Become a fan of Slashdot on Facebook


Forgot your password?

Selected Provisions: TPP, CETA, and TiSA Trade Agreements 34

While proponents suggest that international trade agreements increase economic prosperity, writes reader Dangerous_Minds, it's often hard to find much detail about their details. Here's an exception: Freezenet is offering an update to known provisions of the Trans-Pacific Partnership Agreement (TPP), the Comprehensive Economic and Trade Agreement (CETA), and the Trades in Services Agreement (TiSA). Among the findings are provisions permitting a three-strikes law and site blocking, multiple anti-circumvention laws, ISP liability, the search and seizure of personal devices to enforce copyright at the border, and an open door for ISP-level surveillance. Freezenet also offers a brief summary of what was found while admitting that provisions found in the Transatlantic Trade and Investment Partnership (TTIP) as it relates to digital rights remains elusive for the time being.
United States

US Bombs Hit Doctors Without Borders Hospital 336

Prune writes: According to multiple news sources, U.S. airstrikes partially destroyed a Doctors Without Borders (MSF) hospital in Afghanistan, killing at least nine staff members and at least 50 overall, including patients, and this after giving its coordinates to U.S. forces multiple times. I'm especially saddened to report this given I had become one of the supporters of this charity after recommendations from Slashdot members in a discussion about choosing charities to donate to a while back.

DHS Detains Mayor of Stockton, CA, Forces Him To Hand Over His Passwords 307

schwit1 writes: Anthony Silva, the mayor of Stockton, California, recently went to China for a mayor's conference. On his return to San Francisco airport he was detained by Homeland Security, and then had his two laptops and his mobile phone confiscated. They refused to show him any sort of warrant (of course) and then refused to let him leave until he agreed to hand over his password.

Comment Re:That ship has sailed, ads are dead. You killed (Score 1) 109

Even if it did... how are people using ad-blockers even going to find out?

Good point. I will find out because I use several computers and not all have ad-blocking. The ones I use more rarely do not. But that is likely not the typical situation, so most people will not find out. Still a boycott. If you look at what it gave it its name, Mr. Boycott finally had to leave the country because nobody did any business with him anymore. An end to it is not necessary for a boycott. Incidentally, Mr. Boycott seems to have had business practices about as despicable and repulsive as the ad industry.

Comment Re:"with a 2048 bit RSA key" (Score 1) 75

According to the actual blog-posting, the passwords are protected by bcrypt(). While they also say passwords are protected by an 2048 bit RSA-key, that is likely a mistake and refers only to credit card numbers, social security numbers and tax form information.

Still, you do never use production data on test-systems that are not specially isolated, i.e. far more so than the production systems. This will likely be one of the first thing the security firm that they have hired will tell them. Ideally, you would only test with synthetic data, but that has rather strong limits in practice. Hence you test everything with outside connectivity with synthetic data, test everything that needs real data with the machines completely isolated and hope that is enough. Of course you also make sure to be able to roll back after deployment and of course this costs more money and needs more competent engineers than just using production data on non-isolated test systems.

As usual, somebody needs to lose their job over this. I strongly recommend making it the person that _hired_ those that messed up or authorized this use of production data.

Comment Re:"with a 2048 bit RSA key" (Score 1) 75

The public does not know enough to understand what "hashed" means and even less so what bcrypt is. Hence this nonsensical talk about "encrypted" passwords. Nobody does that on server-side, not event those that have absolutely no clue.

Bcrypt means that if you have a reasonable password and they used a reasonable cost-factor, then it is secure. It also means that a good password remains secure regardless of cost-factor, but a good password is secure after a single, non-salted conventional crypto-hash.

Comment Re:That ship has sailed, ads are dead. You killed (Score 3, Insightful) 109

Could not agree more. I started looking into blocking only when the flashing and animation insanity started. Blocking was not a lot of effort, but suddenly I could find the web again under all that trash. Will keep blocking, unless they make all ads non-intrusive and they get the problem of malicious ads fixed effectively and permanently. As neither will be happening...


500 Million Users At Risk of Compromise Via Unpatched WinRAR Bug 129

An anonymous reader writes: A critical vulnerability has been found in the latest version of WinRAR, the popular file archiver and compressor utility for Windows, and can be exploited by remote attackers to compromise a machine on which the software is installed. "The issue is located in the 'Text and Icon' function of the 'Text to display in SFX window' module," Vulnerability Lab explained in a post on on the Full Disclosure mailing list. "Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise."

Going the speed of light is bad for your age.