Slashdot Mirror

tetrahedrassface writes "Solar maximum is supposed to be occurring, and everything from satellite communications to your toaster or radio could be affected. The only problem is that this just isn't happening, and NASA continues to revise downward the original prediction. In fact, the new forecast for Solar Cycle 24 is a lot smaller, and is now pegged at almost 40% of what was previously predicted. Recently, two scientists at the National Solar Observatory have followed the lead of a prominent Russian scientist, who almost five years ago forecast a dearth of sunspots and the subsequent cooling of Earth for the next several cycles. With Britain currently experiencing the coldest winter in over 300 years, and no new sunspots for the last week, are we heading for a Dalton Minimum, or worse still, yet another Maunder?"

theodp writes "'The web is better when it's social,' declared Google as it unveiled its OpenSocial initiative. Sounds great, right? Well, maybe not so much, unless you're keen on giving companies the capability to 'exponentially' bombard you with advertising across all of your social networking sites. On Thursday, the USPTO published Google's patent application for Propagating Promotional Information on a Social Network, which the search giant explains 'generally relates to creating and providing promotional information (e.g., advertising, public service announcements, etc.) to users of a social network (e.g., FACEBOOK, MYSPACE, ORKUT, LINKEDIN, TWITTER, etc.).' By doing so 'across multiple social networks,' Google adds, 'the impact of the other promotional information may exponentially expand to other users of a social network."

ironfrost writes "A recent ruling by China's Ministry of Industry and Information Technology (MIIT) has declared that VoIP services are illegal, except for the ones operated by state-owned telecom operators China Telecom and China Unicom. According to the article, 'the decision is expected to make Skype, UUCall and other similar services unavailable in China,' and is widely seen as a way to protect the traditional telecom operators' profits. Here's a more in-depth story in Chinese (Google Translate version)."

Hugh Pickens writes "Fox News reports that Nintendo has posted a cautionary note on its Japanese website that 'vision of children under the age of six has been said [to be in the] developmental stage,' adding that 3D content 'delivers 3D images with different left and right images, [which] has a potential impact on the growth of children's eyes.' The notice went to say that Nintendo recommends that all viewers take regular breaks while watching 3D video or playing stereoscopic 3D games (google translation). Dr. Michael Ehrenhaus, an ophthalmologist with New York Cornea Consultants, thinks Nintendo and Sony may be getting ahead of themselves with these disclaimers. 'It's hard to say that it'll ruin development,' says Ehrenhaus."

Modern Perl writes "Larry Wall, the creator of Perl, reflects on Perl's history of hacking its culture, from subverting the reductionist culture of Unix to reinventing the ideas of programming language and culture in Perl 6 and the verbal aikido used to encourage honest detractors to become valuable contributors. Perl turned 23 years old last week, and Perl 6 is available."

TuringTest writes "A commission of the Spanish Congress has rejected a law that allowed the closure of web sites that provide unauthorized downloads. The government couldn't reach enough support from its allies, not because they opposed the law in principle, but because of the way it was redacted and the lack of negotiation. Recently the Spanish Senate rejected a law on net neutrality. Also the Wikileaks cables disclosed pressure from the USA on the Spanish government to pass a law to reduce Internet sharing of music and media, which is legal in Spain."

h00manist writes "Google is donating Windowbuilder Pro and Codepro Profiler to the Eclipse project. 'Google acquired the software when it bought Instantiations, relaunching the Java graphical user interface building tool Windowbuilder Pro shortly after. Now the outfit has decided to donate both Windowbuilder Pro and the code analysis tool Codepro to the open source Eclipse project. Although Google has announced its intention to donate the software, it needs go through a rigorous filtering process to ensure that no intellectual property rights will be breached. Once those formalities are dealt with, it is likely that both Windowbuilder Pro and Codepro will tip up in the Indigo release of Eclipse sometime in June 2011.'"

An anonymous reader writes "The US Postal Service may face insolvency by 2011 (it lost $8.5 billion last year). An op-ed piece in yesterday's New York Times proposes an interesting business idea for the Postal Service: use postal trucks as a giant fleet of mobile sensor platforms. [Registration-required link; this no-reg summary encapsulates the idea, as does this paper by the same author.] (Think Google Streetview on steroids.) The trucks could be outfitted with a variety of sensors (security, environmental, RF ...) and paid for by businesses. The article's author addresses some of the obvious privacy concerns that arise."

entotre writes "A new feature has been added to the advanced Google search: reading level. From the blog post: 'The feature lets you filter or annotate the search results by reading level. The reading levels include basic, intermediate and advanced. You can either have Google label or annotate the results with those labels, only show basic results, only show intermediate results or only show advanced results.' At the time of writing, Slashdot is 1 % advanced, 64 % intermediate and 34 % basic."

