Monthly Archives: September 2013

Delta, United engage in mileage shenanigans with American Express, Visa

New revenue requirements in airline frequent flyer programs are bad news for business travelers.

As many of you know, I do a fair amount of air travel for my day job in the technology industry. One of the few advantages of being a frequent flyer is gaining the coveted “medallion” status on your preferred airline, which includes priority check-in and bag drop off, free checked bags and priority boarding, as well as seat upgrades.

Gaining status on an airline used to be fairly straightforward affair. You accumulated miles, or “points” based on either how many actual miles or how many total “segments” (stops) you flew in a given calendar year, whichever came first, to reach a specific medallion level.

In my case, I was able to make Gold on Delta for CY 2014 due to actual miles flown. The previous year, when I worked at IBM and did mostly regional travel, I reached Gold on total segments.

This has now changed for 2014. Two major airlines, Delta and United, are adding another qualifier: Revenue. What this means is that in addition to your miles or segments, you must spend a certain amount of money in tickets to reach that equivalent medallion status. Other large airlines are expected to follow suit.

To maintain my Gold in 2015, I will need to spend $5,000 on tickets in CY 2014.

United Premium Qualifying Dollars for MileagePlus (Click for external link)

There is a certain reasoning behind this that I can sort of appreciate, and it has to deal with the dreaded mileage run. I’ve written about mileage running in years past, and it has become something of a hobby for certain types of flyers who buy dirt cheap tickets on promotion, fly to that destination for one day, and fly back in order to maintain status levels. I think the idea is particularly crazy, but nevertheless, people still did this.

The revenue requirement will certainly cut down on the mileage runners, and it should reduce the amount of people with artificially inflated medallions, in theory. It’s certainly in Delta and United’s interest to downgrade or eliminate medallion members due to the large mergers that both of these airlines have undergone in recent years and vastly increasing their customer bases as a result.

But it also hurts the corporate business traveller who is increasingly being told to control his or her travel costs by booking flights further in advance and also cutting down on travel in general. By buying less expensive tickets, it puts their medallions at risk.

There has been quite a bit of discussion about the new revenue requirements on FlyerTalk, a prominent bulletin board for members of frequent flyer programs.

Delta Medallion Qualification Dollars (Click for external link)

I could live with these new rules if there wasn’t one … um, little additional thing that brings a certain “gaming” element to this system that is now entering the realm of shenanigans that government regulators should as probably be investigating.

As it stands I think “mileage running” is completely acceptable by comparison.

It turns out that on both Delta and United, you can completely waive all of your revenue requirements if you sign up for any of their special credit cards and spend $25,000 per year on them. Delta has a relationship with AMEX, whereas United has a special Chase Visa card for this purpose.

In my case, on Delta, if I qualify for and use their “Reserve” AMEX card, I get an additional 15,000 MQMs for every $30,000 I spend. No pressure, right?

I happen to be a personal American Express Platinum Card customer. I like my Platinum card. It has a unique benefits program, which, for its rather hefty $500-per-year fee, gets me into a variety of airline clubs, and the points that are accrued from spending can be used on a variety of airlines and merchants.

There are a number of tangible benefits with the Platinum that aren’t available on other American Express products, unless you happen to be a Centurion customer, in which case you probably don’t give a damn about medallion statuses anyway. You probably fly on a Gulfstream VI and use gold-leaf-lined toilet paper, and have miniature, lap-sized giraffes as house pets.

Be that as it may, the Platinum is my primary card; I don’t use cash for anything if I can avoid it, so spending $25,000 per year on it between me and my wife is not an issue.

My problem is that I don’t need a $500-per-year Amex Platinum Card as well as a $450-per-year Delta Reserve SkyMiles Amex card. And had this new revenue requirement been in effect for CY 2013, I would not have made my Gold status, because I would have been about $1,000 short on ticket purchases.

So, given my own unique travelling pattern and expected ticket revenue spend, I have no choice but to ditch my personal Platinum and move to Delta’s Reserve AMEX Card (or the Delta SkyMiles Platinum) instead.

