Thought you caught everything in security this year? There was a lot to unpack. Here are ten things we learned this year that you might have missed.
These near-silent tones can’t be picked up by the human ear, but there are apps in your phone that are always listening for them — and can be used to build up a profile about what you’ve seen, where, and in some cases even the websites you’ve visited.
A Gizmodo reporter discovered that Facebook had suggested a long-lost relative through “People You May Know,” a secret algorithmic feature on the site — even though they’d had no friends in common or an obvious connection of any kind. The social media giant wouldn’t say how it put the two relatives together. File under “extremely creepy.”
Microsoft said “no known ransomware” works on Windows 10 S, a locked down version that only allows apps through the Windows app store. We wanted to see if such a bold claim could hold up. (It didn’t.)
Apple hid a secret job posting on a public-facing but hidden iCloud server earlier this year calling for a “a talented engineer to develop a critical infrastructure component that is to be a key part of the Apple ecosystem.” Other companies also hide job postings in their website’s source code and other unconventional places in an effort to try to appeal to the brightest and sharpest minds.
Five people, including a respected data breach reporter and renown lawyer and blogger, were subpoenaed by the Justice Dept. for simply being named in a tweet. Prosecutors wanted a ton of information, including names, postal and IP addresses, and more in relation to a case that critics called a “vendetta” against a security researcher.
That’s according to the United Nations’ special rapporteur on privacy, who earlier this year lambasted a spate of new surveillance laws across Europe and the US, saying there is “little to no evidence” that the mass monitoring of communication prevents terrorism.
A key law that allows the NSA to spy on foreigners overseas (and many Americans) will expire at midnight on December 31, but because of how the surveillance programs are authorized, the legal power will roll over until about April. That gives Congress a few more months to sign a bill to reform or reauthorize the nation’s spy laws for the first time since the Edward Snowden disclosures.
After the massive 500 million account breach at Yahoo (the first of many — the number went up and up again), some chose to delete their account for good. The process itself may be easy, but many found that their accounts would persist and wouldn’t get wiped.
Even after President Trump took office, he was reportedly still using his old Galaxy S3 phone to tweet and take calls. The phone was out-of-date and didn’t have the latest patches, unlike newer phones, causing a significant security risk to the commander-in-chief. One report said an attacker gaining access to Trump’s phone — and his Twitter account — could be a “security disaster waiting to happen.” He was since given a more secure smartphone.
The former New York mayor has been advising Trump’s administration on cybersecurity, largely in part due to owning his own private cybersecurity company. But nobody seems to know exactly what his company does, and the mystery remains. What isn’t a secret is how horribly insecure his company’s website is. Not a good look.