Psychophrenes writes "A new episode in French internet legislation — French ministers have passed a bill (original in French) allowing the government to add any website to a black list, which access providers will have to enforce. This black list will be defined by the government only, without requiring the intervention of the legal system. Although originally intended against pedo-pornographic websites, this bill is already outdated, as was Hadopi in its time, and instead paves the way for a global censorship of the 'French internet.'"

theodp writes "The White House Thursday announced plans to restructure IT by consolidating federal government data centers and applications, and adopting a so-called 'cloud first' policy. Unveiled by federal CIO Vivek Kundra, the 25-Point Plan (PDF) calls for cutting 800+ data centers by 2015, as well as shifting work to cloud computing systems. The new 'Cloud First' policy cites the ability of Animoto.com to scale vs. the government's short-lived Cars.gov (Cash for Clunkers), although Google Trends suggests this may be somewhat of an apple-to-oranges comparison for justifying a national IT strategy. As long as we're talking clouds, a tag cloud of the 25-Point Plan underscores that the Feds are counting more on IT Program and Contract Management rather than Computer Science wizardry to deliver 'the productivity improvements that private industry has realized from IT.' Not to be a buzzkill, but those of you celebrating CS Education Week might be advised to consider an MBA if you want a Federal IT career."

adeelarshad82 writes "Google has unveiled a beta version of its Chrome OS notebook, dubbed CR48. The device will have a 12.1-inch screen and full-size keyboard, as well as an oversized, clickable touchpad. It will also include world-mode 3G and 802.11 dual-band Wi-Fi. Google promised eight hours of active use and eight days of standby, as well as a webcam.Those hoping to get their hands on a Chrome OS device, however, will either have to wait until mid-2011 or obtain one through one of several Google-backed giveaway options. Google plans to release two, Intel-based Chrome OS notebooks from Acer and Samsung in mid-2011, with Verizon Wireless providing cellular connectivity which comes with 100MB of free data per month for the first two years. According to Sundar Pichai, Google's vice president of product management, CR48 is not and will not be for sale. All Chrome OS devices will be launched and priced by their partners, who will hold their own launch events in the future with more details."

angrytuna writes "The New York Times is running an article this morning about the launch of the Google ebook store. Independent bookstores such as Powell's, based in Portland, OR, have partnered with Google in this, selling the format directly in addition to their other ebook offerings. The ebooks appear to rely on Adobe Digital Editions for DRM; instructions are provided to transfer from the 'cloud' to a handheld device. iOS and Android have a dedicated app for accessing the store, and will download for offline immediately; other clients like the Nook and Sony eReader seem to be relying on the ADE platform to manage the transfer for offline reading." NPR tried it out on a few different devices and posted their experience.

formfeed writes "According to the AP (through Google News), WikiLeaks isn't just sitting on the recent material so they can release it bit by bit to the press, as many people implied. On the contrary, it's quite the other way around: 'only after considering advice from five news organizations with which it chose to share all of the material' are they releasing it themselves. These newspapers 'have been advising WikiLeaks on which documents to release publicly and what redactions to make to those documents.' AP questions whether WikiLeaks will follow these redactions, but nevertheless seems quite impressed by this 'extraordinary collaboration between some of the world's most respected media outlets and the WikiLeaks organization.'" I wonder if some of the anti-WikiLeaks fervor evident among US lawmakers will also be brought to bear against the AP and other mainstream media sources. Update: 12/05 17:42 GMT by T : Yes, that's WikiLeaks, rather than (as originally rendered) WikiPedia. HT to reader Mike Hearn.

An anonymous reader writes "Last month, e-commerce marketplace Amazon.com launched a relatively unnoticed new feature that brings content from Wikipedia pages to its own servers in a shadowy new project that appears to be called 'Shopping Enabled Wikipedia Pages.' Hosted on the Amazon.com domain, they replicate Wikipedia's content but have added links to where a book can be purchased on Amazon. Amazon representative Anya Waring told CNET when asked via e-mail, 'As of November, we have rolled out in the books category, however [it] will be expanding to new categories in 2011.' If Average Joe scrapes Wikipedia and adds affiliate links to it, Google will remove and punish the domains with duplicate pages."

