Hugh Pickens writes "The Register reports that experts from some 30 organizations worldwide have compiled 2010's list of the 25 most dangerous programming errors along with a novel way to prevent them: by drafting contracts that hold developers responsible when bugs creep into applications. The 25 flaws are the cause of almost every major cyber attack in recent history, including the ones that recently struck Google and 33 other large companies, as well as breaches suffered by military systems and millions of small business and home users. The top 25 entries are prioritized using inputs from over 20 different organizations, who evaluated each weakness based on prevalence and importance. Interestingly enough the classic buffer overflow ranked 3rd in the list while Cross-site Scripting and SQL Injection are considered the 1-2 punch of security weaknesses in 2010. Security experts say business customers have the means to foster safer products by demanding that vendors follow common-sense safety measures such as verifying that all team members successfully clear a background investigation and be trained in secure programming techniques. 'As a customer, you have the power to influence vendors to provide more secure products by letting them know that security is important to you,' the introduction to the list states and includes a draft contract with the terms customers should request to enable buyers of custom software to make code writers responsible for checking the code and for fixing security flaws before software is delivered."

seek3r sends news of a recent test of six web application security scanning products, in which the scanners missed an average of 49% of the vulnerabilities known to be on the test sites. Here is a PDF of the report. The irony is that the test pitted each scanner against the public test files of all the scanners. This reader adds, "Is it any wonder that being PCI compliant is meaningless from a security point of view? You can perform a Web app scan, check the box on your PCI audit, and still have the security posture of Swiss cheese on your Web app!" "NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating, with Hailstorm having the second best rating of 62%, but only after extensive training by an expert. Appscan had the second best 'Point and Shoot' rating of 55% and the rest averaged 39%."

A new company, True#, is seeking to bring extensive semantic context to numbers to give them obvious meanings just as certain words have obvious meanings to most readers. "Most of us can probably recognize 3.14159 and the conceptual baggage it carries, but how many of us would recognize 58.44? (That's a mole of sodium chloride, in grams, for the curious.) And the response that would work for words — look it up — doesn't work so conveniently for numbers. Only one of the top-10 hits in Google refers to salt, and Bing fails entirely (though it does offer 'Women's Sexy Mini Skirts by VENUS'). Clearly, we haven't figured out how to make the Web work for numbers in the same way it does for words."

destinyland writes "After 13 years, the creator of the Noble Ape cognitive simulation says he's learned two things about artificial intelligence. 'Survival is a far better metric of intelligence than replicating human intelligence,' and "There are a number of examples of vastly more intelligent systems (in terms of survival) than human intelligence." Both Apple and Intel have used his simulation as a processor metric, but now Tom Barbalet argues its insights could be broadly applied to real life. His examples of durable non-human systems? The legal system, the health care system, and even the internet, where individual humans are simply the 'passive maintaining agents,' and the systems can't be conquered without a human onslaught that's several magnitudes larger."

SydShamino writes "Researchers at the University of Rochester Medical Center have found that the dye used in blue M&Ms and other foods can, when given intravenously to a lab rat shortly after a spinal injury, minimize secondary damage caused by the body when it kills off nearby healthy cells. The dye is called BBG or Brilliant Blue G. Given that 85% of spinal injury patients are currently untreated (and some doctors don't trust the treatment given to the other 15%), a relatively safe treatment like this could help preserve some function for thousands of patients. The best part is that in lab rats the subjects given the treatment turn blue." The researchers are "pulling together an application to be lodged with the FDA to stage the first clinical trials of BBG on human patients."

NewYorkCountryLawyer writes "In what could be a turning point in the RIAA's litigation campaign, a Michigan judge has decided to appoint pro bono counsel to represent college student Brittany Kruger, who is being sued by the RIAA in SONY BMG Music Entertainment v. Kruger. As this article points out, 'if other judges follow suit, things will change dramatically.' That is because the RIAA's entire litigation campaign is based upon economic inequality of the litigants: almost none of those sued by the RIAA can afford legal representation, and the RIAA has a huge economic incentive to fight cases to the death, while the defendants have no economic incentive greater than the 'settlement' amount, which they often pay even when entirely innocent. If the courts follow the lead of District Judge Timothy P. Greeley [PDF], and appoint pro bono legal counsel, the RIAA will no longer be able to achieve the easy pickings default judgments and 'settlements' it's routinely obtained in the past."