This annoys me for a whole number of reasons. First, while Delta’s Reserve Amex card has similar benefits to the AMEX Platinum card, they aren’t exactly the same. Second, the points accumulated on this card are not as flexible with merchants as the Platinum.

I can get into Delta’s SkyClubs and those of their SkyTeam partners, but not other airline clubs such as American’s. I also can’t use the points other than Delta or a SkyTeam partner if I want to book tickets for personal travel, say, for vacation use.

And if I want to convert my Platinum card awards points to Delta points? There are transfer fees involved. It actually makes more sense to downgrade my Platinum to a Green card, and maintain it just to keep my rewards points as flexible as possible until they are all spent.

All in all, I think this new revenue requirement and Credit Card shenanigans by Delta and United are awful for their most valued customers.

Via: zdnet

US health care company faces giant class action suit for losing over 4,000,000 unencrypted records

Back in July 2013, four computers were stolen from a large health care provider in Illinois, USA.

At first blush, it doesn’t sound like “Crime of the Century,” but according to reports, those missing computers have become a huge thorn in the side of Illinois-based Advocate Health Care.

That’s because the computers contained Personally Identifiable Information (PII) of patients going right back to the 1990s – four million of them, in fact.

The computers were password protected, whatever that means, but the data on their hard disks was not encrypted.

In theory, then, if you were to put the hard disks into another computer, or boot the “protected” computers from a CD or USB key, you would almost certainly be able to copy off any or all of those four million records.

The stolen data is said to have contained at least names, addresses, dates of birth and Social Security numbers (SSNs).

SSNs are the closest thing that the US has to a national identity number, giving them an influence in identity and identification that they don’t really deserve.

With your address, date of birth and SSN, an identity crook has a pretty good shot at committing fraud in your name.

So, Advocate has apparently already been hit with the expense (and hassle) of contacting the affected patients, and of offering them a year of free credit monitoring.

Credit monitoring services aim to keep their eye on financial transactions carried out in your name, helping you to spot fraudulent activity on your existing accounts, as well as attempts to open new accounts that you might otherwise know nothing about.

Now, things have just got a whole lot more onerous, with the filing of a class action suit that could end up pitting millions of individuals against Advocate in court:

This is a consumer class action lawsuit brought by Plaintiffs, individually and on behalf of all other similarly situated persons (i.e. the Class Members), whose unencrypted personally identifiable information and personal health information — names, addresses, dates of birth, Social Security numbers, treating physician and/or departments for each individual, their medical diagnoses, medical record numbers, medical service codes, and health insurance information (collectively referred to as “PII/PHI”) — entrusted to Advocate was stolen by a thief or thieves while in the possession, custody, and control of Advocate.

(You have to love lawyerly English. Why not use three words when none would have done? The data wasn’t just stolen from Advocate, it was stolen from the company’s possession, custody and control.)

Class actions of this sort can end up expensive for the defendant (and lucrative for the lawyers, I must add, which may help to explain their propensity for pleonasm).

Facebook, for example, recently paid out a settlement for attaching its users’ names and photos to online ads without permission; the bill for that, which involved just over 600,000 eligible claimants, came to $20 million.

The chief lawyer of the company that has taken on the class action against Advocate said:

In this age of advanced technology, Advocate had to realize that its unorthodox methodology for maintaining important and private data posed a risk to the safety and security of their patients.

I don’t mean to excuse Advocate’s lapse, and I don’t disagree that the company should have realized the risk it was taking, but (for all the wrong reasons) I’m not so sure about the word “unorthodox.”

In my experience, encryption is still a technique more honored in the breach than in the observance, with an awful lot of the world’s PII stored in plaintext.

At the end of 2011, for example, sophos bought a stash of USB keys from an Australian train company’s lost property auction, interested to see what they might find.

They ended up with 50 USB keys containing 4443 directly readable files, ranging from movies and images, through tax records and software source code, to the minutes of an activists’ meeting.

The number of encrypted files they found?


We need to change the world so that storing data unencrypted really is unorthodox.

Via: sophos

Microsoft lures nonprofits with Office 365 freebie

A new program lets nonprofits and NGOs subscribe to Office 365 for free or at a discount.

