Lyft is testing monthly subscriptions for riders

Lyft is testing a monthly subscription plan for people who tend to take a lot of rides, The Verge first reported. This is no surprise, given Lyft CEO and co-founder Logan Green said earlier this week Lyft would like to achieve in transportation what Netflix achieved in streaming media with subscriptions.

There seems to be a couple of plans Lyft is testing out. One costs $199 up front to get 30 free rides worth up to $15 per ride. Another plan costs $399 a month for 60 rides. So, it appears as if Lyft is A/B testing to try to figure out just how much people are willing to pay.

“We’re always testing new ways to provide passengers the most affordable and flexible transportation options,” a Lyft spokesperson told TechCrunch. “For the past few months, we’ve been testing a variety of All-Access Plans for Lyft passengers.

If you already spend $450 a month on Lyft rides, both plans would likely be worth the money. Uber has previously offered a subscription service, Uber Plus Pass that guaranteed prices on rides for an upfront fee.

Weighing Risks, Benefits of Penetration Testing

Penetration testing can help find security vulnerabilities that aren’t typically identified by scanning and other monitoring. But the testing comes with some risks, say Chuck Kelser, CISO at Duke Health, and security expert John Nye of the consulting firm CynergisTek.

“Web applications tend to be a very fertile ground for attacks, so we want to be sure we’re proactively identifying those vulnerabilities,” Kesler says in an interview with Information Security Media Group at the HIMSS18 conference in Las Vegas.

“A lot of vulnerabilities, particularly in web applications, can’t be found in a simple vulnerability scan. There are sophisticated vulnerabilities … that the penetration tests will help highlight.”

Be Wary of Risks

But organizations also need to be aware of the potential risks posed to certain devices and systems during penetration testing.

“Penetration testing can cause systems to drop offline, and they can also cause corruption in medical devices and internet of things devices, or really cheap devices, like IP cameras, that can break,” Nye says.

The testing can also impact production systems “because we’re running scans against all those systems, and [are] hitting them with thousands of packets sometimes. It could slow the system down or stop a system from being accessible,” he notes. “This all needs to be considered.”

Prior to penetration testing, entities and testers need to carefully consider “what systems to touch, what systems not to touch and what the potential impacts are,” Nye says.

Kesler and Nye were co-presenters during HIMSS18 on the topic of pen testing.

In the interview (see audio link below photo), Kesler and Nye also discuss:

  • Other security concerns involving biomedical devices;
  • Top security priorities at Duke Health this year, including bolstering network access controls and management around bring-your-own-device as part of a broader three-year security plan;
  • The most troubling emerging cyber threats facing the healthcare sector.

As CISO for Duke Health, Kesler leads the organization’s information security office, which provides services for all Duke University Health System’s units as well as academic departments and research institutes in the university’s schools of medicine and nursing.

Nye, vice president of cybersecurity strategy at CynergisTek, has spent nearly a decade in information security, including stints with the U.S. Army, CSG International, Peter Kiewit and Sons, First Data Corp. and KPMG LLP. He now works exclusively as a penetration tester.