Slashdot Mirror

redletterdave writes "IBM's super-computer Watson briefly went from smart to smart ass with the help of the Urban Dictionary. According to Eric Brown, an IBM research assistant, he and his 35-person team wanted to get Watson to sound more like a real human. After teaching IBM's super-computer the entire Urban Dictionary, however, Watson simply couldn't distinguish polite discourse from profanity. Watson unfortunately learned all of the Urban Dictionary's bad habits, including throwing in overly-crass language at random points in its responses; in answering one question, Watson even reportedly used the word 'bullshit' within an answer to one researcher's question. In the end, Brown and his team were forced to remove the Urban Dictionary from Watson's vocabulary, and additionally developed a smart filter to keep Watson from swearing in the future."

redletterdave writes "The PaperTab, which looks and feels just like a sheet of paper, may one day overtake today's tablet. Developed by researchers at the Human Media Lab at Queen's University in Ontario, Canada, the PaperTab features a flexible, high-resolution 10.7-inch plastic touchscreen display built by Plastic Logic, the company borne from Cambridge University's Cavendish Laboratory, and relies on a second-generation Intel Core i5 processor to turn what looks like a sheet of white paper into a living, interactive display. Unlike typical tablets akin to Apple's iPad, the idea of PaperTab is to use one app at a time, per PaperTab. To make tasks easier, users would own 10 or more PaperTabs at once and lay them out to their liking; with multiple tablets to separate your applications, PaperTab relies on an interface that allows you to combine and merge elements from disparate applications with intuitive dragging, dropping, pointing, and folding."

BeatTheChip writes "The day Andrea Hernandez lost her federal case against expulsion for refusing a school mandated RFID badge, Rep. Lois Kolkhorst moved to file two bills on the first day of the Texas Legislative session. Kolkhorst has sponsored several anti-RFID bills for schools over the years. This year they are HB 101 and HB 102."

inode_buddha writes "After completing its bailout rescue and paying back the money with interest, AIG is considering suing the US Government for doing so. The reasons why? Among other things, the 14% interest rate paid to the government. 'The lawsuit does not argue that government help was not needed. It contends that the onerous nature of the rescue — the taking of what became a 92 percent stake in the company, the deal's high interest rates and the funneling of billions to the insurer's Wall Street clients — deprived shareholders of tens of billions of dollars and violated the Fifth Amendment, which prohibits the taking of private property for "public use, without just compensation." The former CEO and current major shareholder said: "The government has been saying, 'We're your friend, we owned and controlled you and we let you go.' But A.I.G. doesn't owe loyalty to the government," a person close to Mr. Greenberg said. "It owes loyalty to its shareholders."' The lawyer representing him is none other than David Boies of SCO fame."

Deathspawner writes "If there's one thing that each CES can bring, it's a handful or products that manage to drop jaws everywhere. Kingston's latest flash drive series, DataTraveler HyperX Predator 3.0, manages to be one of those. It's aimed at folks who actually need mass storage on the go at speeds that mechanical hard drives cannot offer. Available soon will be a 512GB model, followed by the 1TB later this quarter. The drive features read speeds of 240MB/s and write speeds of 160MB/s — not quite desktop SSD speeds, but much faster than a mechanical hard drive, and with vastly reduced latencies due to it being flash storage. Not surprisingly, pricing has not yet been discussed."

The Bad Astronomer writes "A new study finds that there may be 100 billion alien planets in the Milky Way alone, with 17 billion of them the size of Earth. Announcements like this have been made before, but this new research is more robust than previous studies, using data from the Kepler planet-hunting spacecraft over a longer period and analyzing it in a more statistically solid way (PDF). They also found that smaller planets are not as picky about their host stars, with terrestrial planets forming around stars like the Sun or as small as tiny, cool red dwarfs with equal ease."

First time accepted submitter Edgewood_Dirk writes that a giant squid has been filmed in its natural habitat for the first time. "Scientists and broadcasters have captured footage of an elusive giant squid, up to eight meters (26 feet) long that roams the depths of the Pacific Ocean. Japan's National Science Museum succeeded in filming the deep-sea creature in its natural habitat for the first time, working with Japanese public broadcaster NHK and the U.S. Discovery Channel. The massive invertebrate is the stuff of legend, with sightings of a huge ocean-dwelling beast reported by sailors for centuries.'" The first live footage of a giant squid was captured in 2006 by Japan's National Science Museum researcher, Tsunemi Kubodera, after it was hooked and brought to the surface.

New submitter asola writes with this cool piece of small (ha!) news from Liliputing: "This Freescale i.MX6-quad based stick will officially support Ubuntu in addition to Android. This is a first among the newfangled category of ARM-based stick PCs. This Ubuntu may very well have the hw accelerated Gstreamer plugins created by Freescale for the i.MX6 so full HD video playing will be available under Ubuntu as well."

DavidGilbert99 writes with this excerpt from IB Times: "The Sandy Hook shooting once again raised the debate about how much power violent videogames wield over teenagers. Following proclamations from the National Rifle Association and the establishment of a study by the National Academy of Sciences to investigate the psychological effects of violent games on children, a group in Connecticut is now having its say Southington, a town 30 miles from where the shooting took place, is offering gift tokens in exchange for violent videogames, as well as other violent media such as DVDs or videos. The group, called SouthingtonSOS, said in a statement: 'There is ample evidence that violent video games, along with violent media of all kinds, including TV and movies portraying story after story showing a continuous stream of violence and killing, has contributed to increasing aggressiveness, fear, anxiety and is desensitizing our children to acts of violence including bullying.'" And Yes, they plan to destroy the traded-in games. (Note: Beware the obnoxious auto-playing video ad with sound; adjust volume accordingly.)