Nonprofit organizations will be able to sign up for Office 365 for free or at a reduced price as part of a new program Microsoft launched.

Properly certified nonprofit and nongovernmental organizations (NGOs) in 41 countries can apply to the Office 365 for Nonprofits program. Microsoft expects to offer the program in 90 countries by July.

“Nonprofits are seeing more and more the advantages of cloud computing, but they often can’t access it because of costs and other reasons,” said Lori Harnick, general manager of Microsoft’s Citizenship & Public Affairs group.

While Microsoft has had a software donation program for years, this is the first time it will offer Office 365 in this manner, she said.

Customers can subscribe to the Office 365 Enterprise E1 plan for free for an unlimited number of seats. This plan, which normally costs $8 per user, per month, includes Exchange Online, SharePoint Online, Lync Online and the browser-based Office Web Apps.

For an additional per user, per month charge of $2, customers can get the full Office ProPlus productivity application suite streamed down and installed on users’ desktops. Exchange Online Archiving costs $1 per user, per month extra.

Customers also have the option of signing up for Office 365 Enterprise E3 at $4.50 per user, per month, a reduction from the regular price of $20 per user, per month.

Later on, Office 365 Nonprofits will add two more options specifically for organizations with 25 and fewer users: Office 365 Small Business for free, which normally costs $60 per user, per year (or $6 per user, per month); and Office 365 Small Business Premium for $2 per user, per month, down from its regular price of $150 per user, per year (or $15 per user, per month).

While it’s a good move to cater to nonprofits with Office 365, Microsoft is following rival Google, which has had a free nonprofit edition of its Apps email and collaboration suite since 2007.

“My take is that Google Apps for Nonprofits was doing very well in the market, and Microsoft needed to combat Google’s inroads with a more attractive Office 365 no fee offer,” Gartner analyst Matt Cain said via email.

However, a difference is that Apps for Nonprofits is only available in the U.S., England, and Wales.

In addition to giving Office 365 a competing offer among nonprofits against Google Apps, the product earns Microsoft points for corporate citizenship, according to TJ Keitt, a Forrester Research analyst.

“It provides organizations performing public services an affordable tool for communication and collaboration,” he said via email.

Moreover, this nonprofit offering expands the pool of people exposed to Office 365, potentially creating future customers for the paid editions, Keitt said.

Via: infoworld

US Army ignores shared PC login flaw, asks soldiers to keep quiet

A soldier was made to sign a non-disclosure agreement by the US Army after pointing out a security flaw which allowed accounts on shared PCs to be accessed without proper authentication.

The trivial login issue, which seems to allow soldiers to operate shared PCs with the access rights of the previous user, was exposed last week in a report on BuzzFeed, and has since been confirmed by senior US Army staff.

Army staff authenticate on shared computers on bases and in the field using Common Access Code (CAC) smart ID cards. On completing a session the card is removed from the reader and the session should be terminated. However, it appears that the logoff process is often slow and can easily be cancelled by the next user, who can then continue to access the system under the previous user’s account.

The issue itself is not hugely serious, although it’s not difficult to imagine a rogue member of staff easily manipulating it to gain access to information they should not have, or to carry out actions unmonitored – something which should be a high priority in US defense and intelligence circles, given the many high-profile
problems keeping control of their data in recent years.

The way the problem was dealt with, on the other hand, could serve as a textbook example of how not to deal with security problems.

The issue has been known about for over two years, with one Army lieutenant who spotted it facing all manner of troubles when he tried to report it to senior staff. Having been told that the problem was too tricky to fix, he was then allegedly made to sign a non-disclosure agreement and told he could face imprisonment if he broke it.

Others who pointed out the flaw to superiors were faced with silent inaction.

A statement issued by senior Army IT security staff after the problem appeared in the news has advised soldiers to be more careful when logging out of shared PCs.

It really shouldn’t be beyond the abilities of IT staff to fix a problem like this, especially within a two-year time frame.

