Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - iPad in enterprise: Apple's game to lose

Toe, The writes: Barclays Capital analyst Ben Reitzes follows up on a conference call with Forrester Research by concluding that the iPad is “running far ahead of its tablet competition and its their game to lose." He also notes that Apple is the "½Â½Âoewinner in the consumerization of IT," with hoards of enterprise workers bringing their Apple devices into work. He predicts Apple will claim over 70% of 47 million tablets sold in 2011. Recently, Apple announced that over 80% of Fortune 100 are already deploying or testing the iPad.

Submission + - Android gets touch (haptic) feedback (i-programmer.info) 1

mikejuk writes: A new SDK bring touch feedback to the Android platform using standard hardware — the vibration motor. You can select touch themes like rubber ball, typewriter, butterfly and so on and application developers can use it to bring users closer to their creations.
The idea of achieving different feedback effects by modulating the vibration motor is clearly a fairly crude form of feedback, but it could be that custom vibrate "ringtones" are the next big thing.


Submission + - Nintendo 3DS launching on March 27 for $250

Sam writes: Nintendo executive Reggie Fil-Amie today revealed US availability and pricing for the Nintendo 3DS at an event in the Nintendo World store in New York City. The 3DS will launch on March 27, 2011 with a retail price of $250 and will be available in two flavors: Aqua Blue and Cosmo Black.

There will be roughly 30 games released between the launch day and E3 2011 (June 7 to June 9). These include Super Street Fighter IV 3D Edition, Resident Evil: The Mercenaries 3D, Madden NFL Football, The Sims 3, Pro Evolution Soccer 2011 3D, and LEGO Star Wars III: The Clone Wars. The device will have the same form-factor as the DSi and will be backwards compatible with both DS and DSi games. Users will also be able to download games via an online store, called the eShop.

In Europe, the 3DS will launch on March 25, 2011. While Europeans will get the device two days early, pricing is not good news. Nintendo held a second event in Amsterdam today and said that pricing would be left up to retailers. Retailers in the UK are reportedly planning a £229.99 ($367.64) price tag, while other European retailers are going with €249 ($336.00).

Submission + - Tech salaries remain flat 2 years running (networkworld.com)

jbrodkin writes: Tech workers pulled in an average of $79,384 last year, an increase of 0.7% over 2009. It was the "second straight year of nearly flat salaries," according to Dice.com, the online job site which surveyed nearly 20,000 tech pros in North America between Aug. 31 and Nov. 15. Silicon Valley is making a comeback, though, with average salaries approaching six figures. While overall tech salaries improved slightly, technology professionals just entering the field now can expect to make less than if they got their first jobs a few years ago. "For the second straight year, the average salaries of technology professionals with less than two years' experience have declined, and are six percent below their peak average wages in 2008," Dice said. Silicon Valley is a bright spot, with tech workers getting a 3% salary increase to $99,028, after a decline the previous year. Several fields within high-tech are offering average salaries in the six-figure range. Advanced business application programming, for example, clocks in at $105,887. But the most in-demand skills are Oracle; J2EE/Java; and C, C++, C#.
Book Reviews

Submission + - Book review of Computer Incident Response (amazon.com)

brothke writes: Untitled documentol{margin:0;padding:0}p{margin:0}.c1{line-height:1.15;text-indent:0pt;text-align:justify;direction:ltr}.c2{color:#000099;font-size:12pt;text-decoration:underline;font-family:Arial}.c3{line-height:1.15;text-indent:0pt;direction:ltr}.c0{color:#000000;font-size:12pt;font-family:Arial}.c5{background-color:#ffffff}.c4{font-style:italic}body{color:#000000;font-size:11pt;font-family:Arial}.heading1{font-size:24pt;font-weight:bold}.heading2{font-size:18pt;font-weight:bold}.heading3{font-size:14pt;font-weight:bold}.heading4{font-size:12pt;font-weight:bold}.heading5{font-size:11pt;font-weight:bold}.heading6{font-size:10pt;font-weight:bold}

When someone calls 911 in a panic to report an emergency, within seconds the dispatcher knows where the call is coming from, and help is often only moments away.

When it comes to computer security incidents, often companies are not as resilient in their ability to quickly respond. Take for instance the TJX Cos. data breach, where insecure wireless networks were compromised for months, revealing millions of personal records, before they were pinpointed and finally secured. Once made aware of the issue, it took TJX an additional few months until the situation was in completely in control and secured.

In Computer Incident Response and Product Security, author Damir Rajnovic provides the reader with an excellent and practical guide to the fundamentals of building and running a security incident response team. The book is focused on getting the reader up to speed as quick as possible and is packed with valuable real-world and firsthand guidance.