strawberryshakes writes "Cyberwar is the new nuclear war. Bruce Schneier says governments should establish hotlines and treaties outlining the protocol surrounding cyberwar, just as they would for any other war. He wrote in the Financial Times (paywalled, but available through Google), 'A first step would be a hotline between the world’s cyber commands, modelled after similar hotlines among nuclear commands. This would at least allow governments to talk to each other, rather than guess where an attack came from. More difficult, but more important, are new cyberwar treaties. These could stipulate a no first use policy, outlaw unaimed weapons, or mandate weapons that self-destruct at the end of hostilities. The Geneva Conventions need to be updated too. Cyber weapons beg to be used, so limits on stockpiles, and restrictions on tactics, are a logical end point. International banking, for instance, could be declared off-limits. Whatever the specifics, such agreements are badly needed.'"

hackingbear writes "Countering accusations that China's high-speed rail technologies are knockoffs, the head of China's Intellectual Property Administration in a conference said (paraphrasing): "We bought technologies from German, Japan, France, and Canada. We paid up. It is perfectly legal. We then innovate on top of them like most other inventions in the world. Why is that pirating?' (Link is to a Google translation; here is the original.) He cited China's ability, the world's first, to build high-speed rail in a high mountain area as an example of additional innovation."

J-Georg writes "Raul Eamets, professor of macroeconomics at the University of Tartu, proposed today during his TEDx talk that Estonia should stop using cash at all when adopting the Euro as the national currency (Estonian original). He also pointed out that abandoning cash would not be only important for the Estonian economy as a whole but also is a real challenge for both IT and banking sectors and would also improve Estonia's image as an IT-tiger."

Glyn Moody writes "That's what Nikolai Pryanishnikov, president of Microsoft Russia, seems to think. Quoted in the context of continuing questions about Russia's plans to create its own national operating system based on GNU/Linux, Pryanishnikov said [via Google Translate]: 'We must bear in mind that Linux is not a Russian OS and, moreover, is at the end of its life cycle.' An off-the-cuff comment, or something more?"

brothke writes "Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is arguably the best information security book ever written. Anderson's premise is that security technology needs to take a structured engineering approach to systems design, with detailed requirements and specification from start-up to development and implementation; just as those designing buildings and bridges do. Without a deeply embedded structured approach to security systems design, Anderson argued that we find ourselves in the situation we are in today, with applications and operating systems full of bugs, vulnerabilities and other serious security flaws. As good as Security Engineering is, it was not written to be a detailed information security design guide. That vacuum has been filled by an incredibly important and valuable new bookSecurity Strategy: From Requirements to Reality." Read on for the rest of Ben's review. Security Strategy: From Requirements to Reality author Bill Stackpole and Eric Oksendahl pages 346 publisher Auerbach Publications rating 10/10 reviewer Ben Rothke ISBN 1439827338 summary One of the best information security books of the last few years Security Strategy is one of the first books that shows how to perform a comprehensive information security assessment and design, from section, development and deployment of a security strategy best suited to a specific organization.

The books main focus is on the planning, requirements and execution need to ensure formal and comprehensive information security elements are built into systems, applications and processes.

Authors Bill Stackpole and Eric Oksendahl each have over 25 years in the industry and the book reflects their vast expertise. Oksendahl spent time at Boeing, one of the most security aware organizations, with Stackpole spending a decade at Microsoft. While Microsoft is chided for creating more insecurity than security, it is worth noting that no organization in the world has spent more on training its staff and developers on security than Microsoft.

The books 300 densely written pages are composed of 14 chapters divided into 2 sections. Section one (chapters 1-6) is about strategy, with section two (chapters 7-14) around tactics.

Complete with checklists of the physical security requirements that organizations should consider when evaluating or designing facilities, the book provides the insight needed to enable an organization to achieve the operational efficiencies, cost reductions, and brand enhancements that are possible when an effective security strategy is put into action.

Chapters 1-3 take a high-level overview on how to approach strategy, with its many details. The authors note that strategy is a long-term plan of action designed to achieve a goal that includes what work will be done and by whom. This is not a trivial task, as many organizations simply roll-out a new technology, without defining what its goals are, and who exactly will manage and support this new technology.

Chapter 4 is where the hard work begins, as this chapter details the issues around strategic planning. Noting that strategic security planning is hard work and takes time; many organizations attempt to take an assumed easier path, that of bypassing security details and specifications. That is precisely why information security is in such a sorry state in many firms. These firms would rather buy a security appliance and place it in their data center and hope it works; rather than defining the details and specifications of what the appropriate appliance is in the first place.

Part 2 commences on the topic of tactics, and defines them as procedures or sets of actions used to achieve a specific objective. What this chapter does well, as does the entire book, is that it compels the reader to focus on specifics and objectives.

