2 of 14Image
At the end of the year, it’s traditional to look back and take stock of what happened in the previous 12 months. If you’re in the business of technology, looking back on everything that happened this year might give you vertigo. It was that kind of year.
The 13 entries on this list are comprised of two types: tech trends that came into clear focus this year, and products that did something new and have the potential to be disruptive.
This isn’t meant to be a “best of” list, although the individual products that made the cut are here because they’re a favorite of at least one ZDNet editor.
And we fully realize that your list is likely to be different from ours. Which is why we encourage you to add your own comments in the Talkback section. With that out of the way, let's see what we thought mattered in tech in 2013.
Modern cryptography does an excellent job at keeping secrets, assuming you’re using keys that are sufficiently large and properly randomized. When crypto fails these days, it's usually because someone found a way to tap into the data stream at a point where it was temporarily unprotected.
Edward Snowden’s revelations showed that the NSA and its UK counterparts the GCHQ are very good about exploiting those unencrypted weak spots. They tapped into Google's private, unencrypted lines between data centers. They install Trojans on target computers to get data directly off a device, before it’s encrypted. They’ve even tried to compromise hardware and public crypto standards with secret backdoors.
The solution, as we saw this year, is more and better encryption. Google is rushing to encrypt transmissions between its data centers and pushing Forward Secrecy to harden SSL against key compromise. Microsoft is also encrypting their internal traffic between data centers and pushing the industry to use newer and stronger crypto standards.
Well-implemented TLS/SSL is not impossible to break, but it's impractical to do so — even for the NSA. Unfortunately, there's still a lot of bad crypto out there, hobbled by old and weak standards and careless practices. Even governments make huge, important crypto errors.
There has been a steady increase in the use of encryption to protect data at rest and in transit, and you can look for that to increase steadily next year. Also look for governments to attempt to assert control over security technologies, even if it's an obviously futile exercise.
— Larry Seltzer
Biometrics hit the mainstream
Passwords are terrible ways to protect confidential data. The list of stupid things we do with passwords is, frankly, shocking.
- We choose bad passwords. A recent hack revealed millions of passwords from Adobe customers, and one analysis showed that the top two passwords in that list were “123456” and, of course, “password.” Others in the top 10 included “qwerty,” “111111,” and “adobe123.”
- We reuse passwords. Because remembering complex passwords is a pain, we reuse passwords at different sites. Which means if one site gets compromised, the bad guy now has the keys to every other site where those credentials were used.
- We’re easily fooled. Social engineering and phishing attacks exploit human nature, with users voluntarily handing over the keys to valuable things.
The obvious solution is two-factor authentication: something you have plus something you know. And the best accompaniment to a password is biometric proof that you are who you say you are. Apple’s TouchID, integrated into the iPhone 5S this year, was noteworthy as the first example of fingerprint reading technology integrated into a mainstream tech product. (A publicity stunt involving an alleged hack got far more coverage than it should have.)
Windows 8.1, which was released to manufacturing a month before iOS 7, has similar technology. A biometric framework and fingerprint registration application designed for use with the same type of reader as is found in the new iPhone (a big improvement over older swipe-based fingerprint readers) is built into Windows 8.1. It can be combined with the Trusted Platform Module (TPM) in a Windows 8.1 device to create a virtual smartcard that makes spoofing of enterprise network credentials very difficult. Look for this technology to become much more common next year.
— Ed Bott