CST 373 Week 5

Scrapbook 5 - Banks, ATMs, and Their Users

Hackers Are Emptying ATMs With a Single Drilled Hole and $15 Worth of Gear by Andy Greenberg of Wired (PDF archive)

Summary

Kaspersky, a Russian research company, found and reproduced a set of ATM robberies that had presented vulnerabilities in a widely used set of ATMs. ATM hackers drill a hole about the size of a golf ball near the pin pad and connect to the ATMs' hardware with their small computer using a wire. There isn't any authentication between the modules within the ATM, so the attacker can directly access the module that dispenses the cash and then tell it how much to dispense. The only limit is that the ATM will sense that something has gone wrong and reboot. Unfortunately, the ATM could have already dispensed $1,000 and can simply be told to dispense more after it has rebooted.

Reason Chosen

Hacking ATM is a new form of bank robbery and it's particularly interesting because of the accessibility. Regular bank hours are pretty limited and there's usually security but ATMs are often left without protection, outdated and vulnerable. Banks and users alike are more vulnerable to losing money and data through these seemingly secure machines.

Ethical Implications and Personal and Social Values at Stake

It's pretty obvious that it is not ethical to rob a bank and stealing from ATMs is not different. ATMs are still a fairly new component to our banking system and it can be very difficult to manage new technologies like these. The banks managing these machines have a responsibility to keep them secure and regularly test them for vulnerabilities.

As clients to large banks with ATM machines, we're expecting them to protect our data and our money. Everyone should be concerned about hackers accessing these machines because of the very important information (and money!) that they contain. Keeping our banks accountable for protecting our information and upgrading these machines is important.

There have been videos and articles released that help teach the average bank user how to look out for red flags that indicate an ATM has been tampered with but there aren't systems in place (at least that are known to me) for reporting suspected problems. Is this because the banks don't want the users to feel that their software isn't secure? Should we expect more from them or do the users have some responsibility to notify their bank when they notice a potential vulnerability?

Source Credibility

Wired is a well-known, technology-focused magazine based in San Francisco, California that has been active since 1993. They provide detailed articles surrounding relevant issues in technology.

Andy Greenberg is a Senior Staff Writer for Wired and previously worked at Forbes.

CST 373 Week 4

Scrapbook 4 - Ethical Dilemmas Surrounding Self-Driving Car Development

Uber suspends self-driving car program after Arizona crash by Gina Cherelus of Reuters (PDF archive)

Summary

Uber has been testing self-driving cars in Arizona through a pilot program they launched February 21st, 2017. This program allowed users to hail autonomous cars through the Uber ride-sharing platform, with two operators in the front seats that will step in when the car is unable to handle the situation. The autonomous ride-sharing vehicle saw its first accident March 24th, 2017 when a human-operated vehicle failed to yield to the Uber self-driving car while making a turn. The situation and investigation into the accident caused Uber to suspend the pilot program until further notice.

Reason Chosen

As interest in self-driving cars has become more prevalent and companies are racing to produce their own autonomous cars, real-world tests have become concerning and, at times, fatal. This is an interesting subject since we are observing how technical innovations may impact our regular routine of driving our own cars. These developments are also going to have a large impact on our workforce. If/when self-driving cars begin to populate the roads, there will be fewer employees necessary for delivery trucks and more needed in technology.

There are arguments in favor of self-driving car development that are the same as those against this. Both positions share the concern of safety on the road. Those in favor believe that there will be fewer accidents on the road and those that oppose believe there will be an increase in accidents. Because of these reasons, watching the development of these cars and their ethical battles is particularly interesting and sometimes concerning.

Ethical Implications and Personal and Social Values at Stake

The ethical implications with Uber running this pilot program primarily hinge on if they're doing it in the most responsible way possible, ensuring the safety of their customers. In late 2016, Uber had decided to not obtain permits in California that designated their cars as test cars, which ultimately lead to their car's California registrations being revoked. Following this, they began their pilot program in Arizona. Many stories have been released recently regarding ethical issues within the company. They've developed a reputation for not asking for permission to implement a service or intentionally deceiving officials and the public in an effort to expand their business.

By forcing themselves into certain businesses and practices, with what appears to be little concern for ethical responsibility and safety of others, the Uber brand is suffering. Halting their service in Arizona is a wise decision for now, but when will they resume it? Will Uber make improvements and add additional precautions to ensure this doesn't happen in the future? There were additional employees in the car that were supposed to take control when the car was presented with a difficult situation. Is it difficult to switch to human-operated and if it is, are those employees prepared to take over at any given moment?