Be it a IRT (Incident Response Team), CIRT (Computer Incident Response Team), CERT (Computer Emergency Response Team), or CSIRT (Computer Security Incident Response Team); whatever the term used, companies desperately need a process and team to formally respond to computer security incidents. The simple equation is that to the degree the incident is quickly identified, handled and ameliorated; is to the extent that the damage is contained and limited.

At just over 200 pages, the books 13 chapters provides an excellent foundation on which to start a CIRT. The book is divided into two parts. Chapters 1-6 form part 1, Computer Security Incidents, with part 2 being on Product Security.

Chapter 1 provides a basic introduction to the topic on why an organization should care about computer security incident response. This brief chapter touches upon the various business impacts, in addition to the legal and other reasons necessary for establishing a CIRT.

Chapter 2 lays down the 6 steps in which to establish an IRT, which are: defining the constituency, ensuring upper-management support, obtaining funding, hierarchy, team structure and policies and procedures. Each of these steps is crucial, and a mistake too many organizations make is to leave one or more out. Only later when an incident occurs, which often takes an inordinate amount of time to fix, do these companies realize that their IRT was incomplete and inadequate in the first place.

The chapter includes an interesting look at the various types of IRT teams that can be created; namely central, distributed or virtual. The book notes that if you don’t have sufficiently strong support from senior organizational executives to form a real IRT (which should be a huge red flag right there), a virtual team is a good option. Virtual teams can be easier to set up as they are less formal with fewer bureaucratic hurdles. While there are benefits to a virtual IRT, companies that are truly serious about computer security will ensure that they have a formal and dedicated IRT in place.

In chapter 3, Operating an IRT, the author details the items needed to successfully operate an IRT. One of the soft skills the author discusses is effective interpersonal skills. The author writes that one situation that can arise when handling an active incident is that the person reporting the incident may say offensive things or become abusive to the IRT analyst. This behavior is generally the consequence of the attack, indicating its urgency. When dealing with such a person, it is imperative that IRT analyst not get caught up in the user’s behavior. Rather they must focus on determining the appropriate method to fix the problem.

While part 1 is around the computer security incident itself, part 2 deals with product security. Most organizations create their IRT around computer security incidents. In chapter 8, the author writes about the need to create a product security team (PST) to deal with security issues related to vendor products.

Every software and hardware product has security flaws, be it Cisco, Juniper, Check Point and others. By understanding this and having a PST to deal with vendor security issues, a company will be adequately protected. In truth, only large companies will have the budget to support an independent PST in addition to an IRT.

In many ways, the PST is simply a specialized section of the IRT, with specific expertise around a specific product set. Many firms already have some sort of PST in place to deal with Patch Tuesday, which is the second Tuesday of each month when Microsoft releases security patches.

Overall, Computer Incident Response and Product Security provides a good overview of the topic. At 215 pages, the book should be seen as an introduction to the topic, not a comprehensive reference. The reason is that a topic such as security incident response requires much broader coverage given the extent of the requirements encompassed. In some ways though, its conciseness is its advantage, as a 750 page tome, while adequate for the subject, may overwhelm many, if not most readers. Also, the author has the ability to adequately discuss topics in a manner while brief, does cover the topic issues.

At $49-, the book is moderately priced, given the value of the content. For those on a limited budget, the Handbook for Computer Security Incident Response Teams from CERT provides a good overview of the topic. While the handbook was last revised in 2003, much of the core concepts around incident response are immutable.

As this title is from Cisco Press and the author an employee of the Cisco Product Security Incident Response Team (PSIRT), the book has a definite Cisco slant. While Cisco products are often referenced, this though is not a book from Cisco marketing. More importantly, as part of the Cisco PSIRT, the author has first-hand knowledge of one of the world’s premier IRT.

For those serious about computer security and incident response, Computer Incident Response and Product Security should be one of the required books for every member of the team.

Ben Rothke is an information security professional and the author of Computer Security: 20 Things Every Employee Should Know (McGraw-Hill).


Submission + - Google admits H.264 is more popular than WebM (networkworld.com)

jbrodkin writes: Amid controversy over Google's decision to strip H.264 support from its Chrome browser, a Google official has acknowledged H.264 is more popular than the WebM video codec, but said restrictive licensing will ultimately doom H.264. "We acknowledge that H.264 has broader support in the publisher, developer, and hardware community today (though support across the ecosystem for WebM is growing rapidly)," Google Product Manager Mike Jazayeri wrote in the Chromium blog. However, Jazayeri predicted that licensing fees would stifle innovation and lead to H.264's downfall. Although H.264 has greater support today, "There will not be agreement to make it the baseline in the HTML video standard due to its licensing requirements," Jazayeri writes. "To use and distribute H.264, browser and OS vendors, hardware manufacturers, and publishers who charge for content must pay significant royalties — with no guarantee the fees won't increase in the future. To companies like Google, the license fees may not be material, but to the next great video startup and those in emerging markets these fees stifle innovation."
The H.264 license agreement can be found at the Web site of MPEG LA, which administers patent-licensing programs. According to the site, H.264 patent holders include Apple, Cisco, HP, LG, Microsoft, Polycom, Sony, Toshiba and many other companies.

