Group items tagged

This article talks about the recent hack of HEI Hotel & Resorts that occurred in June of this year, where 20 HEI-operated hotels were breached via their POS system. The malware had been discovered in June but the company reported that it could have been active since March 1st, 2015 in some systems. The article also talks about how POS systems are common targets for hacking and goes on to mention some of the other recent cybersecurity risks that have occurred in the industry, where their POS systems were the targets of hacking. The American Hotel & Lodging Association met with a group of other associations to discuss the issues of cybersecurity and look for possible solutions. However, the industry has not taken measures to amplify their security, probably due to the history with certain IT standards, the cost of starting over, and potential privacy issues. The article claims that, overall, the industry has not done much to change the inherent security risks with regards to technology.

This article highlights the importance of announcing a security breach quickly, and explains the argument on whether it needs to be carefully analyzed before releasing the breach. It explains the importance of releasing the understanding of a hack as quickly as possible to maintain people's information (i.e. bank information) safe.

In the article, "Hotel Lock Firm's Security Fix Requires Hardware Changes For Millions Of Keycard Locks," it talks about how Onity has a plan to fix a security flaw that allows hackers to insert a homemade device into the lock and open the door in a matter of second. The only problem with this new plan is that it requires hardware changes to every affected lock and it even might require it customers to pay for it. "Black Hat security conference by Cody Brocious, a Mozilla developer who showed that he was able to insert a device he built for less than $50 into the data port on the underside of Onity's locks, read their memory to find a decryption key, and use it to gain access to the lock's firmware and trigger its open command in a matter of seconds." It seems crazy that hackers can break in so easily, so maybe this expensive security could be worth it in the long run. The company responded with two different parts, first, it's issuing caps that cover the data port Brocious's hack exploited and the second more substantial: Onity will offer its customers new circuit boards and firmware that ostensibly fix the problems. Before reading this article I had no idea that it was so easy for hackers to get into hotel rooms, this really makes you think twice before you decide which hotel you will be staying at!

The hardware of hotel is the locker. This article showed us there is a new key card locker was discovered by Onity's. It is more security but it need to change all the affected lock. It is a lock built for less than $50 into the data port on the underside of the Onity's locks. The company's response to that epic security bug has two parts-a quick fix, and a more rigorous one, both of which it plans to make available by the end of August: First, it's issuing caps that cover the data port Brocious's hack exploited, which can only be removed by opening the lock's case. To further stymie hackers who would try to open the locks and remove that cap, it's also sending customers new, more obscure Torx screws to replace those on the cases of installed locks.The company's response to that epic security bug has two parts-a quick fix, and a more rigorous one, both of which it plans to make available by the end of August: First, it's issuing caps that cover the data port Brocious's hack exploited, which can only be removed by opening the lock's case. To further stymie hackers who would try to open the locks and remove that cap, it's also sending customers new, more obscure Torx screws to replace those on the cases of installed locks. The safe issue became the most important issue of the new products. It will cost more money of each hotel and it is really safe or not is still a question. 

computer security is definitely still a "hot topic." But why are we spending all this time and money and still having problems? . Systems based on "Default Permit" are the computer security equivalent of empty calories: tasty, yet fattening.The most recognizable form in which the "Default Permit" dumb idea manifests itself is in firewall rules.Another place where "Default Permit" crops up is in how we typically approach code execution on our systems. 2.Why is "Enumerating Badness" a dumb idea? It's a dumb idea because sometime around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of Goodness. "Enumerating Badness" is the idea behind a huge number of security products and systems, from anti-virus to intrusion detection, intrusion prevention, application security, and "deep packet inspection" firewalls. 3."Penetrate and Patch" crops up all over the place, and is the primary dumb idea behind the current fad (which has been going on for about 10 years) of vulnerability disclosure and patch updates. 4.Hidden in Parker's observation is the awareness that hacking is a social problem. It's not a technology problem, at all. "Timid people could become criminals." The Internet has given a whole new form of elbow-room to the badly socialized borderline personality.If you're a security practitioner, teaching yourself how to hack is also part of the "Hacking is Cool" dumb idea. 5."Penetrate and Patch" can be applied to human beings, as well as software, in the form of user education.Dealing with things like attachments and phishing is another case of "Default Permit" 6.There's an important corollary to the "Action is Better Than Inaction" dumb idea, and it's that: "It is often easier to not do something dumb than it is to do something smart."

The EDTS company believes Savannah's economic and employement growth could attract hackers from obtaining personal information of tourists and visiting customers. Charles Johnson, the CEO of the company believes it is a duty for hotels/restaurants to provide data security for its customers. He believes that not only big companies such as Equifax and Yahoo are vulnerable to hacks, but also small businesses. He adds that when small businesses are hacked, they can be ruined. He stresses all kinds of outlets to protect their data before they have a major breach.

