An anonymous reader writes: I live in the US. My physician uses a web site run by another company to maintain my health history and medical test results. I just changed my password and was shocked to see it emailed back to me in plain text. It seems to me that not following security best practices would be a violation of HIPAA, but IANAL. What are some ideas for correcting the situation? Given that their security is so messed up, who would even understand my complaint or take it seriously?
Hugh Pickens writes "The NY Times reports that German encryption expert Karsten Nohl says that he has deciphered and published the 21-year-old GSM algorithm, the secret code used to encrypt most of the world's digital mobile phone calls, in what he called an attempt to expose weaknesses in the security system used by about 3.5 billion of the 4.3 billion wireless connections across the globe. Others have cracked the A5/1 encryption technology used in GSM before, but their results have remained secret. 'This shows that existing GSM security is inadequate,' Nohl told about 600 people attending the Chaos Communication Congress. 'We are trying to push operators to adopt better security measures for mobile phone calls.' The GSM Association, the industry group based in London that devised the algorithm and represents wireless operators, called Mr. Nohl's efforts illegal and said they overstated the security threat to wireless calls. 'This is theoretically possible but practically unlikely,' says Claire Cranton, a GSM spokeswoman, noting that no one else had broken the code since its adoption. 'What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.' Simon Bransfield-Garth, the chief executive of Cellcrypt, says Nohl's efforts could put sophisticated mobile interception technology — limited to governments and intelligence agencies — within the reach of any reasonable well-funded criminal organization. 'This will reduce the time to break a GSM call from weeks to hours,' Bransfield-Garth says. 'We expect as this further develops it will be reduced to minutes.'"
BuzzSkyline writes "Researchers in Belgium have developed devices to harvest the waste heat our bodies throw off in order to convert it to electricity to run devices such as a wristband blood oxygen sensor and an electrocardiogram shirt. As a side benefit, the power sources help cool you down and keep you looking cool, all while running sundry micropower devices. In fact, the researchers mention that the energy harvesting head band works so well that it can get uncomfortably cold. In that case, they say, 'This problem is solved in exactly the same way as someone solves it on the body level in cold weather: a headgear should be worn on top of the system to limit the heat flow and make it comfortable.' But it would be such a shame to cover up the golden heat-harvesting headband with a hat."
Kensai7 writes "Recently, Facebook provided us with some information on their server park. They use about 30,000 servers, and not surprisingly, most of them are running PHP code to generate pages full of social info for their users. As they only say that 'the bulk' is running PHP, let's assume this to be 25,000 of the 30,000. If C++ would have been used instead of PHP, then 22,500 servers could be powered down (assuming a conservative ratio of 10 for the efficiency of C++ versus PHP code), or a reduction of 49,000 tons of CO2 per year. Of course, it is a bit unfair to isolate Facebook here. Their servers are only a tiny fraction of computers deployed world-wide that are interpreting PHP code."