Even if improvements are made, it's unlikely Uber can guarantee something similar won't happen again. More problems tend to arise as development and innovation progress. When there are two obstacles for a car, the software has to make a decision that decides on the best option. What if there are many factors? If the cars aren't ready for real-world situations and need more development time, would Uber admit that? It all raises the question if money or safety is more important to large companies, like Uber.

Source Credibility

Reuters is a well-known news source that was first established in 1851 and is headquartered in London, England. Their publication is global with 12 supported languages. They additionally have their own handbook that is designed to help them produce fair and reliable content.

Gina Cherelus is a reporter based in New York that has worked for Reuters for the past year as a U.S. General News Reporter. She obtained a degree in Journalism and Graphic Communication from Florida A&M University.

CST 373 Week 3

Scrapbook 3 - Should Google Be Held Responsible for Protecting User Privacy?

Judge OKs warrant to reveal who searched a crime victim’s name on Google by David Kravets of Ars Technica (PDF archive)

Summary

A victim of identity theft in Edina, Minnesota had nearly $30,000 stolen from his bank account by someone using his identity. They forged the victim's passport using a photo that appeared from the Google search engine when the victim's name was searched. The Edina Police Department initially sent Google a subpoena to gain user information details from the searches performed with the victim's name. Google rejected the subpoena and the Edina Police Department requested a warrant from the courts to access user information from Google. The courts granted the warrant. Google has indicated that they are fighting it.

Reason Chosen

This topic is particularly relevant to the discussions we're having in class. The warrant approved by the courts would provide the government with proprietary user data and the information requested by Google's users. This week in class we're discussing anonymity online and if governments should respect that privacy or require users to be tied to their government identities.

Ethical Implications and Personal and Social Values at Stake

The ethical implication that this case has is one where the government (or Edina Police) could breach the privacy of those utilizing the Google search engine. Additionally, it asks us to consider whether Google, a large U.S. company, should be responsible for protecting the privacy of its users. To protect themselves against any harm like this, a user could access a public unprotected computer, such as one at a library, but should that be necessary? If this were to become normal, would we see a trend to require users to input their government credentials to access search engines and other websites like this?

Many people utilize these search engines with the expectation that their search information will not be released to outside parties, like a government. If this were the expectation, we would expect any search performed to be held against us. Doing research for a paper may cause a student to search something completely morbid but with innocent intentions. This could result in unthinkable consequences. Incriminating cases, where completely innocent people become murder suspects due to their search queries, or similar (maybe not so extreme cases) could become more frequent.

Source Credibility

Ars Technica is a publication geared toward those interested in technology. It was started in the late 1990s and has become a trusted source for technology and related policy news. Ars Technica was acquired by Advance, the parent company of Conde Nast, in 2008 and has since expanded to the UK.

David Kravets is a Senior Editor at Ars Technica with previous experience as a Senior Staff Writer for Wired magazine, a Press Secretary for the California Department of Justice and Legal Affairs Writer for the Associated Press.

CST 373 Week 2

Scrapbook 2 - Cloudflare Bug Exposes Unintended Information

Massive Bug May Have Leaked User Data From Millions of Sites. So … Change Your Passwords by Lily Hay Newman of Wired (PDF archive)

Summary

Many large name websites, like Fitbit, Uber, and OkCupid, were utilizing Cloudflare's SSL certificates for their website security. Cloudflare had a major vulnerability exploited that caused requested endpoints to return additional data in the response from other websites. Cloudflare acts as a middleman when performing requests. So, when a request is made to a website behind Cloudflare, it passes through Cloudflare at the time of the request and at the response. The bug exploited from requests that returned HTML and the issue was in their parser. If a website response was HTML and there were mismatched HTML tags, Cloudflare would incorrectly parse the HTML and return additional information from its cache. This cache could contain any set of data from any other request. While the results could vary, they were cached in search engines like Google and Bing. Cloudflare worked quickly to resolve the bug, but the data was still cached for some period of time in these websites (or search engines) that scrape website information. This was a very serious issue that may have impacted a large number of users.

Reason Chosen

The Cloudflare "Cloudbleed" vulnerability was very big news recently and really highlighted the issue of using a third-party service to take care of a website's security. The impact was also large and they were unsure of who all would be impacted by this.

At my work, particularly, we had clients that were utilizing this service and it sent some of my coworkers into a bit of a frenzy. Not all of our clients use this service so it didn't impact many of us but it was extremely relevant and discussed a lot. It was also a good reminder to really take into consideration what third-party services are being used for and if using them is really in the best interest of the website users.