I found this article fascinating. It shows that no matter how much security we think we have, there will always be someone who is smart enough to hack you. We bring Smart devices into our homes and businesses to make our lives easier, yet these devices make us vulnerable to cyberattacks. In this article it details how a hacker(s) used a Smart thermostat located inside a fish tank to access and pull sensitive data out of a casino. I'll never look at the fancy aquariums in resorts/restaurants the same.

This article showed how even a well prepared company can be Hack, but what surprised me was the company took over three months to inform their customers of the hack. The company should've done a better job of alerting their customers so they can protect themselves and know what's going on.

This article discusses ways that the travel industry can combat cyberthreats. The main cyber concern for hotels' is phishing, which is a scam that collects credit card information by pretending to be apart of a hotel's front desk staff. The article mentions that IT departments should do routinely updates to operating systems and back up data and files. Employees should also be trained to help prevent data breaches. The author briefly touched on what to do when your hotel system is hacked and even dives into how the airline industry is still very unequipped to handle cyberattacks and threats. This is a great read to learn how to keep up with best security practices in the hospitality and tourism industry.

This article contains information about the talks that will be occurring between the U.S. and China about hacking and cyber-security. According to U.S. officials, there is a "daily barrage of computer break-ins and theft of corporate and government secrets." These attacks are assumed to be from China. The objective of these talks is to establish some rules and behavioral standards between both countries under the topics of security and "commercial espionage." No changes are suggested to be made immediately, but the U.S. hopes that the talks can result in a small, constant change between the countries. These talks will begin in July. This article seemed important in my opinion since the topic of this week in class was about cloud computing. If these two countries participated in a similar business function and used cloud computing to store important information, there could be arising issues. All of the important information could be jeopardized by hacking. By both countries coming to an agreement on the terms of cyber-security, this could possibly open up new opportunities for both countries to work together or expand businesses to one another. This does not mean that hacking will stop in its entirety. However, it could be the beginning of the step in the right direction.

This article is about the wireless networks within hotels today and how there are many hackers that are breaking into the hotels networks. It discusses how hackers target hotel networks more than any other destination in previous years, and that what is even worse is that the hotels that have been hacked didn't have any knowledge of the hacking that has been done for more or less than 160 days. This article also gives insight of some of the possible things to do to prevent hacking from happening.  I feel that this article although it is 3 years dated, is of great importance to most hospitality industry businesses. There is much information that is stored and transported through many networks that can cause a company to loose everything they have worked for if put into the wrong hands. 

In a report generated by Trustwave Global Security shows that about 94% of POS hacks are contributed by weak remote access. The hospitality industry seems to have taken the hardest hit. We know of the grueling schedules that come with working in our industry and how we all can't be there seven days a week. So when management are in the comfort of their relaxation area and remotely access the POS systems, they seem to be leaving the doors open for hackers to enter, as well. "In a breakdown of types of IT environments most frequently compromised, POS systems and assets were associated with 95 percent of breaches in the food and beverage industry" (Pham). One popular hospitality establishment that has reported a breach is the New York location of Eataly. The thought process behind why these hacks are happening has not been figured out yet, but the idea has been tossed around that it is because of the credentials used to remote access. The temporary solution is to create a double layer security system, also known as two-factor authentication. By doing it this way, you can log in using your credentials, but then have a second login that needs to be verified by way of sending codes and authentications to technologies that you would have in your possession (cell phones, emails, etc.) so no one else can access that information.

I was very intrigued with this article, as Braun mentions cyberattacks on hotels in a very straightforward manner. Hotels are in a competition of enhancing their technology everyday, however, with this enhancement comes more of a liability of getting cyber hacked. In addition, our industry deals with a lot of third party companies, making it easier to hack information as well. As Braun mentions, attacks nowadays, are not only for credit card information, but also simple data on guests, such as passwords to loyalty programs, and other credentials. Therefore, as technology grows, the only thing predictable is that hacks will get more dangerous. So, the one true thing our industry must do is prepare ourselves as best as we can. 

This article is well worth the read. It informs us as to why our credit cards keep getting hacked although our favorite retail stores seems to have secure POS systems. There is actually lots of time and money that needs to be invested in order to have a secure POS. Many of these hacks keep happening because companies wait until it's too late to upgrade to chip reader POS or a higher performance security

This article talks about the many challenges for the hospitality industry due to hacking. One example is interconnected technology. If a hacker can hack into one location, they can hack into multiple connected locations.

The article is about what was happening today with some Twitter accounts, such as Former President Barack Obama, Mike Bloomberg, Bill Gates, Kanye West, Kim Kardashian West, Warren Buffett, and Jeff Bezos. Apparently the accounts were hacked and were asking people for money. It is a clear example of cyber attack with Twitter's account.