Chapter 9 gets into the importance of observation, in knowing what is going on within the network. The book notes that observation is both a deterrent and a detector. The chapter goes into detail about how observation works both in the physical world and its corollary use in the network side. The chapter breaks down the various functions needed to ensure that observation is done correctly; as opposed to the common method of simply rolling out an IDS and hoping that it somehow works.

Chapter 11 details the SDL (security development lifecycle). As the chapter notes, an effective SDL can improve application security via the use of a set of development practices designed to reduce or eliminate exploitable vulnerabilities. The issue though is that far too few organizations realize the need for a SDL, let alone take the time to design and deploy it.

Chapter 14 ends on the topic of security awareness training. While the notion of security awareness for many firms is an annual 10-slide PowerPoint; the authors take a pragmatic approach and detail the various parts of what makes for an effective awareness program.

Security Strategy: From Requirements to Reality is an incredibly valuable book that advances the state of information security. For organizations that are looking to get serious about information security, and those that want to go from good to great, the book is an invaluable guide that lays the groundwork on how to develop a first-rate information security infrastructure.

Taking a look at its table of contents shows the many fine points in which the book goes into each particular point, showing how it can be properly designed and deployed for effective security controls.

My only peeve with the book is that it lacked a CD-ROM or web site in which to download the many tables and matrices the book is built on. It is hoped that future editions will have them available.

Security Strategy: From Requirements to Reality is one of the best information security books of the last few years. Those who are serious about information security will ensure this is on their reading list, and that of everyone in their organization tasked with information security.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Security Strategy: From Requirements to Reality from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is arguably the best information security book ever written. Anderson's premise is that security technology needs to take a structured engineering approach to systems design, with detailed requirements and specification from start-up to development and implementation; just as those designing buildings and bridges do. Without a deeply embedded structured approach to security systems design, Anderson argued that we find ourselves in the situation we are in today, with applications and operating systems full of bugs, vulnerabilities and other serious security flaws. As good as Security Engineering is, it was not written to be a detailed information security design guide. That vacuum has been filled by an incredibly important and valuable new bookSecurity Strategy: From Requirements to Reality." Read on for the rest of Ben's review. Security Strategy: From Requirements to Reality author Bill Stackpole and Eric Oksendahl pages 346 publisher Auerbach Publications rating 10/10 reviewer Ben Rothke ISBN 1439827338 summary One of the best information security books of the last few years Security Strategy is one of the first books that shows how to perform a comprehensive information security assessment and design, from section, development and deployment of a security strategy best suited to a specific organization.

The books main focus is on the planning, requirements and execution need to ensure formal and comprehensive information security elements are built into systems, applications and processes.

Authors Bill Stackpole and Eric Oksendahl each have over 25 years in the industry and the book reflects their vast expertise. Oksendahl spent time at Boeing, one of the most security aware organizations, with Stackpole spending a decade at Microsoft. While Microsoft is chided for creating more insecurity than security, it is worth noting that no organization in the world has spent more on training its staff and developers on security than Microsoft.

The books 300 densely written pages are composed of 14 chapters divided into 2 sections. Section one (chapters 1-6) is about strategy, with section two (chapters 7-14) around tactics.

Complete with checklists of the physical security requirements that organizations should consider when evaluating or designing facilities, the book provides the insight needed to enable an organization to achieve the operational efficiencies, cost reductions, and brand enhancements that are possible when an effective security strategy is put into action.

Chapters 1-3 take a high-level overview on how to approach strategy, with its many details. The authors note that strategy is a long-term plan of action designed to achieve a goal that includes what work will be done and by whom. This is not a trivial task, as many organizations simply roll-out a new technology, without defining what its goals are, and who exactly will manage and support this new technology.

Chapter 4 is where the hard work begins, as this chapter details the issues around strategic planning. Noting that strategic security planning is hard work and takes time; many organizations attempt to take an assumed easier path, that of bypassing security details and specifications. That is precisely why information security is in such a sorry state in many firms. These firms would rather buy a security appliance and place it in their data center and hope it works; rather than defining the details and specifications of what the appropriate appliance is in the first place.

Part 2 commences on the topic of tactics, and defines them as procedures or sets of actions used to achieve a specific objective. What this chapter does well, as does the entire book, is that it compels the reader to focus on specifics and objectives.

Chapter 9 gets into the importance of observation, in knowing what is going on within the network. The book notes that observation is both a deterrent and a detector. The chapter goes into detail about how observation works both in the physical world and its corollary use in the network side. The chapter breaks down the various functions needed to ensure that observation is done correctly; as opposed to the common method of simply rolling out an IDS and hoping that it somehow works.

