suraj.sun writes "Microsoft quietly fixed a flaw in Hotmail's password reset system that allowed anyone to reset the password of any Hotmail account last Friday. The company was notified of the flaw by researchers at Vulnerability Lab on April 20th and responded with a fix within hours — but not until after widespread attacks, with the bug apparently spreading 'like wild fire' in the hacking community. Hotmail's password reset system uses a token system to ensure that only the account holder can reset their password — a link with the token is sent to an account linked to the Hotmail account — and clicking the link lets the account owner reset their password. However, the validation of these tokens isn't handled properly by Hotmail, allowing attackers to reset passwords of any account. Initially hackers were offering to crack accounts for $20 a throw. However, the technique became publicly known and started to spread rapidly with Web and YouTube tutorials showing the technique popping up across the Arabic-speaking Internet."

judgecorp writes "The UK government's consultation about the use of open source in public sector IT has been sent back to square one, with discussion results scrapped because the facilitator, Andy Hopkirk, is involved with Microsoft. Hopkirk is well regarded, but the open source community feels the debate dismissed RF (royalty free) standards in favor of the FRAND definition, which is more favorable to proprietary vendors."

judgecorp writes "Although ISPs protests failed to stop Britain's Digital Economy Act — which applies measures against illegal file sharing — they have succeeded in delaying it till 2014. As a result of the appeal a new impact assessment has to be carried out secondary legislation needs to be approved."

MrSeb writes "When we think of computer networks, we think of routers and servers and fiber optic cables and laptops and smartphones — we think of the internet. In actuality, though, the visible internet is just the tip of the iceberg. There are secret military networks, and ad hoc wireless networks, and utility companies have sprawling, cellular networks that track everything from the health of oil pipelines and uranium enrichment machines through to the remaining capacity of septic tanks — and much, much more. What if we connected all of these networks to the internet, to form an internet of things? What if we then put a massive computer at the middle of this internet of things and used this wealth of data to power smart cars, smart homes, smart supermarkets, and smart cities? Unsurprisingly, IBM and Cisco are already working on such smart cities. For nearly two years, Rio de Janeiro's utilities, traffic systems, and emergency services has been managed by a single 'Ops Center,' a huge hub of technologies provided by both IBM and Cisco. With 300 LCD screens spread across 100 rooms, connected via 30,000 meters of fiber optic cable, Ops Center staff monitor live video from 450 cameras and three helicopters, and track the location of 10,000 buses and ambulances via GPS. Other screens output the current weather, and simulations of tomorrow's weather up to 150 miles from the city — and yet more screens display heatmaps of disease outbreaks, and the probability of natural disasters like landslides. There's even a Crisis Room, which links the Ops Center to Rio's mayor and Civil Defense departments via a Cisco telepresence suite. This sounds awesome — but is it really a good idea to give a computer company (IBM is not an urban planner!) so much control over one of the world's biggest cities?"

wiedzmin writes "The House approved Cyber Intelligence Sharing and Protection Act with a 248 to 168 vote today. CISPA allows internet service providers to share Internet 'threat' information with government agencies, including DHS and NSA, without having to protect any personally identifying data of its customers, without a court order. It effectively immunizes ISPs from privacy lawsuits for disclosing customer information, grants them anti-trust protection on colluding on cybersecurity issues and allows them to bypass privacy laws when sharing data with each other."

Lucas123 writes "A newly published study by Britain's data protection regulatory agency found that more than one in 10 second-hand hard drives being sold online contain recoverable personal information from the original owner. "Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered," Britain's Information Commissioner, Christopher Graham, said in a statement. In all, the research found 34,000 files containing personal or corporate information were recovered from the devices. Along with the study, a survey revealed that 65% of people hand down their old PC, laptop and cell phones to others. One in ten of those people who disposed of their old devices, left all their data on them. The British government also offered new guidelines for ensuring devices are properly wiped of data."

redletterdave writes "On Thursday, researchers at MIT announced a breakthrough in glass-making technology, which basically involves a new way to create surface textures on glass to eliminate all of the drawbacks of glass, including unwanted reflections and glare. The research team wanted to build glass that could be adaptable to any environment: Their 'multifunctional' glass is not only crystal clear, but it also causes water droplets to bounce right off its surface, 'like tiny rubber balls.' The glass is self-cleaning, anti-reflective, and superhydrophobic. The invention has countless applications, including TV screens, as well as smartphone and tablet displays that benefit from the self-cleaning ability of the glass by resisting moisture and contamination by sweat."

