3 of 14Image
Modern cryptography does an excellent job at keeping secrets, assuming you’re using keys that are sufficiently large and properly randomized. When crypto fails these days, it's usually because someone found a way to tap into the data stream at a point where it was temporarily unprotected.
Edward Snowden’s revelations showed that the NSA and its UK counterparts the GCHQ are very good about exploiting those unencrypted weak spots. They tapped into Google's private, unencrypted lines between data centers. They install Trojans on target computers to get data directly off a device, before it’s encrypted. They’ve even tried to compromise hardware and public crypto standards with secret backdoors.
The solution, as we saw this year, is more and better encryption. Google is rushing to encrypt transmissions between its data centers and pushing Forward Secrecy to harden SSL against key compromise. Microsoft is also encrypting their internal traffic between data centers and pushing the industry to use newer and stronger crypto standards.
Well-implemented TLS/SSL is not impossible to break, but it's impractical to do so — even for the NSA. Unfortunately, there's still a lot of bad crypto out there, hobbled by old and weak standards and careless practices. Even governments make huge, important crypto errors.
There has been a steady increase in the use of encryption to protect data at rest and in transit, and you can look for that to increase steadily next year. Also look for governments to attempt to assert control over security technologies, even if it's an obviously futile exercise.
— Larry Seltzer
Biometrics hit the mainstream
Passwords are terrible ways to protect confidential data. The list of stupid things we do with passwords is, frankly, shocking.
- We choose bad passwords. A recent hack revealed millions of passwords from Adobe customers, and one analysis showed that the top two passwords in that list were “123456” and, of course, “password.” Others in the top 10 included “qwerty,” “111111,” and “adobe123.”
- We reuse passwords. Because remembering complex passwords is a pain, we reuse passwords at different sites. Which means if one site gets compromised, the bad guy now has the keys to every other site where those credentials were used.
- We’re easily fooled. Social engineering and phishing attacks exploit human nature, with users voluntarily handing over the keys to valuable things.
The obvious solution is two-factor authentication: something you have plus something you know. And the best accompaniment to a password is biometric proof that you are who you say you are. Apple’s TouchID, integrated into the iPhone 5S this year, was noteworthy as the first example of fingerprint reading technology integrated into a mainstream tech product. (A publicity stunt involving an alleged hack got far more coverage than it should have.)
Windows 8.1, which was released to manufacturing a month before iOS 7, has similar technology. A biometric framework and fingerprint registration application designed for use with the same type of reader as is found in the new iPhone (a big improvement over older swipe-based fingerprint readers) is built into Windows 8.1. It can be combined with the Trusted Platform Module (TPM) in a Windows 8.1 device to create a virtual smartcard that makes spoofing of enterprise network credentials very difficult. Look for this technology to become much more common next year.
— Ed Bott
Cheap tablets that don’t suck
In the beginning, there was the iPad. Then there were a few Android tablets from Samsung and Google. Then Amazon got into the act with the Kindle Fire, and Microsoft released Windows 8.1, which enabled a whole class of tablet-sized devices. The result is a glut of great tablets to choose from.
Yes, there are plenty of dirt-cheap Android devices that deliver an awful experience, but they’re easy enough to avoid in favor of very good brand-name devices. There’s the 7-inch Google Nexus 7 and Kindle Fire HDX. Dell has a pair of 8-inch tablets, one running Android and the other running Windows 8.1. And there are plenty of iPad alternatives in the 8.9-inch-and-up form factor, including Microsoft’s Surface and Surface 2. If you’re happy with last year’s technology, the Kindle Fire HD and the original Surface are seriously discounted.
There are so many tablets, in fact, that manufacturers are falling over themselves to offer eye-popping discounts. Those Dell tablets, for example, have been offered for as little as $129 (Venue 8, Android) and $99 (Venue 8 Pro, Windows 8.1), and Amazon is aggressively comparing its $379 price tag on the Kindle Fire HDX 8.9 to the much pricier iPad Air.
Those prices are really good news for consumers, although it’s doubtful that any of the companies involved are making much of a profit at those prices. It’s even good news for business buyers, because many of these devices are perfectly capable of doing work as well as play.
— Ed Bott