Curseyoukhan writes "Infosec vendor IID (Internet Identity) probably hopes that by the time 2014 rolls around no one will remember the prediction it just made. That is the year it says we will see the first murder via internet connected device. The ability to do this has been around for quite some time but the company won't say why it hasn't happened yet. Probably because that would have screwed up their fear marketing. CIO blogger challenges them to a $10K bet over their claim."

First time accepted submitter cathyreisenwitz writes "The New York Times' Bits blog has a great piece on the FAA's inconvenient, outdated and unhelpful rules regarding electronic devices on planes: 'Dealing with the F.A.A. on this topic is like arguing with a stubborn teenager. The agency has no proof that electronic devices can harm a plane's avionics, but it still perpetuates such claims, spreading irrational fear among millions of fliers.' The rules illustrate why we shouldn't let the government regulate the internet: Government regulations are nearly always outdated and too cautious."

jomama717 writes "Another chapter in the fascinating life of Srinivasa Ramanujan appears to be complete: 'While on his death bed, the brilliant Indian mathematician Srinivasa Ramanujan cryptically wrote down functions he said came to him in dreams, with a hunch about how they behaved. Now 100 years later, researchers say they've proved he was right. "We've solved the problems from his last mysterious letters. For people who work in this area of math, the problem has been open for 90 years," Emory University mathematician Ken Ono said. Ramanujan, a self-taught mathematician born in a rural village in South India, spent so much time thinking about math that he flunked out of college in India twice, Ono said.'"

benrothke writes "When the IBM PC first came out 31 years ago, it supported a maximum of 256KB RAM. You can buy an equivalent computer today with substantially more CPU power at a fraction of the price. But in those 31 years, the information security functionality in which the PC operates has not progressed accordingly. In Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents, author Jean-François Blanchette observes that the move to a paperless society means that paper-based evidence needs to be recreated in the digital world. It also requires an underlying security functionality to flow seamlessly across organizations, government agencies and the like. While the computing power is there, the ability to create a seamless cryptographic culture is much slower in coming." Keep reading for the rest of Ben's review. Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents author Jean-François Blanchette pages 288 publisher MIT Press rating 9/10 reviewer Ben Rothke ISBN 978-0262017510 summary Excellent overview and history of using cryptography to build a trust framework The so called Year of the PKI has been waiting for over a decade, and after reading Burdens of Proof, it is evident why a large-scale PKI will be a long time in coming. More than that, getting the infrastructure in place in a complex environment that exists in the USA with myriad jurisdictions and technologies may prove ultimately to be impossibility.

The irony is that an effective mechanism for digital authentication would seem to be an indispensable part of the digital age. The lack of such an authentication infrastructure may be the very reason that fraud, malware, identity theft and much more, are so pervasive on the Internet.

The premise of this fascinating book is that the slow decline from the use of paper from a legal and evidentiary perspective has significant consequences. For the last few hundred years, paper has been ubiquitous in modern life; from legal and health records, school, employment and everything in between.

The book details the many challenges that businesses and governments face in moving from a paper-based record society and the underlying trust mechanisms that go along with it, to a new digital-based record system, and how a new framework is needed for such a method. The book details part of that new framework.

The book opens with an observation on the authenticity of President Obama's birth certificate. While Blanchette is not a birther, he does note that if the moral authority of paper records has diminished, then the electronic documents replacing them, which are what the Obama administration provided, appear to be even more malleable. And that is precisely the issue that he addresses.

Blanchette details a compelling story and writes it as an insider. He was a member of a task force appointed in 1999 by the French Ministry of Justice to provide guidance on the reform of the rules governing the admissibility of written evidence in French courts, into a digital format.

The first few chapters provide an excellent overview of the history of cryptography. Chapter 3 – On the Brink of a Revolution– gives an excellent summary of cryptography from 1976 on, starting with seminal research that was done by Diffie and Hellman, and Rivest, Shamir and Adleman (RSA).

In chapter 5, Blanchette details his narrative about how France embraced and moved to a more digital governmental framework. He notes that the challenge was that France was the country that gave bureaucracy its name, and is a place where citizens must carry at all times their papers d'identite and is a society enmeshed in paper. Blanchette writes of the many French bureaucracies that had to let go of their protectionist stances as they moved down the path to letting electronic documents have legal validity.

Blanchette writes that in France, one of the biggest impediments to moving to a digital framework were the French civil-law notaries or notaire. French notaries are much more powerful than a notary public in the US, and are closer to being what a paralegal does in the US.

The French notaire are a wealthy and powerful monopoly when it comes to issues of purchases, sales, exchanges, co-ownerships, land plots, leases, mortgages and the like. A notaire can form a corporation prepare commercial business leases and much more. The entire French notary profession had been dependent on its monopoly to grant authenticity, and no definition of electronic authenticity could emerge and succeed if it did not meet its criteria.

While paper trust may be intuitive now, Blanchette writes that it wasn't always the case. When documents were first created (whenever that may have been), they did not immediately inspire trust. As with other innovations, there was a long and complex period of evolution needed to gain accepted levels of trust.

In chapter 6, the books notes that many people assumed cryptography would be the mechanism that would inspire trust in the digital world. Blanchette writes that the mistake cryptographers made and sometimes continue to make; is that they often assumed that the properties of cryptographic objects will translate transparently into the complex social and institutional setting in which they are deployed in.

This was incisively noted in Why Johnny Can't Encrypt, which was a usability evaluation of PGP by Whitten and Tygar. The author's observed that user errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent. While the paper was written in 1999, most of its findings are still relevant.

Chapter 6 provides 3 fascinating case studies that show have different approach to security technology and cryptographic deployments are imperative in ensuring that they work.

In just under 200 pages, the books 7 chapters provide both a fascinating overview of the history of cryptography, in addition to showing how cryptography can be effectively used to authenticate digital documents. The book also has a high-level framework (a comprehensive framework would require at least 5 times as many pages) for an effective cryptographic framework for digital trust.