First time accepted submitter ian_po writes "The U.S. Attorney's office has filed indictments against 7 people, including two Transportation Security Administration Screeners and two former TSA employees, after federal agents set up several smuggling sting operations. The alleged smuggling scheme was revealed after a suspected drug courier went to Terminal 5, where his flight was departing, instead of going through the Terminal 6 checkpoint his written instructions directed him to. Court documents indicate the plan was to return to Terminal 5 through a secure tunnel after being allowed through security by the accused Screener. The courier was caught with 10 pounds of cocaine at the other checkpoint by a different TSA agent. If convicted, the four TSA employees face a minimum of 10 years in Federal prison." If ten pounds of anything can get onto a plane by the simple expedient of bribery, please explain again why adult travelers, but not children, must remove their shoes as they stand massed in an unsecured part of a typical U.S. airport.

MojoKid writes "At present, the government's ability to share data on its citizens is fairly restricted, insomuch as the various agencies must demonstrate cause and need. This has created a somewhat byzantine network of guidelines and laws that must be followed — a morass of red tape that CISPA is intended to cut through. One of the bill's key passages is a provision that gives private companies the right to share cybersecurity data with each other and with the government 'notwithstanding any other provision of law.' The problem with this sort of blank check clause is that, even if the people who write the law have only good intentions, it provides substantial legal cover to others who might not. Further, the core problem with most of the proposed amendments to the bill thus far isn't that they don't provide necessary protections, it's that they seek to bind the length of time the government can keep the data it gathers, or the sorts of people it can't collect data on, rather than protecting citizens as a whole. One proposed amendment, for example, would make it illegal to monitor protesters — but not other groups. It's not hard to see how those seeking to abuse the law could find a workaround — a 'protester' is just a quick arrest away from being considered a 'possible criminal risk.'"

DJRumpy writes "Privacy advocates voiced strong concerns this week over how data stored on Google Drive may be used during and after customers are actively engaged in using the cloud service. While the TOS for Dropbox and Microsoft both state they will use your data only as far as is necessary to provide the service you have requested, Google goes a bit farther: 'Google's terms of use say: "You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours. When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content."'

benfrog writes "A German court has ruled that clients, not banks, are responsible for losses in phishing scams. The German Federal Court of Justice (the country's highest civil court) ruled in the case of a German retiree who lost €5,000 ($6,608) in a bank transfer fraudulently sent to Greece. According to The Local, a German news site, the man entered 10 transaction codes into a site designed to look like his bank's web site and his bank is not liable as it specifically warned against such phishing attacks."

First time accepted submitter casac8 writes "As Friday's House vote on CISPA nears, it appears Congress members are getting nervous. Literally millions of people around the world have signed petitions voicing their opposition, and it appears Congress has heard their concerns, as House members are considering a number of amendments aimed at limiting the negative impacts the legislation would have on Internet privacy. For instance, one amendment likely to pass would tighten the bill's language to ensure its provisions are only applied in the pursuit of legit crimes and other rare instances, rather than whenever the NSA wants to target Joe Web-user. And another would increase possible liability on the parts of companies who hand personal information over to the government."

ananyo writes "Ron Fouchier, a researcher at the Erasmus Medical Center in Rotterdam, the Netherlands, whose work on the H5N1 avian flu virus has been embroiled in controversy, has now agreed to apply for an export permit to submit his work to the journal Science. Fouchier's paper is one of two reporting the creation of forms of the H5N1 virus capable of spreading between mammals. The other, by Yoshihiro Kawaoka of the University of Wisconsin, Madison, and the University of Tokyo, and his colleagues, has already been submitted to Nature. Fouchier had said last week that he intended to defy the government and submit the work to Science without seeking the export permit that the Dutch government says is required." In related news, renek noted that the U.S. NIH director supports publishing the papers in full.

betterunixthanunix writes "Another remailer has been compromised by the FBI, who made a forensic image of the hard disk of a remailer located in Austria. The remailer operator has reissued the remailer keys, but warns that messages previously sent through the remailer could be decrypted. The operator also warns that law enforcement agents had an opportunity to install a back door, and that a complete rebuild of the system will take some time."