Chapter 11 details the SDL (security development lifecycle). As the chapter notes, an effective SDL can improve application security via the use of a set of development practices designed to reduce or eliminate exploitable vulnerabilities. The issue though is that far too few organizations realize the need for a SDL, let alone take the time to design and deploy it.

Chapter 14 ends on the topic of security awareness training. While the notion of security awareness for many firms is an annual 10-slide PowerPoint; the authors take a pragmatic approach and detail the various parts of what makes for an effective awareness program.

Security Strategy: From Requirements to Reality is an incredibly valuable book that advances the state of information security. For organizations that are looking to get serious about information security, and those that want to go from good to great, the book is an invaluable guide that lays the groundwork on how to develop a first-rate information security infrastructure.

Taking a look at its table of contents shows the many fine points in which the book goes into each particular point, showing how it can be properly designed and deployed for effective security controls.

My only peeve with the book is that it lacked a CD-ROM or web site in which to download the many tables and matrices the book is built on. It is hoped that future editions will have them available.

Security Strategy: From Requirements to Reality is one of the best information security books of the last few years. Those who are serious about information security will ensure this is on their reading list, and that of everyone in their organization tasked with information security.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Security Strategy: From Requirements to Reality from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is arguably the best information security book ever written. Anderson's premise is that security technology needs to take a structured engineering approach to systems design, with detailed requirements and specification from start-up to development and implementation; just as those designing buildings and bridges do. Without a deeply embedded structured approach to security systems design, Anderson argued that we find ourselves in the situation we are in today, with applications and operating systems full of bugs, vulnerabilities and other serious security flaws. As good as Security Engineering is, it was not written to be a detailed information security design guide. That vacuum has been filled by an incredibly important and valuable new bookSecurity Strategy: From Requirements to Reality." Read on for the rest of Ben's review. Security Strategy: From Requirements to Reality author Bill Stackpole and Eric Oksendahl pages 346 publisher Auerbach Publications rating 10/10 reviewer Ben Rothke ISBN 1439827338 summary One of the best information security books of the last few years Security Strategy is one of the first books that shows how to perform a comprehensive information security assessment and design, from section, development and deployment of a security strategy best suited to a specific organization.

The books main focus is on the planning, requirements and execution need to ensure formal and comprehensive information security elements are built into systems, applications and processes.

Authors Bill Stackpole and Eric Oksendahl each have over 25 years in the industry and the book reflects their vast expertise. Oksendahl spent time at Boeing, one of the most security aware organizations, with Stackpole spending a decade at Microsoft. While Microsoft is chided for creating more insecurity than security, it is worth noting that no organization in the world has spent more on training its staff and developers on security than Microsoft.

The books 300 densely written pages are composed of 14 chapters divided into 2 sections. Section one (chapters 1-6) is about strategy, with section two (chapters 7-14) around tactics.

Complete with checklists of the physical security requirements that organizations should consider when evaluating or designing facilities, the book provides the insight needed to enable an organization to achieve the operational efficiencies, cost reductions, and brand enhancements that are possible when an effective security strategy is put into action.

Chapters 1-3 take a high-level overview on how to approach strategy, with its many details. The authors note that strategy is a long-term plan of action designed to achieve a goal that includes what work will be done and by whom. This is not a trivial task, as many organizations simply roll-out a new technology, without defining what its goals are, and who exactly will manage and support this new technology.

Chapter 4 is where the hard work begins, as this chapter details the issues around strategic planning. Noting that strategic security planning is hard work and takes time; many organizations attempt to take an assumed easier path, that of bypassing security details and specifications. That is precisely why information security is in such a sorry state in many firms. These firms would rather buy a security appliance and place it in their data center and hope it works; rather than defining the details and specifications of what the appropriate appliance is in the first place.

Part 2 commences on the topic of tactics, and defines them as procedures or sets of actions used to achieve a specific objective. What this chapter does well, as does the entire book, is that it compels the reader to focus on specifics and objectives.

Chapter 9 gets into the importance of observation, in knowing what is going on within the network. The book notes that observation is both a deterrent and a detector. The chapter goes into detail about how observation works both in the physical world and its corollary use in the network side. The chapter breaks down the various functions needed to ensure that observation is done correctly; as opposed to the common method of simply rolling out an IDS and hoping that it somehow works.