Submission + - What primers would you recommend for SQL? 1

An anonymous reader writes: I just moved into a new role that I need to use SQL. My background is being a bench chemist, so DBA is not my forte. I'm familiar with M$ Access, but I'm no programmerr. I've only had university training in fortran and pascal, so I'm pretty much in larval stage with databases. What texts would you recommend that helped you?

Submission + - FreeLayer - open sourced DNS alternative (floweringdesign.com)

An anonymous reader writes: I wanted to share a new site with you called FreeLayer.

FreeLayer is an open sourced server with the vision to break free
from normal domain name servers (DNS) and put it into the hands
of the public, making it free for all, owned by no one and distributed
so that it can't be taken down.

Chris Brainard

Submission + - PGP Vulnerability -- No Fix for Freeware Version (cert.org)

DERoss writes: PGP Desktop — used to encrypt or digitally sign E-mail and files — contains a serious vulnerability in current versions 10.0.3 and 10.1. This vulnerability allows a signed message or file (or sometimes a signed and encrypted message or file) to be altered without invalidating the signature. This makes it impossible to use a digital signature to verify the integrity of a message or file. While many individual, non-commercial users of PGP Desktop use the freeware trial version, Symantec will not provide a fix except for the purchased version. For non-technical details, see [http://www.rossde.com/PGP/pgp_weak.html#inject].

Submission + - Cool Futuristic CityScape Sculpted From Drill Bits (singularityhub.com)

kkleiner writes: Japanese artist Chu Enoki’s sculpture, RPM 1200, is a beautiful metallic cityscape made completely out of drill bits that looks like a glistening version of Blade Runner, or maybe even a 21st Century version of the Emerald City of Oz. Every spire is a drill bit that has been repurposed and polished. It’s a beautiful piece of art (and a stunning feat of recycling as well). Check photos of RPM 1200, including a close up shot where you can really see the grooves and shapes of the bits that went into its creation.

Americans Less Healthy, But Outlive Brits 521

An anonymous reader writes with this intriguing snippet: "Older Americans are less healthy than their English counterparts, but they live as long or even longer than their English peers, according to a new study by researchers from the RAND Corporation and the Institute for Fiscal Studies in London. Researchers found that while Americans aged 55 to 64 have higher rates of chronic diseases than their peers in England, they died at about the same rate. And Americans age 65 and older — while still sicker than their English peers — had a lower death rate than similar people in England, according to findings published in the journal Demography."

Fine-Structure Constant Maybe Not So Constant 105

Kilrah_il writes "The fine-structure constant, a coupling constant characterizing the strength of the electromagnetic interaction, has been measured lately by scientists from the University of New South Wales in Sydney, Australia and has been found to change slightly in light sent from quasars in galaxies as far back as 12 billion years ago. Although the results look promising, caution is advised: 'This would be sensational if it were real, but I'm still not completely convinced that it's not simply systematic errors' in the data, comments cosmologist Max Tegmark of MIT. Craig Hogan of the University of Chicago and the Fermi National Accelerator Laboratory in Batavia, Ill., acknowledges that 'it's a competent team and a thorough analysis.' But because the work has such profound implications for physics and requires such a high level of precision measurements, 'it needs more proof before we'll believe it.'"

Doubled Yield For Bio-Fuel From Waste 97

hankwang writes "Dutch chemical company DSM announced a new process for production of ethanol from agricultural waste. Most bio-fuel ethanol now is produced from food crops such as corn and sugar cane. Ethanol produced from cellulose would use waste products such as wood chips, citrus peel, and straw. The new process is claimed to increase the yield by a factor of two compared to existing processes, thanks to new enzymes and special yeast strains."

Porting Lemmings In 36 Hours 154

An anonymous reader writes "Aaron Ardiri challenged himself to port his classic PalmOS version of Lemmings to the iPhone, Palm Pre, Mac, and Windows. The porting was done using his own dev environment, which creates native C versions of the game. He liveblogged the whole thing, and finished after only 36 hours with an iPhone version and a Palm Pre version awaiting submission, and free versions for Windows and Mac available on his site."

Slashdot Top Deals

The unfacts, did we have them, are too imprecisely few to warrant our certitude.