As Blanchette notes many times in the book, the challenge with getting digital signatures to work is not with the technology; rather it is with the underlying societal infrastructure in which to make it work. France was brought kicking and screaming into the age of electronic authentication, and is one of the few countries that have had such widespread success.

The book is a fascinating read that details how frustrating difficult it has been to create a comprehensive mechanism for digital authentication. The book raises many beguiling questions, and Blanchette is smart enough to notes that there are no simply answers to these multifaceted problems.

Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents is both a fascinating overview of the history of paper and electronic authentication, in addition to providing a synopsis of what it will take to make create a cryptographic culture, where digital evidence will be as accepted in the courtroom, as its antique paper cousin.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

redletterdave writes "The Dec. 12 reinstatement of Google Maps on iOS has apparently been enough for some of those reluctant users to finally make the upgrade to iOS 6. According to MoPub, the San Francisco-based mobile ad exchange that monitors more than 1 billion ad impressions a day and supports more than a dozen ad networks and 12,000 apps, there has been a 29 percent increase in unique iOS 6 users in the past five days following Google Maps' release on iOS. In fact, MoPub reports a 13 percent increase in iOS 6 users from last Monday to Wednesday alone, which would mean that nearly half of the converts to iOS 6 in the past week switched the very moment Google Maps' standalone app hit the App Store."

First time accepted submitter Funksaw writes "Back in 2007, I wrote three articles on Ubuntu 6, Mac OS X 10.4, and Windows Vista, which were all featured on Slashdot. Now, with the release of Windows 8, I took a different tactic and produced an animated video. Those expecting me to bust out the performance tests and in-depth use of the OS are going to be disappointed. While that was my intention coming into the project, I couldn't even use Windows 8 long enough to get to the in-depth technical tests. In my opinion, Windows 8 is so horribly broken that it should be recalled."

DavidGilbert99 writes "Many Instagram users have reacted angrily to a proposed change to the apps terms of service by owner Facebook, which would give the social network 'perpetual' rights to all photos on Instagram, allowing it to sell the photos to advertisers without notice — or payment to the user. The new policy will come into effect on 16 January, just four months after Facebook completed its $1bn acquisition of Instagram. It states that Facebook has a right to distribute any content posted on Instagram without paying the user royalties:" Also worth reading Declan McCullagh's take on it.

First time accepted submitter veganboyjosh writes "I got an instant message from an uncle the other day, asking me what was in the link I sent him. I hadn't sent him a link so I figured that his account had been hacked and he'd received a malicious link from some bot address with my name in the 'From' box. This was confirmed when he told me the address the link had come from. When I tried explaining what the link was, that his account had been hacked, and that he should change the password to his @aol.com email account, his response was 'No, I think your account was hacked, since the email came from you.' I went over it again, with a real-life analog of someone calling him on the phone and pretending to be me, but I'm not sure if that sunk in or not. This uncle is far from tech savvy. He's in his 60s, and uses Facebook several times a week. He knows I'm online much more and kind of know my way around. After his initial response, I didn't have it in me to get into the whole 'Never click a link from an unfamiliar email address' bit; to him, this wasn't an unfamiliar email address, it was mine. How do I explain this to him, and what else should I feel responsible for telling him?"

brindafella writes "Australian Prime Minister, Julia Gillard, recorded a spoof speech about the Mayan calendar apocalypse several days ago, for radio station "Triple J". Gillard said in part, 'Whether the final blow comes from flesh eating zombies, demonic hell beasts or from the total triumph of K-pop, if you know one thing about me it is this: I will always fight for you to the very end.' The speech has been picked up in China on Sina Weibo (China's Twitter) and has achieved well over 23,000 repeats, without anyone picking up the irony." This comes on the heels of the online version of China's Communist Party newspaper picking up an Onion story about North Korean dictator Kim Jong Un being named the "Sexiest Man Alive."

Deathspawner writes "Perhaps hinting at the fact that the official Steam for Linux launch isn't too far off, Valve has begun updating some game pages to include Linux system requirements. Some games don't list only Ubuntu as the main supported distro, with some listing Linux Mint and Fedora as well. A common theme is that Valve recommends you always use a 'fully updated' OS, regardless of which distro you use. And based on the system requirements laid out so far, it's safe to say that Serious Sam 3: BFE will undoubtedly be the most system-intensive game released at launch."

benrothke writes "It is well known that the password, while the most widespread information security mechanism, is also one of the most insecure. It comes down to the fact that the average person can't create and maintain secure passwords. When it comes to physical locks, the average lock on your home and in your office is equally insecure. How insecure it in? In two fascinating books on the topic, Deviant Ollam writes in Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks that it is really not that difficult. When it comes to information security penetration tests done on the client site, the testers will most often have permission to be inside the facility. On rare occasions, the testers need to find alternative means to gain entrance. Sometimes that means picking the locks." Keep reading to learn if you'll be picking locks soon. Practical Lock Picking, 2nd ed. / Keys to the Kingdom author Deviant Ollam pages 296 / 256 publisher Syngress rating 9/10 reviewer Ben Rothke ISBN 978-1597499897 / 978-1597499835 summary Two excellent books on the fundamentals of lockpicking All of the information in the books is long known to professional locksmiths. For those whose responsibilities include physical security, it is hoped that they are at least at the level of the locksmiths, and have designed their physical security plant accordingly.

Ollam is a member of The Open Organization Of Lockpickers (TOOOL), a group whose goal is to advance the general public knowledge about locks and lock picking. TOOL'S mantra is that the more that people know about lock technology, the better they are capable of understanding how and where certain weaknesses are present. This makes them well-equipped to participate in sport picking endeavors and also helps them simply be better consumers in the marketplace, making decisions based on sound fact and research. In these books, Ollam stays true to that mantra.