Chapter 11 details the SDL (security development lifecycle). As the chapter notes, an effective SDL can improve application security via the use of a set of development practices designed to reduce or eliminate exploitable vulnerabilities. The issue though is that far too few organizations realize the need for a SDL, let alone take the time to design and deploy it.

Chapter 14 ends on the topic of security awareness training. While the notion of security awareness for many firms is an annual 10-slide PowerPoint; the authors take a pragmatic approach and detail the various parts of what makes for an effective awareness program.

Security Strategy: From Requirements to Reality is an incredibly valuable book that advances the state of information security. For organizations that are looking to get serious about information security, and those that want to go from good to great, the book is an invaluable guide that lays the groundwork on how to develop a first-rate information security infrastructure.

Taking a look at its table of contents shows the many fine points in which the book goes into each particular point, showing how it can be properly designed and deployed for effective security controls.

My only peeve with the book is that it lacked a CD-ROM or web site in which to download the many tables and matrices the book is built on. It is hoped that future editions will have them available.

Security Strategy: From Requirements to Reality is one of the best information security books of the last few years. Those who are serious about information security will ensure this is on their reading list, and that of everyone in their organization tasked with information security.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Security Strategy: From Requirements to Reality from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is arguably the best information security book ever written. Anderson's premise is that security technology needs to take a structured engineering approach to systems design, with detailed requirements and specification from start-up to development and implementation; just as those designing buildings and bridges do. Without a deeply embedded structured approach to security systems design, Anderson argued that we find ourselves in the situation we are in today, with applications and operating systems full of bugs, vulnerabilities and other serious security flaws. As good as Security Engineering is, it was not written to be a detailed information security design guide. That vacuum has been filled by an incredibly important and valuable new bookSecurity Strategy: From Requirements to Reality." Read on for the rest of Ben's review. Security Strategy: From Requirements to Reality author Bill Stackpole and Eric Oksendahl pages 346 publisher Auerbach Publications rating 10/10 reviewer Ben Rothke ISBN 1439827338 summary One of the best information security books of the last few years Security Strategy is one of the first books that shows how to perform a comprehensive information security assessment and design, from section, development and deployment of a security strategy best suited to a specific organization.

The books main focus is on the planning, requirements and execution need to ensure formal and comprehensive information security elements are built into systems, applications and processes.

Authors Bill Stackpole and Eric Oksendahl each have over 25 years in the industry and the book reflects their vast expertise. Oksendahl spent time at Boeing, one of the most security aware organizations, with Stackpole spending a decade at Microsoft. While Microsoft is chided for creating more insecurity than security, it is worth noting that no organization in the world has spent more on training its staff and developers on security than Microsoft.

The books 300 densely written pages are composed of 14 chapters divided into 2 sections. Section one (chapters 1-6) is about strategy, with section two (chapters 7-14) around tactics.

Complete with checklists of the physical security requirements that organizations should consider when evaluating or designing facilities, the book provides the insight needed to enable an organization to achieve the operational efficiencies, cost reductions, and brand enhancements that are possible when an effective security strategy is put into action.

Chapters 1-3 take a high-level overview on how to approach strategy, with its many details. The authors note that strategy is a long-term plan of action designed to achieve a goal that includes what work will be done and by whom. This is not a trivial task, as many organizations simply roll-out a new technology, without defining what its goals are, and who exactly will manage and support this new technology.

Chapter 4 is where the hard work begins, as this chapter details the issues around strategic planning. Noting that strategic security planning is hard work and takes time; many organizations attempt to take an assumed easier path, that of bypassing security details and specifications. That is precisely why information security is in such a sorry state in many firms. These firms would rather buy a security appliance and place it in their data center and hope it works; rather than defining the details and specifications of what the appropriate appliance is in the first place.

Part 2 commences on the topic of tactics, and defines them as procedures or sets of actions used to achieve a specific objective. What this chapter does well, as does the entire book, is that it compels the reader to focus on specifics and objectives.

Chapter 9 gets into the importance of observation, in knowing what is going on within the network. The book notes that observation is both a deterrent and a detector. The chapter goes into detail about how observation works both in the physical world and its corollary use in the network side. The chapter breaks down the various functions needed to ensure that observation is done correctly; as opposed to the common method of simply rolling out an IDS and hoping that it somehow works.

Chapter 11 details the SDL (security development lifecycle). As the chapter notes, an effective SDL can improve application security via the use of a set of development practices designed to reduce or eliminate exploitable vulnerabilities. The issue though is that far too few organizations realize the need for a SDL, let alone take the time to design and deploy it.