Ethical Implications and Personal and Social Values at Stake

This situation highlights the kinds of problems that can occur outside of the scope of a single code base when relying on third-party providers to handle security for your website. As a company needing to handle SSL certificates, passing this responsibility off to another is an ethical issue when one needs to be concerned about protecting their user data. Users are trusting the websites they utilize to do this and do it well. It's troubling to know that so many websites were utilizing this feature and that such a small issue can cause such a large problem for individual people.

This GitHub Gist has a list of websites that were using Cloudflare and it was recommended that users change their passwords for all of them.

Source Credibility

Wired is a well-known, technology-focused magazine based in San Francisco, California that has been active since 1993. They provide detailed articles surrounding relevant issues in technology.

Lily Hay Newman is a Security Staff Writer for Wired and has previously worked at other notable magazines and news organizations.

CST 373 Week 1

Scrapbook 1 - Are They Listening?

Can Alexa help solve a murder? Police think so — but Amazon won’t give up her data. by Amy B. Wang of The Washington Post (PDF archive)

Summary

A suspected homicide took place in a home equipped with smart devices. Among these devices was an Amazon Echo device. Authorities seized the device from the home and served Amazon with a warrant to obtain any recordings from the device, citing that they expect Amazon to host recording from the device that may provide assistance in the case. Amazon claims that they only keep recordings that consist of the command that the device hears. These recordings begin with the specified trigger word, "Alexa". They also claim that the user can delete the recordings through their smartphone application and while they're always listening, they don't record any additional information.

Reason Chosen

This situation highlights something close to me, as I have Amazon Echo products in my home. I keep one in my living room and another in the bedroom. They're used adjust the lights (on/off/dim) in each of the rooms. This article came out shortly after I had purchased the first product and it was a little worrisome. I was not worried because I was going to plan a murder but because of the other implications that it could have. Some of us don't see our daily activities as something to guard as private and other do. However, I live with my boyfriend and owning one wasn't just a decision to make for myself, but for him too. It's worth spending an additional moment to consider who else could be impacted by these purchases and if they would be okay with it.

Ethical Implications and Personal and Social Values at Stake

While this article was primarily focused on the police attempting to use a warrant to gain recordings from the Amazon Echo device, I'd like to place more attention on Amazon themselves and if what they claim is true regarding how they store the recordings.

Amazon claims that they only store the commands that are initiated with the trigger word, "Alexa" and that the owner of the product can delete recordings from their Amazon Echo application. There are a few moving pieces in this claim. First, the software for the product is closed-source and we don't know how Amazon is actually handling the data (sound processed in the cloud). We are completely relying on their claims. Because we can't verify how our data is being handled, we can't guarantee that the recordings are actually deleted when the user requests that they are not actually storing additional information.

Many people purchasing these products are unfamiliar with how "the cloud" works and that it is used at all with these products. They may feel differently about them if they knew that everything they said was being transmitted to a server outside of their home for processing, or understanding what you said and saying something in response. Once their data leaves their network, they no longer have control over it and can't guarantee the safety of it. They're trusting Amazon to handle their data respectfully and do anything malicious with it.

What's interesting to consider is if and how this should be handled. Is it okay to have so many products, in our own homes, listening? Could or should this be regulated? How do we know who we can trust? Perhaps there could be some sort of required warning about it? We don't have the answers but this is definitely pushing us into a new direction.

Source Credibility

The Washington Post is a well-known news source and is primarily circulated in Washington, DC. The author is a legitimate full-time journalist with The Washington Post. It is notable, and noted within the article itself, that the owner of The Washington Post is the chief executive of Amazon. However, this point does not diminish the value of my analysis.

CST 370 Week 8

Week 8

Phew! What a course! As we wrap up the final week, I'm very glad we've completed the course and are on to the next one (CST 373 Ethics in Communication and Technology). I've been looking forward to our next course for a while now because I really enjoyed the quick look into ethics in our first Proseminar course. I hope it lives up to my expectations.

As for this current course, we covered graphs this week. I'm sure we just covered the tip of the iceberg since we have a shorter week with only one homework assignment. The content covered in-order, pre-order, and post-order tree traversals, edge lists, adjacency matrices, and Dijkstra's algorithm. Throughout the course we've been watching videos from My Code School and they've been very helpful. I liked the emphasis this week regarding the trade offs between using an edge list and a adjacency matrix for storing a graphs. It's good to consider that an adjacency matrix will take up a lot more space and an edge list has a large lookup time. Those are very valid things to consider when working on larger systems.

The final has not yet been released as of writing this. I wanted to get all of my course work done before the final release so I don't miss anything. I expect to do well, especially since it's a programming assignment but you never really know...