The two books have some overlap. Practical Lock Picking is meant as a beginners guide to lock picking, and is intended to be a hands-on guide with hundreds of pictures and diagrams.

Ollam writes in a clear-cut and systematic manner, describing all of the details needed. Nearly every page includes pictures and diagrams to illustrate the point. In 6 easily readable chapters, Ollam covers the core areas needed to gain a comprehensive understanding of the topic of lock picking. By the end of the book, you won't be a locksmith or even close. But for those that have locksmithing in their blood, or want to get greater insights, the book will be a great resource that will help them get there.

Chapter 1 starts the book on the fundamentals of pin tumbler and wafer locks; which are two of the most common types of locks in use. Ollam notes that while there are a multitude of lock designs on the market today produced by many different manufactures, the bulk of these locks are not in widespread use. With that, he notes that if the reader can understand the basics of just a few styles of locks, he is confident that the reader should be open top open with great east at least 75% of the locks they are likely to encounter, and even more as you become more skilled with them.

After the introduction, chapter 2 gets into the basics of lock picking and how to exploit weaknesses that most locks have. Many of these weaknesses are due to errors in the manufacturing process, which the book details. Information security guru has observed that "security is a tax on the honest majority". He writes that security often does not keep that bad guys out. Similarly, insecure physical locks will do little to keep the bad guys out, which Ollam so persuasively writes about.

In chapter 5, Ollam details what he terms quick-entry tricks, which is done via shimming, bumping and bypassing. Lock bumping has gotten a lot of media exposure in the last few years, but has been around for nearly 100 years. Specifically, it is a pin tumbler lock picking technique using a special bump key. Not that there is a universal bump key that can open all locks. Rather the bump key must correspond to the lock in question. Ollam shows that if one has such a key, many of these locks can quickly be compromised.

The book closes with an appendix that provides a list to the types of tools and toolkits necessary to pick locks.

After completing Practical Lock Picking, one should check out Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks, which is a great follow-on reference.

The main difference between the two is that the latter provides a lot of details on impressioning, which is a covert technique to create a usable key for a lock without picking the lock or taking it apart, in addition to some other types of more sophisticated attacks.

Chapter 2 of the book is on soft medium attacks and is particularly fascinating. Ollam writes of mold-and-cast attacks, which is a technique of opening a lock by covertly copying a legitimate key by making a cast of it in a soft material, then using it to imprint and fabricate a working key. Such a technique was used in real-life and detailed in the 1979 movie The First Great Train Robbery. Ollam writes how the movie was very true to the methods and technology available at that time, when the train robbery occurred in the 1850's.

The chapter walks the reader through the Quick-Key duplication kit method, in which most common key forms can be replicated with the kits molding and casting forms. The kit Ollam references is for the serious student of the craft, as it costs over $700- and can only be purchased from a firm in Germany.

Chapter 3 on master-keyed systems is particularly interesting as Ollam shows how a master key privilege escalation attack can often be easily done. Master-key systems make the logistics of granting access easier. But with that ease of use, comes the potential for abuse, as that single key will now have global access to the physical site.

Ollam writes that dedicated attackers who have the ability to spend a bit of time will often have the ability to compromise the code for the top master key (the one with the most access privileges) in nearly all master-keyed systems, even with only a small amount of preliminary information and a small number of blank keys.

In the same way that passwords often provide very little network security, Keys to the Kingdom shows that much of the security provided by physical locks is an illusion, given the ease at which these keys can be manipulated and copied.

Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide is a great introduction to the topic of lock picking, while Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks takes that base knowledge and builds upon.

For those who perform physical penetration testing, these two books will prove to be invaluable. For those that simply want to understand what their locks are and aren't doing, they will find these to be a fascinating read.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

redletterdave writes "In each one of Amazon.com's 80 fulfillment centers around the globe, Amazon relies on barcodes and human hands rather than robots or automation to find and ship the proper items in a quick and efficient manner. Without robots, Amazon utilizes a system known as 'chaotic storage,' where products are essentially shelved at random but are tagged with barcodes to be scanned at every step of the ordering, selection and shipping process. The real advantage to chaotic storage is that it's significantly more flexible than conventional storage systems. If there are big changes in a product range, the company doesn't need to plan for more space, because the products or their sales volumes don't need to be known or planned in advance if they're simply being stored at random. Free space is also better utilized in a chaotic storage system, and it's also a major time saver to not organize products as they come in. This system is the true key to Amazon.com's success in online retail."

MyFirstNameIsPaul writes "In an announcement dated Monday, Nov 26, 2012, Dublin-based InTrade stated 'that due to legal and regulatory pressures, InTrade can no longer allow U.S. residents to participate in our real-money prediction markets.' The Washington Post reports that the Commodity Futures Trading Commission filed a complaint in federal court against InTrade for 'illegally facilitating bets on future economic data, the price of gold and even acts of war,' demonstrating just how far the long arm of U.S. law can reach."

Big Hairy Ian writes "A South Pacific island, shown on marine charts and world maps as well as on Google Earth and Google Maps, does not exist, Australian scientists say. The supposedly sizeable strip of land, named Sandy Island on Google maps, was positioned midway between Australia and French-governed New Caledonia. But when scientists from the University of Sydney went to the area, they found only the blue ocean of the Coral Sea."

rjnagle writes "I'm an American lover of music who is interested in buying legally music from other countries. How do I know which CD/online music stores are legit and actually benefit the artist? I'm very cost-conscious and prefer indie music anyway, but the types of international music for sale on Amazon/iTunes tends to be from the bigger labels. Suppose I wanted to buy music from Pakistan/Ukraine/China/Brazil/Chad. What's the best way to identify which labels or online stories are authorized to sell them? Perhaps all I need is a list of the best known online music stores for each region (Yesasia.com, etc)."

