×
Bug

Submission + - Microsoft patches major Hotmail 0-day flaw after widespread exploitation (arstechnica.com)

Submitted by suraj.sun
suraj.sun writes: Microsoft quietly fixed a flaw in Hotmail's password reset system that allowed anyone to reset the password of any Hotmail account last Friday. The company was notified of the flaw, by researchers at Vulnerability Lab, on April 20th and responded with a fix within hours—but not until after widespread attacks, with the bug apparently spreading "like wild fire" in the hacking community.

Hotmail's password reset system uses a token system to ensure that only the account holder can reset their password — a link with the token is sent to an account linked to the Hotmail account — and clicking the link lets the account owner reset their password. However, the validation of these tokens isn't handled properly by Hotmail, allowing attackers to reset passwords of any account.

Initially hackers were offering to crack accounts for $20 a throw. However, the technique became publicly known and started to spread rapidly with Web and YouTube tutorials showing the technique popping up across the Arabic-speaking Internet.
Medicine

Submission + - Bionic eye patient tests planned for 2013 (techworld.com.au)

Submitted by
angry tapir
angry tapir writes: "Australian researchers are getting ready to test a bionic eye on patients in 2013. The eye consists of 98 electrodes that stimulate nerve cells in the retina, which is a tissue lining the back of the eye that converts light into electrical impulses necessary for sight, and allow users to better differentiate between light and dark. With the bionic eye, images taken by a camera are processed in an external unit, such as a smartphone, then relayed to the implant’s chip. This stimulates the retina by sending electric signals along the optic nerve into the brain where they are decoded as vision."
Privacy

Submission + - House Passes CISPA (wired.com)

Submitted by wiedzmin
wiedzmin writes: The House approved Cyber Intelligence Sharing and Protection Act with a 248 to 168 vote today. CISPA allows internet service providers to share Internet "threat" information with government agencies, including DHS and NSA, without having to protect any personally identifying data of its customers, without a court order. It effectively immunizes ISPs from privacy lawsuits for disclosing customer information, grants them anti-trust protection on colluding on cybersecurity issues and allows them to bypass privacy laws when sharing data with each other.
Mars

Submission + - BOLD plan to find Mars life for cheap (tech-stew.com)

Submitted by
techfun89
techfun89 writes: "There is a BOLD new plan for detecting signs of microbial life on Mars. The nickname is BOLD, which stands for Biological Oxidant and Life Detection Initiative, would be a follow-up to the 1976 Mars Viking life-detection experiments.

"We have much better technology that we could use," says BOLD lead scientist Dirk Schulze-Makuch, with Washington State University. He elaborates, "Our idea is to make a relatively cheap mission and go more directly to characterize and solve the big question about the soil properties on Mars and life detection."

To help figure out the life-detection mystery, Schulze-Makuch and his colleagues would fly a set of six pyramid-shaped probes that would crash land, pointy end down, so they embed themselves four to eight inches into the soil. One of the instruments includes a sensor that can detect a single molecule of DNA or other nucleotide."
Intel

Submission + - Intel acquires Cray Inc. (patexia.com) 1

Submitted by
ericjones12398
ericjones12398 writes: "Intel recently acquires supercomputing leader Cray Inc. to acquire certain assets related to its high-performance computing (HPC) interconnect program. This acquisition indicates an Intel's increasing interest in supercomputing and overcoming the exaflop barrier."
Biotech

Submission + - Unintended Consequences of the Prometheus Decision (patentlyo.com)

Submitted by Anonymous Coward
An anonymous reader writes: In the case Mayo v. Prometheus recently covered on Slashdot, the Supreme Court ruled that patents 'based on laws of nature' are not valid. In a scathing 5 part series San Francisco IP Lawyer Robert R. Sachs attacks both the reasoning and the prose of the Supreme Court opinion. As evidence of the decision's potency, several patents have already been invalidated by the Prometheus decision in the month since it came out. For my personal take, I am a graduate student doing biomedical research. After finding a new compound allowing early diagnosis of a disease where the only diagnostic test is symptomatic, I was advised by our legal counsel not to attempt patenting the compound until further court rulings clarify Prometheus. As a result, my compound may never see publication. At the very least my publication will be delayed significantly. It seems that if Prometheus is applied broadly, the only way to profit off of these sort of discoveries will be through trade secrets: a major step backwards for scientific progress.
Facebook

