, which has been offered as an option in Firefox since June 2018, Mozilla was at pains to address concerns over parental controls and DNS-over-HTTPS.

The browser-maker said it would disable the protocol if it detects them, a response that drew a cautious welcome from ISPA, as The Daily Swig reported earlier this week.

In the wake of Mozilla's announcement, Google released a blog post saying it planned to introduce DNS-over-HTTPS in October.

Although the security community in general remains upbeat about the security and privacy benefits of DoH, concerns remain in some quarters about how the technology would work in practice.

DoH means that Firefox will concentrate all DNS traffic on Cloudflare, and they send traffic from all their users to one entity and this could actually work in favour of, rather than contrary to, government surveillance, some argue.

A serious topic, to be sure, but during the podcast we also discussed whether DoH should be pronounced like Homer Simpson's catchphrase (D'oh) or dough (as in bread making), inspiring a putative meme in the process:

Show me the 'sploits

Discussions about bug bounties recently made their way to the mainstream press, with a Daily Mail interview with celebrated security researcher Mark Litchfield.

Litchfield, one of a handful of elite hackers who have earned $1m or more through HackerOne's bug bounty program, said that his main motivation was being rewarded for his skills, rather than making the internet safer.

"I'm in it for the money – it's my time, my skills and I should be fairly paid," he told the tabloid. "I don't care about making the internet safer."

BlueKeep

Staying with bugs, a community-developed exploit module for the infamous BlueKeep (CVE-2019-0708) vulnerability in Windows was released by the Metasploit Project late last week.

BlueKeep is a recently patched RDP flaw in Windows that Microsoft unusually warned might be wormable in the same way as WannaCry at the time it released a fix.

Infosec search index

In other news, the most Googled people, businesses, scams and breaches in the history of cybersecurity were spotlighted in a study that came out this week.

Among the findings was that the 2017 Equifax breach has become the most searched for data breach ever. The Heartbleed security bug was searched for more than any other security threat, even WannaCry.

More surprising still was that Shark Tank investor and infosec entrepreneur Robert Herjavec emerged from the study as possibly the most famous person in security.

John McAfee appeared in second place in the list ahead of Kevin Mitnick, the self-styled "World's most famous hacker", Bruce Schneier, and Troy Hunt.

The study (PDF) – put together by managed threat detection firm Redscan – was based on analysis of Google Trends global search history dating back to 2004.

Searches for cybersecurity jobs, courses, and salaries are growing quickly, indicative of a rising interest in security careers and demand for talent, according to Redscan.

Gone phishing

Finally, a new Host Unknown music video landed this week for a song entitled 'Lost all the Money'. The music video – a parody of Nelly's 'Ride Wit Me' – serves to shine the spotlight on phishing attacks.

The release represents the eagerly awaited third song from UK-based infosec community stalwarts Thom Langford, Andrew Agnês, and Javvad Malik.

Previous releases by the trio include 2014's seminal 'I'm a C I Double S P', follow up by 2016's 'Accepted the Risk'.

In an ego-crushing snub, none of the trio's previous videos earned a Pwnie Award, the infosec world's equivalent of the Oscars.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.