Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - iPad in enterprise: Apple's game to lose

Toe, The writes: Barclays Capital analyst Ben Reitzes follows up on a conference call with Forrester Research by concluding that the iPad is “running far ahead of its tablet competition and its their game to lose." He also notes that Apple is the "½Â½Âoewinner in the consumerization of IT," with hoards of enterprise workers bringing their Apple devices into work. He predicts Apple will claim over 70% of 47 million tablets sold in 2011. Recently, Apple announced that over 80% of Fortune 100 are already deploying or testing the iPad.

Submission + - Android gets touch (haptic) feedback ( 1

mikejuk writes: A new SDK bring touch feedback to the Android platform using standard hardware — the vibration motor. You can select touch themes like rubber ball, typewriter, butterfly and so on and application developers can use it to bring users closer to their creations.
The idea of achieving different feedback effects by modulating the vibration motor is clearly a fairly crude form of feedback, but it could be that custom vibrate "ringtones" are the next big thing.


Submission + - Nintendo 3DS launching on March 27 for $250

Sam writes: Nintendo executive Reggie Fil-Amie today revealed US availability and pricing for the Nintendo 3DS at an event in the Nintendo World store in New York City. The 3DS will launch on March 27, 2011 with a retail price of $250 and will be available in two flavors: Aqua Blue and Cosmo Black.

There will be roughly 30 games released between the launch day and E3 2011 (June 7 to June 9). These include Super Street Fighter IV 3D Edition, Resident Evil: The Mercenaries 3D, Madden NFL Football, The Sims 3, Pro Evolution Soccer 2011 3D, and LEGO Star Wars III: The Clone Wars. The device will have the same form-factor as the DSi and will be backwards compatible with both DS and DSi games. Users will also be able to download games via an online store, called the eShop.

In Europe, the 3DS will launch on March 25, 2011. While Europeans will get the device two days early, pricing is not good news. Nintendo held a second event in Amsterdam today and said that pricing would be left up to retailers. Retailers in the UK are reportedly planning a £229.99 ($367.64) price tag, while other European retailers are going with €249 ($336.00).
Book Reviews

Submission + - Book review of Computer Incident Response (

brothke writes: Untitled documentol{margin:0;padding:0}p{margin:0}.c1{line-height:1.15;text-indent:0pt;text-align:justify;direction:ltr}.c2{color:#000099;font-size:12pt;text-decoration:underline;font-family:Arial}.c3{line-height:1.15;text-indent:0pt;direction:ltr}.c0{color:#000000;font-size:12pt;font-family:Arial}.c5{background-color:#ffffff}.c4{font-style:italic}body{color:#000000;font-size:11pt;font-family:Arial}.heading1{font-size:24pt;font-weight:bold}.heading2{font-size:18pt;font-weight:bold}.heading3{font-size:14pt;font-weight:bold}.heading4{font-size:12pt;font-weight:bold}.heading5{font-size:11pt;font-weight:bold}.heading6{font-size:10pt;font-weight:bold}

When someone calls 911 in a panic to report an emergency, within seconds the dispatcher knows where the call is coming from, and help is often only moments away.

When it comes to computer security incidents, often companies are not as resilient in their ability to quickly respond. Take for instance the TJX Cos. data breach, where insecure wireless networks were compromised for months, revealing millions of personal records, before they were pinpointed and finally secured. Once made aware of the issue, it took TJX an additional few months until the situation was in completely in control and secured.

In Computer Incident Response and Product Security, author Damir Rajnovic provides the reader with an excellent and practical guide to the fundamentals of building and running a security incident response team. The book is focused on getting the reader up to speed as quick as possible and is packed with valuable real-world and firsthand guidance.

Be it a IRT (Incident Response Team), CIRT (Computer Incident Response Team), CERT (Computer Emergency Response Team), or CSIRT (Computer Security Incident Response Team); whatever the term used, companies desperately need a process and team to formally respond to computer security incidents. The simple equation is that to the degree the incident is quickly identified, handled and ameliorated; is to the extent that the damage is contained and limited.

At just over 200 pages, the books 13 chapters provides an excellent foundation on which to start a CIRT. The book is divided into two parts. Chapters 1-6 form part 1, Computer Security Incidents, with part 2 being on Product Security.

Chapter 1 provides a basic introduction to the topic on why an organization should care about computer security incident response. This brief chapter touches upon the various business impacts, in addition to the legal and other reasons necessary for establishing a CIRT.