Overall, I've really enjoyed this course and have loved how organized it is. There were no surprises and the course maintained consistency. The modules seemed pretty evenly weighted but I think stacks and queues could be combined. I was already familiar with the topics so I didn't not end up seeking out much help, but the professor and TA both seemed very available and encouraged us to contact them when we needed help.

CST 370 Week 7

Week 7

This week we covered binary search trees. There was a lot of emphasis on recursion (Google it... it's fun!) in the programming assignment. A good portion of the assignments for the week covered in-order, pre-order, and post-order tree traversals. It appeared in both the homework and programming assignments.

The concepts for these are pretty straight forward. They all traverse the tree in a similar way and vary based on when the contents of the node are displayed. The images here show the same path and the point in the path when each value is printed for in-order and pre-order traversals. All of these algorithms use recursive functions, treating each node as the root of a tree, for their implementation.

Binary search trees are very neat and efficient for finding values (assuming it's properly balanced). Instead of looking through an entire list, you can just go through the depth of the tree.

As I'm writing this, our final module for the course has been released and, based on a quick look, we're on to graphs! I'm very excited to close out another course in this program and get one step closer to graduation. It's become much more difficult to maintain focus but I'm pulling through!

Here is my programming assignment for the week:

CST 370 Week 6

Week 6

I kept thinking that I'd get ahead this week in this course and place more focus on my discrete math class, but that hasn't happened so far. I think I need to just sit down and focus a little more. I am finding myself frequently distracted.... but we're in the last stretch and I need to keep my eyes on the goal (that's what I tell myself, at least)!

We continued with sorting algorithms this week and added binary searches to our little collection of tools. The assignments were straightforward and really not too bad, once you got going. We implemented a binary search, both iteratively and recursively, in our lab and a non-standard sorting algorithm in our program, which I walk through in the video below.

Overall, I'm happy with the way this course is going. I really appreciate the general structure and predictability. If this were the beginning of the program, I'd be a lot more into it but I'm feeling very run down this week and at this point in the program. The repercussions of doing an additional course each semester while working full time for this entire program are surfacing.

Here is my video of the programming assignment this week:

CST 370 Week 5

Week 5

We're on to sorting algorithms! This week we covered selection sort, bubble sort, insertion sort, and merge sort. I definitely feel like I have an advantage in this aspect because I've covered it so many times and I believe that I have a good handle on it. The homework was pretty straight forward and didn't feel like it came from left field, or another class, this time. I appreciated that. The programming assignment also remained on topic, since we implemented sorting algorithms ourselves.

We also had our midterm this past weekend. I wasn't very excited about it because of my big flop last week and my lack of discrete mathematics knowledge (which I am just barely enrolled in!). I was glad to see that the midterm wasn't so heavy on the discrete math bit and was much more focused on the data structures and other material we covered. I was also surprised that there weren't problems covering converting infix notation to polish or reverse polish.

As far as the grading has gone, I feel like there has been a surprising amount of focus on C++ language specifics. I really feel like the grading on our assignments (homework and labs) should be more focused on us understanding the material and concepts of what we're learning and not so much on the language itself, especially because this is not a class on C++ itself. Personally, I haven't used C++ since ~2009 (8 years!) and am rusty on a lot of the language-specific aspects of it. Our lectures and reading assignments aren't focused on these things and I don't believe the grading should be either.

Here is my video of the programming assignment this week:

CST 370 Week 4

Week 4

There was a fair amount of new material this week that was very unlike the previous few weeks. We covered a fair amount under the algorithm complexity umbrella, like big O notation, recurrence relations, and time complexity.

I didn't start the homework early enough this week and it really hurt me. The structure was a bit different so I slowly (for this program!) worked through videos and skimmed the readings. I didn't begin the assignment until Sunday, leaving me only Monday and Tuesday (after work) to complete the assignment. For 5 questions, I didn't think it would be too bad... but I was so wrong. There are problem that I worked out but left completely blank because I don't even know how I got to where I was (the step problem).

Discrete mathematics is the last course I need outside of this program. I have paid for it and am in the process of enrolling through the University of North Dakota Online. However, I have not even started it yet. The homework had discrete math topics that I was unfamiliar with. I used my sister's old discrete mathematics textbook to complete what I could of the assignment.

I'm just considering this week a loss and will press on with the upcoming material. I do have some extra credit to fall back on, thanks to the videos. I believe it's best to stay current with the course than dwell on getting caught up. I will spend an additional day trying to complete the unanswered question on assignment. If I don't get it, I will move on. I have at least turned in something. Not all "F"s are the same, after all!