Admittedly army funds are not unlimited, like any budget, and rolling out a fix to machines scattered all over the world might be quite a task, but the problem should at the very least be noted down and added to requirements for any future redesign or upgrade.

Responding to helpful bug reports by enforced vows of silence and threats of jail is no way to encourage people to be open about problems they may spot.

More advanced, specialised vulnerability research may be restricted to dedicated experts, but the everyday users of a system are an invaluable resource for spotting simple, easily-exploited security holes.

Encouraging people to take more care and have responsibility for their own security clearly has some value. In an institution which relies heavily on discipline this approach may provide a powerful check on violators, but in normal situations it should only be part of the solution, not the only layer of protection.

Rules for accessing secure systems should be backed up with technical controls too; even the army can’t trust everyone it employs, as they now know to their cost.

In business settings, this approach to dealing with IT issues would be inexcusable. But then, most businesses don’t have the threat of 30-year prison sentences to dangle over potential data miscreants.

Via: sophos

Study Finds One in Five Tweets Discloses the User’s Location

A recent USC research study examining more than 15 million tweets found that many Twitter users may be inadvertently revealing their locations when posting updates (h/t TG Daily).

“I’m a pretty private person, and I wish others would be more cautious with the types of information they share,” lead author Chris Weidemann, a graduate student in USC’s Geographic Information Science and Technology (GIST) online master’s program, said in a statement. “There are all sorts of information that can be gleaned from things outside of the tweet itself.”

While just 6 percent of users opt in to have Twitter broadcast their location with every tweet, other information can also reveal a user’s location.


Weidemann developed an application called Twitter2GIS to analyze the metadata collected by Twitter, which includes details about the user’s hometown, time zone and language. That data was mapped and analyzed, and Twitter2GIS was able to determine the user’s location to an accuracy of street level or better from approximately 20 percent of tweets.

While many Twitter users gave away their location directly through active location monitoring or GPS coordinates, about 4.4 million tweets a day provided so-called “ambient” location data, from which users might not be aware that they’re divulging their location.

When he used Twitter2GIS to analyze his own Twitter account, Weidemann was surprised to find that the application was quickly able to determine his location from a hashtag he used about an academic conference. “This research has been fun, and a little scary,” Weidemann said.

The study has been published in the current issue of the International Journal of Geoinformatics. A beta version of the software can be accessed online here.

Via: esecurityplanet

How Microsoft’s Surface 2 and Surface Pro 2 are better suited for businesses

The Windows tablet upgrades make them more mobile and suitable desktop replacements.

When Microsoft launches the next generation of Surface tablets in two weeks, they’ll be better suited to use in enterprises than the initial offerings, making them both more mobile with longer battery life and better suited for office work with a docking station add-on that gives them Ethernet connectivity.

Microsoft upgrades to the current Surface Pro, shown here,

will gain a docking station and battery-powered keyboard/cover.

There are two new models that are upgrades of the original Surface Pro – the full Windows version based on x86 processors – and Surface RT – the ARM-based tablets that run only Modern apps written specifically for Windows 8’s touch-centric interface.

The new models are called Surface Pro 2 and Surface 2, respectively, and feature a different set of upgrades, according to reports of leaked information about them. There’s a New York City launch event Sept. 23, but no availability date yet.

The Surface Pro 2, best suited for corporate use because it runs legacy business applications, will benefit from two accessories, a docking station and a keyboard/cover that includes a supplemental battery. The docking station will enable connecting to a LAN via a Gigabit Ethernet port. With an external monitor and full-sized keyboard it could serve as a traditional desktop and be undocked to take on the road.

To establish Surface Pro 2 as corporate mobile devices they will be built around Haswell chips that burn less power so the battery should last longer than four to five hours like the current version. Microsoft will introduce a new keyboard/cover called Power Cover that contains a battery of its own that will further extend usage time away from a power cord. Pushing the devices to survive a whole workday without plugging in would enhance their corporate value.

An 8GB RAM version of Surface Pro 2 is in the offing, doubling the memory of the original Surface Pro. A 4GB option will still be available.