New submitter NewYork writes with this chestnut from an article about the role of age in the high-tech workplace: 'The shelf life of a software engineer today is no more than that of a cricketer — about 15 years,' says V R Ferose, MD of German software major SAP's India R&D Labs that has over 4,500 employees . 'The 20-year-old guys provide me more value than the 35-year-olds do.'" The article features similar sentiments from Mukund Mohan, CEO of Microsoft's India-based startup initiative.

benrothke writes "Advanced persistent threat (APT) is one of the most common information security terms used today and it is an undeniably real and dangerous menace. Wikipedia notes that APT's usually refer to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information, but applies equally to other threats such as that of traditional espionage or attack. Every organization of size and scope is a target, and many of the world's largest firms and governments have been victims. In Reverse Deception: Organized Cyber Threat Counter-Exploitation, Dr. Max Kilger and his co-authors provide an effective counterintelligence approach in which to deal with APT. The good news is that the authors provide an effective framework. The bad news is that creating an effective defense is not an easy undertaking." Keep reading below for the rest of Ben's review. Reverse Deception: Organized Cyber Threat Counter-Exploitation author Sean Bodmer, Dr. Max Kilger , Gregory Carpenter , Jade Jones pages 464 publisher McGraw-Hill Osborne Media rating 9/10 reviewer Ben Rothke ISBN 978-0071772495 summary Excellent reference in which to deal with advanced persistent threats When it comes to APT, the de facto perpetrator is China. The book shows how to pursue and hopefully prosecute the perpetrator. But that begs the questions, how many firms can realistically defend themselves against an adversary like China, RBN or nation state?

In the introduction, the authors note that deception is about behavior, both induced in the adversary and undertaken by the deceiver to exploit it. To deceive, the authors write, it is not sufficient to induce belief in the adversary; it is necessary also to prepare and execute the exploitation of resultant behavior. Once again, preparation and execution against a nation state is not a small endeavor.

Chapter 1 (available free here) sets the stage for the rest of the book and provides an overview of the topic and some examples of advanced and persistent threats, including Stuxnet, Operation Aurora, the RBN and more.

Being the biggest of all APT, China takes center stage in chapter 2 – What is Deception? That is nothing new as China has successful used deception for the last 2,000 years. China is referenced heavily in the book due to their extreme confidence and success in executing deception.

Chapter 3 – Cyber Counterintelligence(CI) details how to use CI to find the cyber-adversaries. The chapter provides both the basic investigative and operational techniques and tools, in addition to detailing how to use legal counsel to ensure that what you are doing is legal.

Chapter 5 gets into much more of the details around the legal issues, and what you can and can't do to your adversary. The chapter provides an excellent overview of how to quantify which persistent threats are the most dangerous. It provides nine areas to rank, in order to use as a metric to weight each and every threat.

By the time the reader gets to chapter 4 on profiling, they will likely be overwhelmed by the amount of work necessary to implement an effective cyber CI program, which is indeed the case. The amount of time to develop an APT program is for the most part unfeasible for most organizations. While the book does not get into the budgetary issues; CIO's, CISO's and other IT managers will likely have a difficult time getting any sort of budget to fund an APT program.

Part of the issue is that many firms don't have an effective IPS in place to they won't even know they are being attacked. In the majority of cases, the APT intrusion is not even discovered by the firm, rather an outside entity who notifies them. What is worse is the fact that in many cases, APT malware has been on the victim network often for years undetected.

In addition, in the same way in which people who are scammed once are often repeatedly scammed again; companies that are victims of an APT will often be repeat victims since the perpetrators may share that information with others.

A few of the authors have military and law enforcement background, which adds to their expertise and insights.

The book is meant to be used to pursue and prosecute the perpetrators of APT. With the exception of the military and a few Fortune 50 companies, the odds of effectively prosecuting APT perpetrators is quite small. Notwithstanding that difficulty, organizations misunderstand that they are under attack, and at least have some plan to assess their vulnerabilities.

This book is mainly an introduction to the topic, but does not provide a comprehensive strategy on how to implement an APT program. Such a reference would need to be at least a few times larger than this work.

There is a web site for the book, but it does not really do more than redirect you to Amazon and Barnes and Noble. Matthijs Koot has a detailed review of the book where he took the time to detail the hyperlinks to source the books web page should have had.

Reverse Deception: Organized Cyber Threat Counter-Exploitation may be overkill for most organization, but is nonetheless a necessary read to truly understand the danger.

For anyone looking to understand what APT's are and how to deal with them, the book provides a comprehensive and unparalleled overview of the topic by experts in the field.

If nothing else, the book provides the reader with an appreciation for how dedicated the perpetrators behind APT are. They are smart, sophisticated, have governments and military agencies on their side and they are numerous. One of the many challenges of dealing with the Chinese APT is that China can easily throw tens of thousands of highly-trained and sophisticated attackers at a target in the US, while the target may only be able to muster a few people to provide a cyber-defense.

One of the most important things to take from the book is the third word in the title – organized. Those carrying out APT are highly organized, prepared and meticulous. They often do things in a slow methodical manner to avoid detection. The book provides a detailed methodology to deal with such adversaries.

The downside is that the victim companies themselves lack that organization. Defending against APT requires much more than simply reading this invaluable text. It requires management support, budget, effective tools and a highly trained staff to correctly use those tools. The great advice in the book won't be of assistance if the team deployed does not know how to correctly use them.