Chapter 14 ends on the topic of security awareness training. While the notion of security awareness for many firms is an annual 10-slide PowerPoint; the authors take a pragmatic approach and detail the various parts of what makes for an effective awareness program.

Security Strategy: From Requirements to Reality is an incredibly valuable book that advances the state of information security. For organizations that are looking to get serious about information security, and those that want to go from good to great, the book is an invaluable guide that lays the groundwork on how to develop a first-rate information security infrastructure.

Taking a look at its table of contents shows the many fine points in which the book goes into each particular point, showing how it can be properly designed and deployed for effective security controls.

My only peeve with the book is that it lacked a CD-ROM or web site in which to download the many tables and matrices the book is built on. It is hoped that future editions will have them available.

Security Strategy: From Requirements to Reality is one of the best information security books of the last few years. Those who are serious about information security will ensure this is on their reading list, and that of everyone in their organization tasked with information security.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Security Strategy: From Requirements to Reality from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

gandhi_2 sends in a brief Associated Press piece on Saudi Arabia's blocking of Facebook. "An official with Saudi Arabia's communications authority says it has blocked Facebook because the popular social networking website doesn't conform with the kingdom's conservative values. ... He says Facebook's content had 'crossed a line' with the kingdom's conservative morals, but that blocking the site is a temporary measure." Some reports indicate that at least some individual Facebook pages can be reached from inside the kingdom. There hasn't been an official announcement; the source noted above requested anonymity. Earlier this year when Pakistan and Bangladesh banned Facebook, it was over particular content — cartoons of Mohammed — and the Saudi ban may prove similar once more details emerge.

DeviceGuru writes "Roku has begun licensing its A/V media streaming set-top-box hardware and software technology to third-party device makers. Netgear, Roku's first licensee, will soon offer a Netgear-branded version of the recently size- and cost-reduced Roku XDS box through Best Buy, Fry's, and Radio Shack stores. Although Roku's licensing move follows closely on the heels Google's October rollout of the Google TV platform, the $60 to $100 Roku XD player design's low-cost, low-power, compact design, and sheer ease-of-use make it a compelling alternative to Google TV, assuming Google's platform results in prices like Logitech's $300 Revue. As a small example, the Roku player most likely uses an inexpensive, power-stingy MIPS-based NXP processor in contrast to the Revue's more power-thirsty, expensive, and spacious Atom processor."

Garabito writes "An error on Google Maps has caused an international conflict in Central America. A Nicaraguan military commander, relying on Google Maps, moved troops into an area near San Juan Lake along the border between his country and Costa Rica (Google translation of Spanish original). The troops are accused of setting up camp there, taking down a Costa Rican flag and raising the Nicaraguan flag, doing work to clean up a nearby river, and dumping the sediment in Costa Rican territory."

Caerdwyn writes "Cotendo, which is a content distribution network, has taken to altering HTML as it passes through their CDN to optimize web pages for faster rendering. This is essentially a repackaging of the Apache mod mod_pagespeed (from Google), with the critical difference being that the rewriting of HTML occurs inline rather than at the web server. We all know that well-written HTML can result in much better rendering of whatever your content is; the questions are 'Will this automatic rewriting cause other problems, i.e. browser quirks?' and 'Assuming that only the web pages of Cotendo's customers are altered, are there nonetheless potential legal troubles with someone rewriting HTML before delivery to a browser?'"

An anonymous reader writes "SweClockers.com has gotten it hands on a Intel Sandy Bridge motherboard running Unified Extensible Firmware Interface, the long awaited successor of age-old BIOS. Among the differences is a significantly more user-friendly interface, the ability to boot from drives larger than 2 TB and faster boot times. Check it out, on video, in Swedish." Here's an Google's translation of the article.

GillBates0 writes "Indian Environment Minister Jairam Ramesh has blamed fans of Harry Potter for the demise of wild owls in the country as children seek to emulate the boy wizard by taking the birds as pets. 'Following Harry Potter, there seems to be a strange fascination even among the urban middle classes for presenting their children with owls,' Ramesh said Wednesday, according to comments reported by the BBC."

DeviceGuru writes "Last month, we learned from Gartner that Android will probably be the number-two worldwide mobile OS this year, and may lead the pack by 2014. With Android's growing use as the OS embedded in phones, in tablets, in set-top boxes, and in LCD HDTVs, it seems like the Linux-based OS could end up dominating the entire non-PC consumer device operating system space. What do Slashdot readers think: Is resistance futile?"