Sci-Fi author Charlie Stross was recently put in the position of offering his thoughts to book publisher Macmillan on why eBook DRM is a terrible thing — not just for consumers, but for publishers, too. He makes a strong case that the removal of DRM, while not an immediate financial boon, will strongly benefit publishers in years to come through increased goodwill from users, greater leverage against Amazon's near-monopoly on distribution, and better platform interoperability. "Within 5 years we will be seeing a radically different electronic landscape. Unlocking the readers' book collections will force Amazon and B&N and their future competitors to support migration (if they want to compete for each others' customers). So hopefully it will promote the transition from the near-monopoly we had before the agency model, via the oligopoly we have today, to a truly competitive retail market that also supports midlist sales." Users have been railing against DRM for years, but it appears the publishers are finally starting to listen.

An anonymous reader writes "It's been one year since Google's $700 million acquisition of ITA Software was approved by the U.S. Department of Justice after an antitrust review. So what does the search giant's strategy in online travel look like now? Google's Flight Search and Hotel Finder tools have met with mixed reviews in recent months, but a new bit of analysis argues that the future of travel is not about search, it's about data. More specifically, Google wants to make available everything from airfares and restaurant reviews to maps and transit schedules, throughout the entire travel process. And it wants to use travelers' online behavior to serve up better targeted ads and content across all of Google's sites and services."

CWmike writes "Google built a 'clean room' version of Java and did not use Sun's intellectual property, Google's executive chairman, Eric Schmidt, testified in court Tuesday. Schmidt said its use of Java in Android was 'legally correct.' On this day seven of the trial, Schmidt gave the jury a brief history of Java, describing its release as 'an almost religious moment.' He told the jury that Google had once hoped to partner with Sun to develop Android using Java, but that negotiations broke off because Google wanted Android to be open source, and Sun was unwilling to give up that much control over Java. Instead, Schmidt said, Google created the 'clean room' version of Java that didn't use Sun's protected code. Its engineers invented 'a completely different approach' to the way Java worked internally, Schmidt testified."

tlhIngan writes "This week is Motorola's lucky week; they've won twice in two separate patent suits. First, an ITC judge has ruled that Microsoft's Xbox 360 has violated 4 of 5 patents related to h.264. This is just a preliminary ruling (PDF) and both Microsoft and Motorola will face an ITC panel later this year. In the other case, the ITC judge has ruled Apple violates a 3G patent, one that a German court ruled that Apple didn't violate earlier this year. "

gManZboy writes "The vulnerability of wireless medical devices to hacking has now attracted attention in Washington. Although there has not yet been a high-profile case of such an attack, a proposal has surfaced that the Food and Drug Administration or another federal agency assess the security of medical devices before they're sold. A Department of Veterans Affairs study showed that between January 2009 and spring 2011, there were 173 incidents of medical devices being infected with malware. The VA has taken the threat seriously enough to use virtual local area networks to isolate some 50,000 devices. Recently, researchers from Purdue and Princeton Universities announced that they had built a prototype firewall known as MedMon to protect wireless medical devices from outside interference."

vvaduva writes "The North Carolina Board of Dietetics/Nutrition is threatening to send a blogger to jail for recounting publicly his battle against diabetes and encouraging others to follow his lifestyle... the state diatetics and nutrition board decided [Steve] Cooksey's blog — Diabetes-Warrior.net — violated state law. The nutritional advice Cooksey provides on the site amounts to 'practicing nutrition,' the board's director says, and in North Carolina that's something you need a license to do." If applied consistently, I think this would also clear out considerable space from the average bookstore's health section. (And it could be worse; he could have been offering manicures.)