Chapter 2 lays down the 6 steps in which to establish an IRT, which are: defining the constituency, ensuring upper-management support, obtaining funding, hierarchy, team structure and policies and procedures. Each of these steps is crucial, and a mistake too many organizations make is to leave one or more out. Only later when an incident occurs, which often takes an inordinate amount of time to fix, do these companies realize that their IRT was incomplete and inadequate in the first place.

The chapter includes an interesting look at the various types of IRT teams that can be created; namely central, distributed or virtual. The book notes that if you don’t have sufficiently strong support from senior organizational executives to form a real IRT (which should be a huge red flag right there), a virtual team is a good option. Virtual teams can be easier to set up as they are less formal with fewer bureaucratic hurdles. While there are benefits to a virtual IRT, companies that are truly serious about computer security will ensure that they have a formal and dedicated IRT in place.

In chapter 3, Operating an IRT, the author details the items needed to successfully operate an IRT. One of the soft skills the author discusses is effective interpersonal skills. The author writes that one situation that can arise when handling an active incident is that the person reporting the incident may say offensive things or become abusive to the IRT analyst. This behavior is generally the consequence of the attack, indicating its urgency. When dealing with such a person, it is imperative that IRT analyst not get caught up in the user’s behavior. Rather they must focus on determining the appropriate method to fix the problem.

While part 1 is around the computer security incident itself, part 2 deals with product security. Most organizations create their IRT around computer security incidents. In chapter 8, the author writes about the need to create a product security team (PST) to deal with security issues related to vendor products.

Every software and hardware product has security flaws, be it Cisco, Juniper, Check Point and others. By understanding this and having a PST to deal with vendor security issues, a company will be adequately protected. In truth, only large companies will have the budget to support an independent PST in addition to an IRT.

In many ways, the PST is simply a specialized section of the IRT, with specific expertise around a specific product set. Many firms already have some sort of PST in place to deal with Patch Tuesday, which is the second Tuesday of each month when Microsoft releases security patches.

Overall, Computer Incident Response and Product Security provides a good overview of the topic. At 215 pages, the book should be seen as an introduction to the topic, not a comprehensive reference. The reason is that a topic such as security incident response requires much broader coverage given the extent of the requirements encompassed. In some ways though, its conciseness is its advantage, as a 750 page tome, while adequate for the subject, may overwhelm many, if not most readers. Also, the author has the ability to adequately discuss topics in a manner while brief, does cover the topic issues.

At $49-, the book is moderately priced, given the value of the content. For those on a limited budget, the Handbook for Computer Security Incident Response Teams from CERT provides a good overview of the topic. While the handbook was last revised in 2003, much of the core concepts around incident response are immutable.

As this title is from Cisco Press and the author an employee of the Cisco Product Security Incident Response Team (PSIRT), the book has a definite Cisco slant. While Cisco products are often referenced, this though is not a book from Cisco marketing. More importantly, as part of the Cisco PSIRT, the author has first-hand knowledge of one of the world’s premier IRT.

For those serious about computer security and incident response, Computer Incident Response and Product Security should be one of the required books for every member of the team.

Ben Rothke is an information security professional and the author of Computer Security: 20 Things Every Employee Should Know (McGraw-Hill).


Submission + - Google admits H.264 is more popular than WebM (

jbrodkin writes: Amid controversy over Google's decision to strip H.264 support from its Chrome browser, a Google official has acknowledged H.264 is more popular than the WebM video codec, but said restrictive licensing will ultimately doom H.264. "We acknowledge that H.264 has broader support in the publisher, developer, and hardware community today (though support across the ecosystem for WebM is growing rapidly)," Google Product Manager Mike Jazayeri wrote in the Chromium blog. However, Jazayeri predicted that licensing fees would stifle innovation and lead to H.264's downfall. Although H.264 has greater support today, "There will not be agreement to make it the baseline in the HTML video standard due to its licensing requirements," Jazayeri writes. "To use and distribute H.264, browser and OS vendors, hardware manufacturers, and publishers who charge for content must pay significant royalties — with no guarantee the fees won't increase in the future. To companies like Google, the license fees may not be material, but to the next great video startup and those in emerging markets these fees stifle innovation."
The H.264 license agreement can be found at the Web site of MPEG LA, which administers patent-licensing programs. According to the site, H.264 patent holders include Apple, Cisco, HP, LG, Microsoft, Polycom, Sony, Toshiba and many other companies.

Submission + - PGP Vulnerability -- No Fix for Freeware Version (

DERoss writes: PGP Desktop — used to encrypt or digitally sign E-mail and files — contains a serious vulnerability in current versions 10.0.3 and 10.1. This vulnerability allows a signed message or file (or sometimes a signed and encrypted message or file) to be altered without invalidating the signature. This makes it impossible to use a digital signature to verify the integrity of a message or file. While many individual, non-commercial users of PGP Desktop use the freeware trial version, Symantec will not provide a fix except for the purchased version. For non-technical details, see [].