While you will likely be outnumbered and outgunned when it comes to APT defense, Reverse Deception: Organized Cyber Threat Counter-Exploitation is a fascinating reference that ensures you won't go down without a fight.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Reverse Deception: Organized Cyber Threat Counter-Exploitation from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

drinkypoo writes "We've been following the story that Apple was ordered by a UK court to post an apology to Samsung both in newspapers and on Apple's UK website. After originally posting a non-apology and then hiding a real one, Apple finally complied. Now, PJ over at Groklaw reports on the ruling from the UK court itself, which condemns Apple's conduct in this matter. 'Since Apple did not comply with the order in its estimation, adding materials that were not ordered and in addition were "false," the judges ordered Apple to pay Samsung's lawyers' fees on an indemnity basis, and they add some public humiliation.' The judge wrote, 'Finally I should mention the time for compliance. Mr Beloff, on instructions (presumably given with the authority of Apple) told us that "for technical reasons" Apple needed fourteen days to comply. I found that very disturbing: that it was beyond the technical abilities of Apple to make the minor changes required to own website in less time beggared belief. ... I hope that the lack of integrity involved in this incident is entirely atypical of Apple.'"

First time accepted submitter Hatfield56 writes "I've been in IT since the mid-1980s, mainly working for financial institutions. After 16 years at a company, as a programmer (Java, C#, PL/SQL, some Unix scripting) and technical lead, my job was outsourced. That was in 2009 when the job market was basically dead. After many false starts, here I am 3 years later wondering what to do. I'm sure if I were 40 I'd be working already but over 60 you might as well be dead. SO, I'm wondering about A+. Does anyone think that this will make me more employable? Or should I being a greeter at Walmart?"

redletterdave writes "Even though Apple's App Store has also been friendly enough to offer alternative mapping applications to ameliorate customers upset with Apple's new default Maps app, the Cupertino, Calif.-based company may not be so friendly as to approve a Maps app submission from Google, which used to be responsible for the Maps experience in iOS until the iPhone 5. On Monday, sources at Google familiar with its mapping plans said the chances of Apple approving a dedicated Google Maps app on iOS 6 are 'not optimistic.' Specifically, they pointed to the lack of any mapping app in the 'Find maps for your iPhone' section of the App Store — accessible only via iPhones or iPads — that use the Google Maps APIs to call wirelessly for location, routing or point-of-interest (POI) data."

First time accepted submitter damagedbits writes "So it turns out that Me.ga is only part of Kim Dotcom's resolution for 2013. Even though he's still facing extradition to the U.S. for alleged piracy, Dotcom has plans to resurrect Pacific Fibre's failed project to construct a fiber optic cable across the Pacific to the U.S. The new line will bring free high-speed broadband to New Zealanders and double the nation's Internet bandwidth, setting Dotcom back about $400m." Some of that funding is based on optimism: "Dotcom plans on getting the majority of his funds by suing Hollywood studios and the US government for their 'unlawful and political destruction of [Megaupload].'"

Mr. Jaggers writes "Chris Roberts, game designer of Wing Commander fame, has had great success with his new crowd-funded Star Citizen project — so much that the $2m base goal has been smashed with weeks to go on the Kickstarter portion of the campaign. Now Chris is floating a list of stretch goals for fans to vote on, with Linux and Mac support both listed as stretch goal candidates. Since Star Citizen is based on the popular CryENGINE 3 game engine, these stretch goals are equivalent to funding Linux and Mac ports of CryENGINE. Chris couldn't make any absolute promises yet, since he doesn't own the engine, but CryENGINE 3 already supports Android, so at least there is existing OpenGL ES support to be leveraged towards adding Linux and Mac OpenGL support. If there is enough outpouring of cross-platform support from fans in this poll, Star Citizen could turn out to be the high-profile game that brings a AAA game engine to the growing Mac and Linux gaming communities — analogous to the role played by Wasteland 2 in bringing official Linux support to the Unity 4 engine popular among so many Indie developers."

danspalding writes "I'm an adult education teacher in SF who wrote an e-book about how to teach adults. It will be available to download for free in January 2013. I Kickstarted enough money for editing, design and publicity, but not enough to pay me anything up front. I'm considering making a $1, $10 and $25 version available from Amazon as a way for folks to donate money to me, as well as a straight up PayPal link on my site. Is it possible to produce quality material for teachers to download for free in a way that's economically sustainable? Might readers accidentally pay for a copy without realizing there's a free download and get angry? And where should I host the free-to-download version?"

redletterdave writes "In the biggest surprise since the original iPhone, Apple has decided to live stream its product announcement for the very first time on Tuesday. This means that the company's media announcement from the California Theatre in San Jose, which will begin at exactly 10 a.m. PST (1 p.m. EST), will be available to watch on computers, laptops and mobile devices for the very first time, all in real-time. Apple will be live streaming today's event directly on the company's website. Apple says all Mac and iOS devices will be able to live stream the event, including computers, laptops, iPhones, iPads and Apple TVs." Update: 10/23 18:45 GMT by S : The iPad Mini was announced, as expected. It has a 7.9" screen at 1024x768, it's 7.2mm thick, and it runs on an A5 chip. Pricing is as follows for the Wi-Fi only version: 16GB for $329, 32GB for $429, 64GB for $529. For LTE-capable versions, add $130. Apple also updated the larger iPad, as well as its Mac Mini, iMac, and MacBook Pro lines.

New submitter cellurl writes "I run wikispeedia, a database of speed limit signs. People approach us to mirror our data, but I am quite certain it will become a one-way street. So my question is: How can I give consumers peace of mind in using our data and not give up the ship? We want to be the clearing house for this information, at the same time following our charter of providing safety. Some thoughts that come to mind are creating a 'Service Level Agreement' which they will no doubt reject, or MySQL-clustering, or rsync. Any thoughts, (technically, logistically, legally) appreciated."

New submitter ShadoCat points out this interesting project to restore the set of Star Trek: The Next Generation, writing: "This isn't the original set unfortunately (which was destroyed making the ST:Generations movie). This is one that Paramount created for display in 1991. Huston Huddleston saved the pieces of the set late 2011 when they were about to be trashed by Paramount. Huddleston and crew will be refitting the set with working displays and controls. They plan to host parties and educational events in the set which, apparently, is big enough to hold a large number of students. For safety though, I hope they add circuit breakers (a technology along with seat belts that seems to have been lost in the 24th century)."

