Video: Looking back on

Thought you caught everything in security this year? There was a lot to unpack. Here are ten things we learned this year that you might have missed.

1. APPS CAN USE ULTRASONIC SOUNDS TO TRACK WHERE ITS USERS GO

These near-silent tones can’t be picked up by the human ear, but there are apps in your phone that are always listening for them — and can be used to build up a profile about what you’ve seen, where, and in some cases even the websites you’ve visited.

2. FACEBOOK CAN MATCH YOU WITH RELATIVES YOU DIDN’T EVEN KNOW YOU HAD

A Gizmodo reporter discovered that Facebook had suggested a long-lost relative through “People You May Know,” a secret algorithmic feature on the site — even though they’d had no friends in common or an obvious connection of any kind. The social media giant wouldn’t say how it put the two relatives together. File under “extremely creepy.”

3. RANSOMWARE CAN STILL RUN ON WINDOWS 10 VERSIONS PROTECTED FROM RANSOMWARE

Microsoft said “no known ransomware” works on Windows S, a locked down version that only allows apps through the Windows app store. We wanted to see if such a bold claim could hold up. (It didn’t.)

4. APPLE HIDES JOB POSTINGS ON SECRET SERVERS

Apple hid a secret job posting on a public-facing but hidden iCloud server earlier this year calling for a “a talented engineer to develop a critical infrastructure component that is to be a key part of the Apple ecosystem.” Other also hide job postings in their website’s source code and other unconventional places in an effort to try to appeal to the brightest and sharpest minds.

5. YOU CAN GET SUBPOENAED BY SIMPLY BEING MENTIONED IN A TWEET

Five people, including a respected data breach reporter and renown lawyer and blogger, were subpoenaed by the Justice Dept. for simply being named in a tweet. Prosecutors wanted a ton of information, including names, postal and IP addresses, and more in relation to a case that critics called a “vendetta” against a security researcher.

6. MASS SURVEILLANCE MAY NOT ACTUALLY WORK

That’s according to the United Nations’ special rapporteur on privacy, who earlier this year lambasted a spate of new surveillance laws across Europe and the US, saying there is “little to no evidence” that the mass monitoring of communication prevents terrorism.

7. NSA’S SPY PROGRAMS WON’T SWITCH OFF WHEN US’ SPY LAW EXPIRES

A key law that allows the NSA to spy on foreigners overseas (and many Americans) will expire at midnight on December 31, but because of how the surveillance programs are authorized, the legal power will roll over until about April. That gives Congress a few more months to sign a bill to reform or reauthorize the nation’s spy laws for the first time since the Edward Snowden disclosures.

8. DELETING YOUR YAHOO EMAIL ACCOUNT CAN BE SURPRISINGLY DIFFICULT

After the massive 500 million account breach at Yahoo (the first of many — the number went up and up again), some chose to delete their account for good. The process itself may be easy, but many found that their accounts would persist and wouldn’t get wiped.

9. TRUMP USED AN UNSECURED ANDROID PHONE FOR MONTHS INTO HIS PRESIDENCY

Even after President Trump took office, he was reportedly still using his old Galaxy S3 phone to tweet and take calls. The phone was out-of-date and didn’t have the latest patches, unlike newer phones, causing a significant security risk to the commander-in-chief. One said an attacker gaining access to Trump’s phone — and his Twitter account — could be a “security disaster waiting to happen.” He was since given a more secure smartphone.

10. NOBODY SEEMS TO KNOW WHAT RUDY GIULIANI’S CYBERSECURITY FIRM ACTUALLY DOES

The former New York mayor has been advising Trump’s administration on cybersecurity, largely in part due to owning his own private cybersecurity company. But nobody seems to know exactly what his company does, and the mystery remains. What isn’t a secret is how horribly insecure his company’s website is. Not a good look.


Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here