This recent article talks about the partnership which was formed due to the recent Marriott International hacking scandal. Cybint, military trained cybersecurity experts, and Routier, a service which provides hotels with engagement, operational and marketing products, have joined forces to prevent such future attacks. Routier co-founder and CEO Gal Bareket states "Our partnership with Cybint and the addition of its cybersecurity educational programming will help secure and protect end users in the wake of the Marriott [International] hacking scandal,". The article further highlights other benefits of this union between Cybint and Routier such as cyber literacy courses and hands on simulator labs for cybersecurity professionals. The article also highlights the prime features and services provided by both Cybint and Routier.

It's crowded at the top of the to-do list. We've just published the 2013 Lodging Technology Study, where hotel executives reveal which technology projects are top priorities for the year ahead. Their biggest investment (20% of their overall IT budgets) will be in guest room technology, focusing first on Wi-Fi access and bandwidth, and soon thereafter on upgrading door locks. Pressure to provide ample bandwidth is on, with high guest expectations for connectivity. But at the moment, it's room locking technology that's in the hot seat. Hotel guest room technology - and door locks in particular - received national attention in recent months when Forbes broke the news about a potential room lock security flaw found in Onity locks by a 24-year old software developer and security researcher. In a highly-contested decision (criticized as poor judgment by some and applauded as necessary full disclosure by others), the researcher released specific details of how to perform the lock hack. Since then a handful of hotels have alleged that the method was used by thieves in a series of guest room break-ins. While the threat is limited to one manufacturer's locking technology, it still could impact as many as 4 million hotel rooms. Onity responded with a fix, but is charging hoteliers for replacement technology, also a decision under criticism. Hotels, meanwhile, are putting a priority on upgrading locking technology. According to our survey, which was conducted at about the same time that the news broke about the potential lock flaw, more than one-third of hoteliers (35% overall) are planning to upgrade their hotel locks. About 20% will do so by the end of 2013, and another 15% will upgrade sometime thereafter. Right now, there are plenty of fingers being pointed with regard to ownership, if the hack method becomes a repeated source of break-ins. But regardless of who is to blame, it's the guest whose safety is compromised and the hotel whose name will

Hotel wifi connection can be an easy access for identity thieves to stole personal information. Several surveys have show that there are many potential risks to get attacks through hotel internet.  WiFi Hacking Crimes Are Easy to Commit The security of hotel witless networks is a big issue and can be easily attempted by hackers. People may illegally use the internet access by staying in the nearby area of a hotel. Fake access point can also cause consumers in the hotel to lose their personal information such as credit card, banking or other confidential information.  The article also offers some solutions to avoid hackers. 

Reading your article brings us back to some topics that we covered in this weeks reading. The security of hotels is important in that industry, especially when guest give out important information. Like you mentioned for example, credit cards and other confidential information that hotels need and use to process the guests into the systems. It is important that hotels protect their guests by affirming that all systems they use are well protected.

An unssuspecting person check into a hotel like any normal person would. The ever so common exchange, credit card for room key took place. The only difference was that the person that checked had done so with other intentions. The "guest" utilized an IP Telephone that was in this hotel room to hack into the hotel credit card database and steal credit cards, transmit them to a foreign country and then have money transferred to his offshore bank account. This happened but at the hands of Jason Ostrom, aa Vigilar senior security consultant. Ostrom was able to unplug teh telephone in his room, plug in the phone's ethernet canle into his laptop and hack away. Of course, he did this as part of his job in testing a company's security agaisnt viral hackers. His company offers free security testing using a downloadable software called VolP Hopper This article was extremely interesting because as a frequrnt traveler as well as a perosn in the hospitlaity industry I was very shocked at the ease that the credit card information could be stolen. When it comes to credit card security it is of the utmost importance for companies to be PCI compliant and spend whatever it is necessary to safeguard the information of their customers. The detrimental damage that a security breach can have on a person can be debilitating as leaders in the hospitality industry we must do everything possible to prevent attacks like this from happening. made me become extra cautious about using my credit cards.

As close to home as this hits, with a security breach at my hotel recently, I'm happy to see that companies are upgrading their systems. The Black Hat cyber security conference in Vegas had a hacker present how easy it was to gain access into a hotel room. He had less than $50 in equipment that he used to infiltrate the locks on the hotel doors. In response to this, Onity, the company whose locks were tested, came out with a plan for a "two-tier" security upgrade. This makes me feel a little bit better but at the same time, it seems like hotels aren't being proactive about protecting their customers, so maybe more hotels needs to be exploited.

I don't see this how it make anyone feel a little better, all the company is doing is giving price discounts and tightening up some locks, make it harder to pick apart. The problem is the avg their or experienced theif can take a part a lock in minuets if not seconds. Chances are you wouldn't even hear it if you were asleep, on the phone, watching TV. The system isn't very good if it can be hacked with up to 50$ of equipment