The Bad Astronomer writes "Astronomers have announced that the nearest star system in the sky — Alpha Centauri — has an Earth-sized planet orbiting one of its stars. Alpha Cen is technically a three-star system: a binary composed of two stars very much like the Sun, orbited by a third, a red dwarf, much farther out. Using the Doppler technique (looking for very small changes in the velocities of the stars) astronomers detected a planet orbiting the smaller of the two stars in the binary, Alpha Centauri B. The planet has a mass only 1.13 times that of the Earth, making it one of the smallest yet detected.However, it orbits the star only 6 million kilometers out, so it's far too hot to be habitable. The signal from the planet is extremely weak but solidly detected (PDF), giving astronomers even greater hope of being able to find an Earth-like planet orbiting a star in its habitable zone."

New submitter metallurge writes "Japan's third-largest wireless carrier intends to acquire Sprint, the third-largest U.S. carrier for 20.1 billion U.S. dollars, creating the third-largest global carrier. After the transaction is completed, Softbank will own 70% of the newly-created 'New Sprint,' which will maintain current Sprint CEO Dan Hesse in that role. How this will affect Deutsche Telekom/T-Mobile's attempt to merge with Sprint reseller MetroPCS is unclear."

alen writes "The FCC is now allowing cable companies to encrypt free OTA channels that they also rebroadcast over their networks. 'The days of plugging a TV into the wall and getting cable are coming to an end. After a lengthy review process, the FCC has granted cable operators permission to encrypt their most basic cable programming.' Soon the only way to receive free OTA channels via your cable company will involve renting yet another box or buying something like Boxee."

benrothke writes "When Bruce Schneier first published Applied Cryptography in 1994, it was a watershed event, given that is was one of the first comprehensive texts on the topic that existed outside of the military. In the nearly 20 years since the book came out, a lot has changed in the world of encryption and cryptography. A number of books have been written to fill that gap and Everyday Cryptography: Fundamental Principles and Applications is one of them. While the title may give the impression that this is an introductory text; that is not the case. Author Keith Martin is the director of the information security group at Royal Holloway, a division of the University of London, and the book is meant for information security professionals in addition to being used as a main reference for a principles of cryptography course. The book is also a great reference for those studying for the CISSP exam." Read below for the rest of Ben's review. Everyday Cryptography: Fundamental Principles and Applications author Keith M. Martin pages 592 publisher Oxford University Press rating 9/10 reviewer Ben Rothke ISBN 978-0199695591 summary Excellent fundamental text on essentials of cryptography While the book notes that almost no prior knowledge of mathematics is required since the book deliberately avoids the details of the mathematical techniques underpinning cryptographic mechanisms. That might be a bit of a misnomer as the book does get into the mathematics of cryptography. While the mathematics in the book is not overwhelming, they are certainly not underwhelming. For those that want a deeper look, the book includes an appendix for many of the mathematical concepts detailed in the book.

Two benefits of the book are that it stresses practical aspects of cryptography and real-world scenarios. The mathematics detailed avoids number throaty with a focus on practicability. It also shows how cryptography is used as the underlying technology behind information security, rather than simply focusing on the abstracts of the potential of cryptography.

With that, the books 13 (made up of 4 parts) chapters provide a comprehensive overview of the theory and practice around all as aspects of contemporary cryptography. Each of the chapters end with a summary, detailed lists of items for further reading, and sets of penetration questions that challenge the reader. Readers are advised to spend time on these questions as it is often easy for the reader to feel that they understand the material. The questions can quickly humble the reader and show them that it may not be the case.

Part 1 is titled Setting the Scene and provides a comprehensive introduction to the fundamental of cryptography. Chapter 1 (freely available here) details the basic principles about cryptography and provides a high-level introduction.

Chapter 2 provides a good overview of the history of cryptography. It details a number of obsolete, yet historically relevant ciphers, such as the Vigenère cipher from the 1500's, to the Playfair cipher from the mid-1800's and others. Martin provides a good overview of the cryptanalysis of the Vigenère cipher and lessons learned from it.

Chapters 4-9 comprise part 2, and provide a thorough overview of the various forms of encryption (symmetric and asymmetric) and digital signatures. This section gets into some of the deeper mathematics of cryptography. While the author states that almost no prior knowledge of mathematics is needed; those without a background will surely be confused by some of the material.

Chapter 7 closes with a good overview of the relationship between digital signatures and handwritten signatures. The author notes the importance of resisting any temptation to consider digital signatures as a direct electronic equivalent of handwritten signatures. He then provides a detailed outline of the environmental, security, practical and flexibility differences between them.

Key management is one of the most important aspects of cryptography and often the most difficult to execute on. Part of the difficulty around key management is at the user level, with key updates, passphrase management and more. Ultimately, effective key management is essential to the underlying security of the crypto system. The 2 chapters in part 3 provide a thorough synopsis of the fundamentals of key management.

Part 4 closes the book with two chapters on practical cryptographic applications. Chapter 12 details how cryptography can be used on the internet, secure payment cards, video broadcasting and more.

The book concludes with an appendix on the mathematics of cryptography, which takes a look at the basic mathematical concepts the underlie some of the material in the book.