There’s no firm date when Surface Pro 2 will ship, but that will likely be around the time that Windows 8.1 is available, scheduled for Oct. 18. So the new devices should come equipped with the new operating system, which has a set of corporate-friendly features. These include wirelessly connecting devices to standards-based display screens, using Windows 8.1 devices as hot-spots and support for mobile broadband, the last two of which again improve mobility.

Windows 8.1 devices can communicate via Miracast with other similarly equipped devices, for example, a large conference room display screen so a PowerPoint on the personal device can be shown to a roomful of people. The operating system also supports near-field communication (NFC) connections to printers, so a Windows 8.1 device can print to a local printer so long as it, too, supports NFC.

As for the Surface 2, it will also have a new processor, TEGRA, that will help extend battery life. It gets a higher resolution display – 1920×1080 up from 1366×768 pixels – which can only enhance the user experience.

Still, with its lack of support for traditional Windows applications, it’s handicapped as a business tablet. It also lacks the ability to join domains, although with Windows 8.1 Microsoft has worked out ways to improve security when the devices do connect to LANs.

Surface 2 comes with an abbreviated version of Microsoft Office, which makes it a more attractive business machine and is something missing from an iPad, with which Surface RT competes. Native Windows Modern applications are lacking.

While there are many attractive elements for businesses, these tablets are primarily consumer devices that will likely show up at work as BYOD devices, not corporate purchases.

Both Surface 2 and Surface Pro 2 will have a two-position kickstand for propping them up when used in conjunction with a keyboard. This is not of particular use to businesses specifically, but the option of placing the screens at two different angles makes their use more flexible.

Via: networkworld

Goodbye Microsoft Office, Hello iWork

At Apple’s product announcement this week in Cupertino Apple CEO Tim Cook announced that the company’s iWork office application suite would be free with iOS 7. This would be like Microsoft giving Microsoft Office away with Windows and there’s only one conclusion that can be drawn: Given slumping PC sales and ridiculous growth in the iPad market Microsoft’s sales are going to be hugely impacted.

The logic is simple: iOS devices are easier to manage for not only for consumers but for IT organizations as well and they are cheaper in terms of overall cost of ownership. In short, when as a typical non-power user you can pretty much do everything on an iPad you did on Windows and it’s an easier and cheaper package to deal with why would you replace your Windows PC with another Windows PC?

I predict that iWork becoming free on iOS 7 is going to have a huge impact on the market and it’s going to be a huge loss to Microsoft and it’s Office market, a huge dent in PC sales, and an enormous gain for Apple and the iPad.

Via: networkworld

Cox to Acquire EasyTel

Cox Communications, the nation’s third-largest cable company, announced it plans to acquire EasyTEL Communications, a CLEC offering voice, data and video services to commercial customers in the Tulsa, OK market.

While the acquisition in and of itself is not a huge deal, it does speak to ongoing competition for business services between traditional phone companies and cable operators. Cable operators don’t always have network facilities that pass businesses, so they will lease or buy fiber rings to bring potential business customers “on-net.” The FCC modified regulations last year, making it easier for cable operators to buy CLECS and expand their business operations.

Provided this acquisition is approved by regulators, Cox Business will own a network in the Tulsa market that covers approximately 95,000 fiber route miles, connecting over 21,000 customer locations. Cox Business services more than 300,000 small and regional businesses, and as the seventh largest voice service provider in the U.S., it supports one million phone lines.

In other cable-related news, cable operators showed mixed results in the first half of 2013 with their VoIP market share. Comcast, the nation’s largest cable company, now has over 10 million VoIP customers– growing its base by 3.7 percent in the first six months of 2013. Charter, the fourth largest cable operator, with about 2 million VoIP lines in service, expanded its VoIP customer base by 5.5 percent in the first half of this year. However, Time Warner Cable’s growth may have peaked: with just over 5 million VoIP customers in 2012, it lost 1.8 percent of its VoIP subscribers by Q2 2013.

AT&T and Verizon have increased their VoIP subscriber counts in 2013, although traditional phone companies continue to lose legacy voice customers to competing VoIP providers and wireless substitution.