Submission + - Facebook Hacker On 'What Really Happened' (itworld.com)

Submitted by
itwbennett
itwbennett writes: "Glenn Mangham wants you to know that despite stealing Facebook's source code, he's 'one of the good guys.' You see, he could have annihilated Facebook, but chose not to. 'I had the source code for just over three weeks with absolutely nothing to prevent me from making copies and redistributing it, this was more than enough time to have caused significant damage to Facebook or to find a buyer, if that had ever actually been my intention but quite clearly it was not," Mangham wrote in a blog post."
Intel

Submission + - Ivy Bridge running hotter than Intel's last-gen CPU (techreport.com) 1

Submitted by crookedvulture
crookedvulture writes: The launch of Intel's Ivy Bridge CPUs made headlines earlier this week, but the next-gen processor's story is still being told. When overclocked, Ivy Bridge runs as much as 20C hotter than its Sandy Bridge predecessor at the same speed, despite the fact that the two chips have comparable power consumption. There are several reasons for these toasty tendencies. The new 22-nm process used to fabricate the CPU produces a smaller die with less surface area to dissipate heat. Intel has changed the thermal interface material between the CPU die and its heat spreader. Ivy also requires a much bigger step up in voltage to hit the same speeds as Sandy Bridge. Looks like serious overclockers are better off sticking with Intel's last-generation chips.
Government

Submission + - British Gov't Study Finds Personal Data on Resold Drives (computerworld.com)

Submitted by Lucas123
Lucas123 writes: A newly published study by Britain’s data protection regulatory agency found that more than one in 10 second-hand hard drives being sold online contain recoverable personal information from the original owner. “Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered,” Britain’s Information Commissioner, Christopher Graham, said in a statement. In all, the research found 34,000 files containing personal or corporate information were recovered from the devices. Along with the study, a survey revealed that 65% of people hand down their old PC, laptop and cell phones to others. One in ten of those people who disposed of their old devices, left all their data on them. The British government also offered new guidelines for ensuring devices are properly wiped of data.
Databases

Submission + - Critical Vuln Found In All Current Oracle DB Servers (threatpost.com)

Submitted by
chicksdaddy
chicksdaddy writes: "There's a critical remotely exploitable vulnerability in all of the current versions of the Oracle database server that can enable an attacker to intercept traffic and execute arbitrary commands on the server. The bug, which Oracle reported as fixed in the most recent Critical Patch Update, is only fixed in upcoming versions of the database, not in currently shipping releases, and there is publicly available proof-of-concept exploit code circulating.

The vulnerability lies in the TNS Listener service, which on Oracle databases functions as the service that routes connection requests from clients to the server itself. A researcher named Joxean Koret said that he discovered the vulnerability several years ago and then sold the details of the bug to a third party broker, who reported it to Oracle in 2008. Oracle credited Koret for reporting the bug in its April CPU, but Koret said in a post on the Full Disclosure mailing list this week that the flaw was not actually fixed in the current versions of the Oracle database server."
NASA

Submission + - Notion of extraterrestrial life more whimsical than factual? (networkworld.com)

Submitted by
coondoggie
coondoggie writes: "Princeton University researchers are throwing some cold water on the hot notion that astrobiologists and other scientists expect to one day find life on other planets. Recent discoveries of planets similar to Earth in size and proximity to the planets' respective suns have sparked scientific and public excitement about the possibility of also finding Earth-like life on those worlds, but the expectation that life — from bacteria to sentient beings — has or will develop on other planets as on Earth might be based more on optimism than scientific evidence..."
Science

Submission + - MIT Researchers Find a Way to Make Glass that's Anti-fogging, Self-cleaning and (scienceworldreport.com)

Submitted by Anonymous Coward
An anonymous reader writes: One of the most instantly recognizable features of glass is the way it reflects light. But a new way of creating surface textures on glass, developed by researchers at MIT, virtually eliminates reflections, producing glass that is almost unrecognizable because of its absence of glare — and whose surface causes water droplets to bounce right off, like tiny rubber balls.
Network

Submission + - The 3D Printing Network (3DPN) has been established under the wings of FSFE (fsfe.org)

Submitted by Anonymous Coward
An anonymous reader writes: The 3D Printing Network (3DPN) is a neutral, non-partisan, public network of 3D printing professionals facilitated by FSFE. 3DPN is an open source driven network, which enables co-operation among multiple companies and a volunteer community. One goal is to develop future 3D printing related solutions such as a 3D Printing management platform. 3DPN aims to engage all existing 3D printer manufacturers and software developers in the project, both open and closed source, and gather the broad 3D printing open source community under one brand.

