Naked Security’s top 10 most popular stories of 2015


As 2015 passes into history, it’s fun to look back and ask: what did we learn?

We’ve already looked at some of the weirdest stories of 2015, and previewed 2016 with a funny video parody of New Year’s resolutions from end users.

But which stories got the most eyeballs, and what does that say about our readers’ biggest interests and concerns?

Here they are – the top 10 most popular stories on Naked Security in 2015, ranked in reverse order for dramatic effect!

10. The Siri-ous bug in iOS 9 that could have spilled selfies and contacts.

Siri is a convenient and fun tool for voice-activated web searching and much more, but she can also present a security risk.

Back in September 2015, a bug hunter discovered a way to exploit Siri from the lock screen to access contacts and stored photos. The bug affected all iDevices running iOS 9 and 9.0.1.

Although Apple fixed Siri’s security flaw in iOS 9.0.2, our advice still stands: reduce the possibility of future hacks by turning off Siri on the lock screen.

9. WhatsApp spy tool lets anyone track when you’re online.

In February 2015, a Dutch student created an online tool called WhatsSpy Public that could track any WhatsApp user, revealing when they are online. WhatsApp said this was a “feature” not a bug.

Facebook similarly dismissed privacy concerns when a Harvard student created a tool called Marauder’s Map, which tracked the location of contacts on Facebook Messenger.

Facebook subsequently changed its default location settings in Messenger, but it told the Harvard student he would no longer be invited to intern at Facebook because of how he publicized the privacy bug.

8. Facebook hoax claims Mark Zuckerberg is giving away millions to regular people.

We’re accustomed to seeing hoaxes, spam and scams spreading on the world’s most popular social network, but a recent Facebook viral post got a lot of attention from our readers.

After Facebook’s Mark Zuckerberg and his wife, Priscilla Chan, pledged to donate 99% of their wealth to a foundation they established, a hoax spread like wildfire claiming that Zuckerberg would be giving away some of the estimated $45 billion in stock to regular people on Facebook.

All you had to do, the hoax claimed, was copy and paste the post in your own feed (and spread the hoax even further to your own contacts). It was all nonsense. If it sounds too good to be true, it most certainly is.

7. What you sound like to a Sysadmin.

Lots of Naked Security readers are IT professionals, whose dedication we like to celebrate on occasions like SysAdmin Day.

We honored IT pros with one of our most popular posts this year, in which we parodied all of the frustrating things that users say.

We know how easy it is to get frustrated with IT – but just think how frustrating it must be from the other side of the support desk!

6. The Stagefright hole in Android.

One of the biggest security vulnerability stories of the year was a bug in Android known as Stagefright.

This bug could have allowed criminals to use booby trapped files or malicious MMS messages to install malware automatically on your Android device.

Stagefright, and another widespread Android vulnerability called OCtoRuTA, once again highlighted the difficulties of securing billions of Android devices from various vendors and carriers, all running their own variations of the operating system and patching security bugs on their own schedules.

5. Twitter troll fired and another suspended when Curt Schilling names and shames them.

Handling cyberbullies and trolls on social media is a difficult proposition. Do you ignore them? Block them? Report them?

Social media companies like Twitter and Reddit have made many failed attempts at cracking down on bullies.

Ex-baseball star Curt Schilling got results by naming and shaming trolls who went after his daughter – at least one of the trolls got fired from his job, and many more quickly turned apologetic when they were exposed on Schilling’s website.

4. Siri 9/11 “joke” is no laughing matter for police.

Some viral posts spread this year telling people to ask Siri about “9/11” (the shorthand for the 11 September 2001 terrorist attacks) and see what she says.

The posts didn’t warn people that Siri would recognize someone saying “nine-eleven” just the same as someone saying “nine-one-one” (9-1-1), the number for emergency services, and place a call to 911.

Some joke! Bogus calls to 911 tie up emergency services staff and may prevent someone in dire need from getting help.

3. Memex – DARPA’s search engine for the Dark Web.

The areas of the internet beyond the reach of most browsers and search engines is called the Dark Web for good reason. But this year we’re seeing a little more light shed on it, thanks to search tools developed specially for these nether-regions of the web.

We reported that the US government research body known as DARPA had developed a set of search tools called Memex, designed for law enforcement and intelligence agencies to probe the Dark Web.

This year, DARPA made Memex available for anyone to use.

2., a search engine bringing the Dark Web into the light.

A Dark Web search engine called Onion City became available this year, allowing people to browse to .onion sites on the Tor network using a normal web browser.

Onion City isn’t a secure or private way to use the Dark Web, but it does make it a lot easier.

The Dark Web is fascinating because it is often used for nefarious purposes, but hidden services like Tor can also be used for good, such by activists and journalists seeking protection and anonymity to bring corruption and abuses of power to light.

1. Man named as a “Creep” in Facebook viral post was just a dad taking a selfie with Darth Vader.

Our top story of the year, with more than 1 million views in just two days, once again showed the dangerous power of misinformation spread on social media.

As we reported, a concerned mother who thought a strange man was taking pictures of her kids went a little too far when she shared a photo of the man on Facebook, calling him a “creep” and a danger to children. Her post went viral, and the man was eventually recognized by the photo, leading to death threats against him.

Yet the accused “creep” was himself a father of three kids who was merely taking a “selfie” picture with a cardboard cutout of Darth Vader to show his own children.

Happy New Year from us at Naked Security, and may your 2016 be a safe and secure one.


(No video? Watch on YouTube.)

Image of Top 10 courtesy of