Via: networkworld

Apple launches two iPhones, targets wider market

The iPhone 5C and iPhone 5S will both run iOS7, a new version of Apple’s mobile operating system.

For the first time since it redefined the smartphone market in 2007 with the launch of the iPhone, Apple will sell two distinctly different versions of the handset intended to attract consumers in different markets.

“The iPhone 5 helped take our iPhone business to an entirely different level,” said Tim Cook, Apple CEO, during a news conference on Tuesday. “In the past, when we have announced a new iPhone, we’ve lowered the price of the existing iPhone … but this year we are not going to do that.”


Apple iPhone 5S

“The business has become so large that this year we are going to replace the iPhone 5 with not one but two designs,” he said. “This allows us to serve even more customers.”

The iPhone 5C is new, lower cost version of the iPhone most easily differentiated by its bright, colorful case. It’s targeted at consumers in developed and developing markets that can’t afford the $600 price of the conventional iPhone. In the U.S., the phone will cost between $99 and $199 on a two-year contract.

At the high end will be the iPhone 5S.

It’s based on a new microprocessor developed by Apple called the A7. The 64-bit chip should offer a performance boost for users.

“We can use a new modern instruction set, a new Arm instruction set that is more efficient than the others use,” said Phil Schiller, senior vice president of worldwide marketing at Apple. “The A7 is up to twice as fast.”

The iSight camera is getting an upgrade in the iPhone 5S with a larger f2.2 lens and a slightly larger image sensor. There are new features, such as a burst mode and 120 frame-per-second slow-motion mode, and a new version of the photo software that will result in better pictures, said Schiller,

The third major update to the phone is the addition of a fingerprint sensor. It’s intended to make the user’s fingerprint the basis of security on the phone rather than a password. The sensor is imbedded into the home button under the screen, so users will just need to place their finger on the button to unlock the device.

Law enforcement officials in the U.S. have been increasingly critical of Apple and other smartphone makers for the lack of security features on their phones. They believe that more secure phones would reduce the incentive of criminals to steal phones, a fast growing area of crime in the U.S. and Europe.

The iPhone 5S will come in 16GB, 32GB and 64GB versions for between $199 and $399 with a standard two-year contract.

Both the iPhone 5C and iPhone 5S will go on sale on September 20 in the U.S., Australia, Canada, China, France, Germany, Japan, Singapore and the U.K. The iPhone 5C will be available for pre-order from Friday, September 13.

Both phones will run iOS7, the new version of Apple’s mobile operating system. The OS will also be available as an update to iPhone 4 and later phones from September 18 at no cost, and that led Cook to make a prediction.

“iOS7 will quickly become the world’s most popular mobile operating system,” he said.

The operating system features a visual refresh with new icons, access to search throughout the phone, a drop-down notification page and an improved camera application, said Craig Federighi, Apple’s senior vice president of Software Engineering.

Both the iPhone 5C and iPhone 5S will be important to Apple as it tries to shore-up and increase its share of the fast-growing smartphone market.

While the iPhone is often ranked as the best-selling smartphone, the large number of phones put on sale by competitors like Samsung are together attracting more customers. That means Apple’s market share is falling.

In the April to June quarter, 31.2 million iPhone units were sold, up from 26 million in the same period of 2012, but despite the healthy rise the company’s share dropped to 13.6 percent of the global market, down from 16.6 percent, according to Strategy Analytics.

Via: networkworld

Leaked iPhone 5S user guide touts fingerprint authorization sensor as ‘Touch ID’

Say hello to Apple’s Touch ID, likely the most interesting feature on the iPhone 5S

Apple’s iPhone media event is scheduled to kick off in just about an hour, but we have one more rumor for you before things get underway. Last night the Wall Street Journal confirmed that a fingerprint authorization sensor will be a part of the iPhone 5S. Now comes word via a leaked iPhone 5S user guide — originally published by, that the feature will be referred to as “Touch ID.”

From the photo above, it also appears that the home button has been slightly modified insofar as it now has a silver ring encircling it.

The media event kicks off in about an hour, and make sure to follow the latest updates via this handy list of liveblogs.

Via: networkworld