Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Corporations triumph over people again (Score 1) 352

We see corporations go to great lengths to make sure their own data is protected by law and monetized but individual's personal data can be spied on and sold without consent or compensation. If I were to use my Internet connection to analyze my ISP's traffic I am an unauthorized hacker who could receive a prison sentence; my ISP on the other hand could profit by selling my location browser history to the highest bidder with no repercussions under this proposed law.

Being that corporations are entities defined by the State and gain all their power from the State let there be no doubt that the Republicans that support this bill value the power of the State over the individual, antithetical to their publicized platform of limited government and individual rights.

Comment Re:KeePass FTW! (Score 2) 123

Having to manually lookup the site in your manager, copy the password and paste it in the form is too cumbersome.

Right, so most users without an intergrated password manager will just use an easy-to-guess password.

LastPass isn't perfect, but as a system it improves overall web security to a large extent by enabling people to use very-high-entropy passwords.

People who want to copy and paste from Keepass (I do for very high security sites) should keep on doing that. But, for Pete's sake, I hope you're not using the totally insecure X11 clipboard.

Comment Re: Liability (Score 1, Troll) 490

Libertarians believe that companies that oppress users will fail in the marketplace.

Can you show me a libertarian who believes that corporations should be able to show up with guns to enforce "intellectual property" like governments do?

Hint: libertarians believe in none of: corporations, intellectual property, or initiation of force. Nice strawman though.

Comment Re:Why is this news? (Score 1) 156

Isn't this obvious?

You knew about the interaction between the front and rear hippocampus and the prefrontal cortex? Heck, why did the researchers bother doing the fMRI study rather than posting an Ask Slashdot?

I presume here you're not simply reacting to the clickbait headline - that would be unkind.

Comment Re:Maps technology is lost... (Score 2) 156

apparently looking pretty is far more important than having accurate data.

yeah, most people believe that. People figure if they put very little effort into ease-of-use (aka aesthetics) they probably put very little effort into accuracy. It's not true, but humans are the desired userbase and humans use such heuristics.

Everybody has been telling OSM that for a decade but they refuse to accept that reality, so the userbase remains small. It's a shame to cede the territory to Google.

Submission + - EFF needs your help to stop Congress dismantling Internet privacy protections! (eff.org)

Peter Eckersley writes: Last year the FCC passed rules forbidding ISPs (both mobile and landline) from using your personal data without your consent for purposes other than providing you Internet access. In other words, the rules prevent ISPs from turning your browsing history into a revenue stream to sell to marketers and advertisers. Unfortunately, members of Congress are scheming to dismantle those protections as early as this week. If they succeed, ISPs would be free to resume selling users' browsing histories, pre-loading phones with spyware, and generally doing all sorts of creepy things to your traffic.

The good news is, we can stop them. We especially need folks in the key states of Alaska, Colorado, Maine, Montana, Nevada, Ohio, and Pennsylvania to call their senators this week and tell them not to kill the FCC's Broadband Privacy Rules.

Together, we can stop Congress from undermining these crucial privacy protections.

Submission + - How the Internet Gave Mail-Order Brides the Power (backchannel.com)

mirandakatz writes: For decades, the mail-order bride system in the Philippines went something like this: Western men picked Filipinas out of catalogues, and the women had little to no information about the men they were agreeing to marry. The internet has changed all of that. As Meredith Talusan reports at Backchannel, technology has empowered Filipinas to be choosy about the Western men they pursue—and indeed, when it comes to online dating, they now hold much of the power. As Talusan writes, "in one sense, the leveling of dating power between Filipinas and Westerners is the fulfillment of the global internet’s promise to equalize relations between disparate places and people. Yet even as Filipinas and Westerners face off as equals online, the world of dating exposes the ultimate limitations of the web."

Submission + - SPAM: New hobby of PVS-Studio team: fixing potential vulnerabilities in open source

Andrey_Karpov writes: The topic of vulnerabilities detected in various open source projects is extremely popular nowadays. The news about that can be found on different sites (example: Adobe fixes 8 Security Vulnerabilities in Adobe Flash Player & Shockwave Player). However, it is of no use to discuss these vulnerabilities (CVE) from a programmers' point of view. It is more important to prevent these vulnerabilities at the stage of writing the code, rather than worry that some leak was found again. Therefore, the Common Weakness Enumeration list (CWE) is of greater interest to the developers.

This list (CWE) presents systematized errors that may cause vulnerabilities. There are different factors that influence the fact, if an error turns into a vulnerability or not. In other words, a defect sometimes can be exploited, and sometimes not, depending on luck.

What is significant, is that by eliminating the errors, given in CWE, a programmer protects the code from a great number of potential vulnerabilities in advance. Static analyzers can be great assistants in this case.

PVS-Studio has always been able to detect a large number of various weaknesses (potential vulnerabilities) in the program code. However, historically, we positioned PVS-Studio as a tool to search for errors. As I've already said, there is a trend in the software development to look for vulnerabilities in the code, although it's just the same. We started rebranding of our tool. Common Weakness Enumeration (CWE) was the first thing we looked at and wrote an article where provided a draft of a table, presenting the comparison of PVS-Studio diagnostics and CWE. We also demonstrated a couple of potential vulnerabilities in Apache HTTP Server.

That was not the end. We got interested in fixing potential vulnerabilities in various projects. Moreover, we decided to compile these small actions on making the world a better place, into small weekly reports. The first one covered the defects in C# projects (CoreFX, MSBuild).

The second would be interesting for the community of C and C++ programmers. It is about errors in such projects as FreeBSD, GCC, Clang.

Some may say that nor every project requires testing for the potential vulnerabilities from the CWE point of view. I agree. But it's useful to find bugs and fix them in any case. Plus it demonstrates that PVS-Studio can be used to look for security issues.

Submission + - Critical Cisco Flaw Found Buried in Vault 7 Documents

Trailrunner7 writes: Hundreds of models of Cisco switches are vulnerable to a remote-code execution bug in the company’s IOS software that can be exploited with a simple Telnet command. The vulnerability was uncovered by company researchers in the CIA hacking tool dump known as Vault 7.

The bug is a critical one and an attacker who is able to exploit it would be able to get complete control of a target device. The flaw lies in the Cluster Management Protocol (CMP) that’s used in IOS, and Cisco said it’s caused by the incorrect processing of CMP-specific Telnet options, as well as accepting and processing these commands from any Telnet connection.

“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device,” the Cisco advisory says.

Slashdot Top Deals

You mean you didn't *know* she was off making lots of little phone companies?

Working...