Microsoft Develops Toilet With Wireless Internet Access

[sassa]

Microsoft develops toilet with wireless Internet access

SEATTLE (May 7, 2003 8:30 a.m. EDT) - Software titan Microsoft announced Tuesday that its renowned technology had finally gone into the toilet.

"This is not a joke," Microsoft spokesman, Brian Peterson assured AFP of the high-tech firm's plans to replace the traditional newspaper as reading material in the "small room" with state-of-the-art wireless Internet access.

The new innovation developed by Microsoft's MSN U.K. division and dubbed the iLoo, is a portable toilet with an extensible, height-adjustable plasma screen, wireless keyboard and six channel surround sound speaker system.

The seated user can send and receive e-mails, shop on the Internet or even download music in his or her down time.

Those standing in line for the facility will be able to make use of an external "Hotmail station with a waterproof keyboard and plasma screen that will let them surf the Internet while waiting."

"It'll give them a chance to do something useful while they queue up," Peterson said.

Tracy Blacher, Marketing Manager at MSN said the firm was still exploring other means of bringing flashy technology into the bathroom.

"We are looking at vacuum powered options and the very latest broadband enabled technology to ensure the best loo-surfing experience," she said in a statement.

To complement its latest gambit, MSN is also in talks with toilet paper manufacturers to produce special paper with Web addresses that will be inspirational for surfers, according to British-based Blacher.

The toilet reading of newspapers and magazines could become obsolete if the digital minded public buys this concept, she said.

"The Internet¹s so much a part of everyday life now that surfing on the loo was the next natural step ... It's exciting to think that the smallest room can now be the gateway to the massive virtual world," she said.

The iLoo will be mobile and is part of MSN's mission to allow instant logging on "anytime and any place." It will first become available in Britain for the summer festival season later this year.

[sassa]

Microsoft admits Passport had security flaw

By TED BRIDIS, Associated Press

WASHINGTON (May 8, 2003 1:36 p.m. EDT) - A computer researcher in Pakistan discovered how to breach Microsoft Corp.'s security procedures for its popular Internet Passport service, designed to protect customers visiting some retail Web sites, sending e-mails and in some cases making credit-card purchases.

Microsoft acknowledged the flaw affected all its 200 million Passport accounts but said it fixed the problem early Thursday, after details were published on the Internet. Product Manager Adam Sohn said the company was unaware of hackers actually hijacking anyone's Passport account, but several experts said they successfully tested the procedure overnight.

In theory, Microsoft could face a staggering fine by U.S. regulators of up to $2.2 trillion. Under a settlement with the Federal Trade Commission last year over lapsed Passport security, Microsoft pledged to take reasonable safeguards to protect personal consumer information during the next two decades or risk fines up to $11,000 per violation.

The FTC said it was investigating this latest lapse. The agency's assistant director for financial practices, Jessica Rich, said Thursday that each vulnerable account could constitute a separate violation - raising the maximum fine that could be assessed against Microsoft to $2.2 trillion.

"If we were to find that they didn't take reasonable safeguards to protect the information, that could be an order violation," Rich said.

The researcher, Muhammad Faisal Rauf Danka, determined that by typing a specific Web address that included the phrase "emailpwdreset," he could seize any person's Passport account and change the password associated with it.

Danka, who described himself as a private security consultant, said he discovered the flaw after Passport accounts belonging to him and a friend both were hijacked repeatedly. He made certain no one had hacked his own computer, then checked the security for the Microsoft Web site that controlled Passport accounts.

Danka said he discovered the vulnerability about four minutes after he began searching in earnest.

"It was so simple to do it. It shouldn't have been so simple," Danka told The Associated Press in a telephone interview from Karachi. "Anyone could have done this."

Sohn acknowledged Microsoft should have been rejecting such transmissions from anywhere outside the company's own network. Microsoft shut down the affected Web address late Wednesday night, more than one hour after details were published on the Internet. Those filters were permanently set in place early Thursday, Sohn said.

"We didn't validate the input," Sohn said. "We allowed somebody external to do something only the system itself should be doing. Somebody plumbed around ... and figured out they could do this."

Services such as Passport promise consumers a single, convenient method for identifying themselves across different Web sites, encouraging convenient purchases online of movies, music, travel and banking services.

Passport, which is closely tied to Microsoft's flagship Windows XP software, is integral to its most important upcoming technology services. Dozens of retail Web sites use it already, and Passport controls access for Windows users to the free Hotmail service and instant-messaging accounts.

Using Passport, consumers could entrust Microsoft or other organizations to centrally hold their personal information - such as credit card numbers or medical records - and make it available whenever needed.

The FTC last year determined that Microsoft made deceptive claims and misrepresented the security surrounding the design and use of Passport. The FTC found that Microsoft exaggerated promises about its safety.

"The FTC needs to investigate and aggressively enforce the settlement," said David Sobel, a lawyer for the Washington-based Electronic Privacy Information Center. "It's an important test of the government's ability to ensure real security in the handling of personal information. There needs to be consequences for security flaws."

Sobel's privacy group was among those that had made formal complaints about Passport, which led to the FTC settlement.

"If the passport office of any nation in the world had a security record like Microsoft's, no immigration officer would accept their passports," said Jason Catlett, head of Junkbusters Corp., a New Jersey-based privacy organization that also had complained to the FTC.