SciGuy writes "I am a physics teacher for 9th graders. I really want to teach them modern electronics (something beyond the light bulb and battery). My hope is for a project that: 1) Is fun 2) Teaches about circuits that are relevant to their life. 3) Doesn't rely too heavily on a black box microcontroller. Individual components would probably be better. (I realize that #2 and #3 are probably contradictory. They will already be programming in my class but I want them to understand the circuitry behind modern tech.) 4) It must be as cheap as possible. Yay, public school. Unless some of the parts can be scrounged or found at home, I would probably want to keep the project around $5." What would you build?

Hugh Pickens writes "Wired reports that as neural devices become more complicated — and go wireless — some scientists say the risks of 'brain hacking' should be taken seriously. '"Neural devices are innovating at an extremely rapid rate and hold tremendous promise for the future," said computer security expert Tadayoshi Kohno of the University of Washington. "But if we don't start paying attention to security, we're worried that we might find ourselves in five or 10 years saying we've made a big mistake."' For example, the next generation of implantable devices to control prosthetic limbs will likely include wireless controls that allow physicians to remotely adjust settings on the machine. If neural engineers don't build in security features such as encryption and access control, an attacker could hijack the device and take over the robotic limb." Relatedly, several users have written to tell us that science may be closer to the science fiction "mind wipe" than previously thought. Put this all together and I welcome the next step in social networking; letting the cloud drive my limbs around town via a live webcam and then wiping the memory from my brain. Who has MyLimb.com parked and is willing to deal?

Baxil writes "For years now, Javascript munging has been a useful tool to share email addresses on the Web without exposing them to spammers. However, Google is now apparently evaluating Javascript when assembling summary text for web pages' listings, and publishing the un-munged email addresses to the world; and spammers have started to take advantage of this kind service." Anyone else seen this affecting their carefully protected email addresses?

Michael J. Ross writes "Among the more popular and better-regarded content management systems (CMSs), Drupal is distinguished partly by its building-block approach, in which a website's functionality is built up in pieces, each of which is a module (either core or contributed). The opposite approach — using far fewer but more encompassing modules — is generally preferred by non-developers who do not relish integrating a sizable collection of modules or trying to modify the underlying code. Nonetheless, anyone who wishes to build a Drupal-based social website, can learn how to do so in a new e-book titled Drupal 6: Ultimate Community Site Guide." Read below for the rest of Michael's review.

An anonymous reader writes "Twitter's been hit by a big phishing scam. Culture Crash blogger Dan Tynan says this is the end of Twitter's innocence. Will tweets become like email, with two out of every three just worthless spam?"

It seems that some athletes are turning to the little blue pill to get a competitive edge. Authorities say Viagra has gained a following among certain athletes in the hopes that it will give them a performance boost. Some preliminary studies have shown that cyclists taking Viagra improved their performances by up to 40 percent but more research has to be done. Whether or not Viagra will make you stronger or faster still seems to be up for debate, what is certain however is its devastating effects on hurdle running.

ribuck writes "Equipment powering the internet accounts for 9.4% of electricity demand in the U.S., and 5.3% of global demand, according to research by David Sarokin at online pay-for-answers service Uclue. Worldwide, that's 868 billion kilowatt-hours per year. The total includes the energy used by desktop computers and monitors (which makes up two-thirds of the total), plus other energy sinks including modems, routers, data processing equipment and cooling equipment."

jdelator writes to mention ComputerWorld is reporting that Microsoft's Windows Vista has increased their market share steadily every month while their main opponent, Mac OS X, has remained essentially flat. "According to Net Applications, in June Windows Vista accounted for 4.52% of all systems that browsed the Web, up from January's 0.18%. Vista has grown its usage share each month since its release to consumers Jan. 30, hitting 0.93% in February, 2.04% in March, 3.02% in April and 3.74% in May. Apple Inc.'s Mac OS X, meanwhile, accounted for 6.22% in January and hit its high point of 6.46% in May, but it slipped back to 6% in June. If Vista's uptake trend continues, it should pass Mac OS X in Web usage share by the end of August."