This book is not for the fainthearted and is not an introductory text on the topic. It is meant for the advanced reader or someone taking a college level course. For such a reader serious about a significant overview of the essentials on the topic, Everyday Cryptography: Fundamental Principles and Applications is an excellent reference.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Everyday Cryptography: Fundamental Principles and Applications from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

The Bad Astronomer writes "For the first time, a planet has been found in a stellar system composed of four stars. The planet, called PH-1, orbits a binary star made of two sun-like stars in a tight orbit. That binary is itself orbited by another binary pair much farther out. Even more amazing, this planet was found by two "citizen scientists", amateurs who participated in Planet Hunters, a project which puts Kepler Observatory data online for lay people to analyze. At least two confirmed planets have been found by this project, but this is the first — ever — in a quaternary system."

mykepredko writes "C-30, Canada's version of SOPA, would grant the federal government and law enforcement agencies the power to obtain information about individuals who are online without having to apply for a warrant is dead in committee. 'I don't know whether it was because the Minister so screwed up the messaging, or whether they've had some other input saying they went too far or it just can't be salvaged,' Nathan Cullen, House Leader for the NDP, speculates."

Curseyoukhan writes "With its economy struggling, New Zealand hopes to cash in on 'The Hobbit' by turning it into actual cash. The nation is releasing special commemorative coins depicting characters from J.R.R. Tolkien's beloved book. The coin release coincides with the premiere of the first installment in Peter Jackson's film adaptation of the book. It is also part of a publicity campaign aimed to rebrand the country '100 percent Middle Earth.'"

redletterdave writes "After one Taiwanese newspaper snapped and printed a satellite photo of a top-secret military base from the new Maps application running on an iPhone 5, the defense ministry of Taiwan on Tuesday publicly requested Apple blur the sensitive images of the country's classified military installations. The top-secret radar base, located in the northern county of Hsinchu, contains a highly-advanced ultra-high-frequency long-range radar that military officials say can detect missiles launched as far away as the city of Xinjiang, which is located in northwest China. The radar system was obtained via U.S.-based defense group Raytheon in 2003, and is still being constructed with hopes to be completed by the end of this year. 'Regarding images taken by commercial satellites, legally we can do nothing about it,' said David Lo, the spokesman of Taiwan's defense ministry, in a statement to reporters. 'But we'll ask Apple to lower the resolution of satellite images of some confidential military establishments the way we've asked Google in the past.'"

redletterdave writes "At the company's media event last month, Apple introduced its fifth-generation iPod Touch and seventh-generation iPod Nano, but only mentioned an October timeframe for when it would start filling pre-orders. Without an official word, it looks like the official launch day for the new iPods is today. Apple Stores around the country are currently stocked with the new iPods and customers who pre-ordered are finally receiving email notifications that their orders have shipped, or are 'preparing to ship.' Still, it is interesting to note that Apple didn't make a special announcement or even post a press release to announce the launch of its newest media players, especially as the competition heats up before the holiday season."

redletterdave writes with an excerpt from IB Times that should be met with a bit of skepticism: "A new study released by international law firm DLA Piper Monday morning shows that among technology companies and their executives, Republican nominee Mitt Romney is the preferred presidential candidate for improving and advancing the technology industry. The study surveyed thousands of entrepreneurs, consultants, venture capitalists, CEOs, CFOs, and other C-level officers at technology companies, asking them their opinions about the 2012 presidential election and the issues facing their particular industry. The majority of respondents said Mitt Romney would be better with the technology industry, with 64 percent favoring the former governor from Massachusetts, and only 41 percent favoring the incumbent president. This is a complete turnaround from 2008 when the numbers were heavily in favor of Obama, with 60 percent of respondents saying then-Sen. Obama would be better for the sector than the Republican candidate, Sen. John McCain." There's a whole lot of number stretching going on: the results more or less indicate only a slight preference for Romney; a healthy chunk of responses were that his policies would be "neutral" and Obama's would at worst be slightly bad. Would you like six politicians, or half a dozen? One thing is universal: everyone hates SOX.

redletterdave writes "After seven long years of litigation, Google Inc. and the Association of American Publishers have reached an agreement to settle over the search giant's book-scanning project, which will allow publishers to choose whether or not they want their books, journals and publications digitized by Google and accessed via its Google Library Project. The agreement, according to the two companies, acknowledges the rights and interests of copyright holders, so U.S. publishers can choose to remove their books and journals digitized by Google for its Library Project, or choose to keep their publications available. For those that keep their works online with Google, those publishers will be able to keep a digital copy for their own use and sell their publications via the Google Play marketplace." Also reported by Reuters, as carried by the Chicago Tribune, and the BBC.

redletterdave writes "After blocking Google's Gmail service for a little more than a week, the Iranian government has decided to remove the digital barrier after a barrage of complaints, some of which came from Iran's own parliament. While the Iranian government has released no official statement as to why Google's Gmail service was blocked in the first place, several Iranian news agencies reported the ban was connected to the inflammatory anti-Islam film 'The Innocence of Muslims,' which had been uploaded to YouTube, one of Google Inc.'s many subsidiaries."

New submitter quippe writes in with some bad news for Microsoft. "Microsoft Corp will be charged for failing to comply with a 2009 ruling ordering it to offer a choice of web browsers, the European Union's antitrust chief said on Thursday, which could mean a hefty fine for the company. U.S.-based Microsoft's more than decade-long battle with the European Commission has already landed it with fines totaling more than a billion euros ($1.28 billion). The Commission, which opened an investigation into the issue in July, is now preparing formal charges against the company, EU Competition Commissioner Joaquin Almunia said."

New mareacaspica writes with this snippet from Nature: "Researchers have constructed 3D models of two different insects, in their nymph stage by scanning their fossils with a novel technique called X-ray microtomography. They obtained sections, two centimeters long, and from the sections constructed the models. Such fossils of juvenile insects are very rare during that ancient period, and the research could provide a better understanding not only of insects, but also other animals, as the technique develops." Original Paper.

The Bad Astronomer writes "Astronomers have unveiled what may be the deepest image of the Universe ever created: the Hubble Extreme Deep Field, a 2 million second exposure that reveals galaxies over 13 billion light years away. The faintest galaxies in the images are at magnitude 31, or one-ten-billionth as bright as the faintest object your naked eye can detect. Some are seen as they were when they were only 500 million years old."