The network will reside within the Free Software Foundation Europe and will be governed by a Technical Steering Group. The Technical Steering Group is the primary decision-making body for the open source project, with a focus on platform development and delivery, along with the formation of working groups to support different 3D manufacturing devices and software.

The 3D Printing Network has been formed to guide the industry role of 3D printing, including gathering of requirements, identification and facilitation of service models, and overall industry marketing and education. The platform will provide a robust and flexible environment to utilize 3D printing in variable environments and to fit different needs such as product development and prototyping, unique model manufacturing, and other industries. The platform integrates several different 3D printers from various vendors.
Google

Submission + - Trimble to acquire Google SketchUp (blogspot.ca)

Submitted by
yoink!
yoink! writes: "It looks like Google is selling off SketchUp or, conversely, Trimble is acquiring it. Despite several indications there will continue to be a free version of the 3D modelling software, users are unsure about what this will mean for the SketchUp community at large as indicated by the comments on the official Google SketchUp Blog post. They are, however, rejoicing that they will be freed from Groups for SketckUp discussions."
Government

Submission + - CISPA Bill Obliterates Privacy Laws with Blank Check of Privacy Invasion (hothardware.com)

Submitted by
MojoKid
MojoKid writes: "At present, the government's ability to share data on its citizens is fairly restricted, insomuch as the various agencies must demonstrate cause and need. This has created a somewhat byzantine network of guidelines and laws that must be followed — a morass of red tape that CISPA is intended to cut through. One of the bill's key passages is a provision that gives private companies the right to share cybersecurity data with each other and with the government "notwithstanding any other provision of law." The problem with this sort of blank check clause is that, even if the people who write the law have only good intentions, it provides substantial legal cover to others who might not. Further, the core problem with most of the proposed amendments to the bill thus far isn't that they don't provide necessary protections, it's that they seek to bind the length of time the government can keep the data it gathers, or the sorts of people it can't collect data on, rather than protecting citizens as a whole. One proposed amendment, for example, would make it illegal to monitor protestors — but not other groups. It's not hard to see how those seeking to abuse the law could find a workaround — a "protestor" is just a quick arrest away from being considered a "possible criminal risk.""
Security

Submission + - Apple Planning to Build Private Restaurant (cnet.com)

Submitted by
a90Tj2P7
a90Tj2P7 writes: "Chris Matyszczyk reports on CNET that Apple is building a 21,468 square foot private restaurant in Cupertino. Apple's director of real estate facilities, Dan Wisenhunt, stated that "We like to provide a level of security so that people and employees can feel comfortable talking about their business, their research and whatever project they're engineering without fear of competition sort of overhearing their conversations.""
Facebook

Submission + - NY Times: Microsoft Tried to Unload Bing on Facebook (nytimes.com)

Submitted by
benfrog
benfrog writes: "According to a blog posting on the New York Times site, Microsoft tried to sell the perpetual money-losing Bing to Facebook "over a year ago" (the article cites "several people with knowledge of the discussions who didn’t want to be identified talking about internal deliberations"). Steve Ballmer, apparently, was not involved or consulted. Facebook politely declined. Neither Microsoft or Facebook would comment on the rumors."
Space

Submission + - Sun's Twin Discovered -- the Perfect SETI Target? (discovery.com) 1

Submitted by
astroengine
astroengine writes: "There are 10 billion stars in the Milky Way galaxy that are the same size as our sun. Therefore it should come as no surprise that astronomers have identified a clone to our sun lying only 200 light-years away. Still, it is fascinating to imagine a yellow dwarf that is exactly the same mass, temperature and chemical composition as our nearest star. In a recent paper reporting on observations of the star — called HP 56948 — astronomer Jorge Melendez of the University of San Paulo, Brazil, calls it "the best solar twin known to date." The star has very similar chemical ratio to our sun, so using HP 56948 as a SETI target seems like a logical step, says Melendez."

Slashdot Top Deals