Fine-Structure Constant Maybe Not So Constant 105

Kilrah_il writes "The fine-structure constant, a coupling constant characterizing the strength of the electromagnetic interaction, has been measured lately by scientists from the University of New South Wales in Sydney, Australia and has been found to change slightly in light sent from quasars in galaxies as far back as 12 billion years ago. Although the results look promising, caution is advised: 'This would be sensational if it were real, but I'm still not completely convinced that it's not simply systematic errors' in the data, comments cosmologist Max Tegmark of MIT. Craig Hogan of the University of Chicago and the Fermi National Accelerator Laboratory in Batavia, Ill., acknowledges that 'it's a competent team and a thorough analysis.' But because the work has such profound implications for physics and requires such a high level of precision measurements, 'it needs more proof before we'll believe it.'"

MIT Unveils First Solar Cells Printed On Paper 125

lucidkoan writes "MIT researchers recently unveiled the world's first thin-film solar cell printed on a sheet of paper. The panel was created using a process similar to that of an inkjet printer, producing semiconductor-coated paper imbued with carbon-based dyes that give the cells an efficiency of 1.5 to 2 percent. That's not incredibly efficient, but the convenience factor makes up for it. And in the future, researchers hope that the same process used in the paper solar cells could be used to print cells on metal foil or even plastic. If they're able to gear efficiencies up to scale, the development could revolutionize the production and installation of solar panels."

Submission + - Stanford Scientists Harvest Electricity From Algae (

ByronScott writes: Scientists at Stanford have just discovered the greenest source of energy yet — harvesting electricity directly from plants! They’ve successfully generated energy from photosynthetic processes in algae by tapping straight into currents of electrons generated at the cellular level. We know that cars can run on bio-fuel made from algae, but imagine if our power grid could run on pond water in its natural state. No refinement is necessary – all you need is a pool of water, a bunch of the green stuff and a high-tech gold electrode. Best of all, the only by-products are protons and oxygen!

LRO Photographs Soviet Lunar Landers From the '70s 24

braindrainbahrain writes "Photographs of the Sea of Crises on the Moon taken by the Lunar Reconnaissance Orbiter show the Soviet lunar landers Luna 20, Luna 23 and Luna 24, which landed on the Moon in the 1970s. In addition to the landers, it is possible to see the tracks made by the Lunokhod lunar rover! The Soviet Lunokhod lunar rover predates the first successful Mars Rover by some 30 years. (Note: Very cool old-style artists' drawings of the Soviet craft at the Wikipedia links above.)"

Submission + -

An anonymous reader writes: “Why We Fight” contains never before Released footage of the Afghanistan Special Forces, Strike Force Lion, who describe their own personal reasons why they continue to fight the war against terrorist threats within their country.

Submission + - The Dangers of Nanoparticles (

An anonymous reader writes: AOL News has published an investigative series on the hazards of nanoparticles written by Pulitzer winner Andrew Schneider. Engineered nanomaterials are finding their way into more and more consumer products, including cosmetics, sunblocks, and sports gear. Although the FDA denies it, government scientists say they're also in the U.S. food supply. This is happening even as evidence mounts that nanoparticles can damage the heart, lung, and brain and can lead to cancer and birth defects.

Submission + - Intel creates Linux app store for netbooks (

Julie188 writes: Intel has created another beta version of its online apps store for netbooks. This one is for Moblin 2.1. It has already launched a beta of an app store for Windows 7 and Windows XP netbooks. Developers must submit their netbook applications to the Intel Atom Developer Program for validation before those apps can be accepted into the AppUp Center storefronts. However, Intel promises that the validation process will be less onerous than what many developers have experienced from, say, Apple's App Store police.

GM Unveils Networked Electric Mini Cars 206

suraj.sun writes "GM introduced its Electric Networked Vehicle prototypes, one third the size of a typical car, as a way to reduce big urban auto emissions and traffic congestion. The EN-V relies on dynamic stabilization technology similar to that of the one-person Segway scooter to keep its balance, and can be operated autonomously or under manual control. In autonomous mode the EN-V is designed to use high-speed wireless connectivity and GPS navigation to automatically select the fastest route, based on real-time traffic conditions gleaned from the Web or some other networked source of traffic information."

Slashdot Top Deals

Yes, we will be going to OSI, Mars, and Pluto, but not necessarily in that order. -- Jeffrey Honig