Kilrah_il writes "Google's Creative Labs came out with a slideshow of interesting things on the web. In the slideshow you will find 'a lot of interesting HTML5 apps, iPhone apps, visualization tools, 3D projections, art projects, creative YouTube videos, crowdsourcing services and many other interesting things.' It's basically a collection of fascinating little projects people have made and then distributed to the internet at large. Guaranteed to ruin your productivity for today. You can view it with Google Docs."

joshuadugie writes "Slashdot carried a story a while ago that Google had purchased drones for unknown purposes. Google Maps has now added new non-satellite imagery (at UT Austin, for example) when you zoom in close enough. Mystery solved!" I'd like to think that there really are (or were) drones over Austin, but would also like to see Google's explanation for the close-up images.

uid7306m writes "The UK government is planning an austerity budget, in the wake of the financial crisis and banking bailouts. This involves a 25% overall cut in the government budget, and the indications are that it will hit UK science and university budgets strongly. In response to this, a campaign has started that has managed to get scientists out of their labs and into the streets."

Today Google provided new information about their upcoming Google TV platform for set-top boxes. Using a video and a demonstration site, they show how apps will look and function, and stressed that users wouldn't be limited in their ability to browse the web on their TV. Google also announced content partners, which include Turner Broadcasting, NBC Universal, HBO, Netflix and Amazon Video. "We have also been working with some leading technology and media companies to optimize their content for Google TV, including news sites like The New York Times and USA Today; music sites like VEVO, Pandora and Napster; information networks like Twitter; and online networks like blip.tv. And with YouTube Leanback, we can offer the best experience for you to watch your favorite viral videos and personalized channels on the television." For developers, they put up a guide to optimize websites for Google TV.

Today Google provided new information about their upcoming Google TV platform for set-top boxes. Using a video and a demonstration site, they show how apps will look and function, and stressed that users wouldn't be limited in their ability to browse the web on their TV. Google also announced content partners, which include Turner Broadcasting, NBC Universal, HBO, Netflix and Amazon Video. "We have also been working with some leading technology and media companies to optimize their content for Google TV, including news sites like The New York Times and USA Today; music sites like VEVO, Pandora and Napster; information networks like Twitter; and online networks like blip.tv. And with YouTube Leanback, we can offer the best experience for you to watch your favorite viral videos and personalized channels on the television." For developers, they put up a guide to optimize websites for Google TV.

Ponca City, We Love You writes "The BBC reports that scientists have discovered the 36-million-year-old fossil of a penguin nearly five feet tall and almost twice the weight of an Emperor Penguin, the largest living species. 'The heavier the penguin, the deeper it dives,' says Julia Clarke, a palaeontologist at the University of Texas. 'If that holds true for any penguins, then the dive depths achieved by these giant forms would've been very different.' The bird, named Inkayacu paracasensis, or water king, lived during the late Eocene period and had a long, straight beak, much longer than that of its modern relatives. But, most surprisingly, the giant penguin's feathers were brown and gray, distinct from the black 'tuxedo'" Reader SpuriousLogic notes that it's also getting easier to keep an eye on modern penguins, since Google has extended Street View to Antarctica.

An anonymous reader writes "Google has released WebP, a lossy image format based on the image encoding used by VP8 (the video codec used in Google's WebM video format) to compress keyframes. According to the FAQ, WebP achieves an average 39% more compression than JPEG and JPEG 2000 while maintaining image quality. A gallery on the WebP homepage has a selection of images which compare the original JPEG image with the WebP encoded image shown as a PNG. There's no information available yet on which browsers will support the WebP image format, but I imagine it will be all the browsers which currently have native WebM support — Firefox, Chrome, and Opera." Independent analysis of WebP is available from a few different sources.

An anonymous reader writes "Google has released WebP, a lossy image format based on the image encoding used by VP8 (the video codec used in Google's WebM video format) to compress keyframes. According to the FAQ, WebP achieves an average 39% more compression than JPEG and JPEG 2000 while maintaining image quality. A gallery on the WebP homepage has a selection of images which compare the original JPEG image with the WebP encoded image shown as a PNG. There's no information available yet on which browsers will support the WebP image format, but I imagine it will be all the browsers which currently have native WebM support — Firefox, Chrome, and Opera." Independent analysis of WebP is available from a few different sources.

An anonymous reader writes "Google has released WebP, a lossy image format based on the image encoding used by VP8 (the video codec used in Google's WebM video format) to compress keyframes. According to the FAQ, WebP achieves an average 39% more compression than JPEG and JPEG 2000 while maintaining image quality. A gallery on the WebP homepage has a selection of images which compare the original JPEG image with the WebP encoded image shown as a PNG. There's no information available yet on which browsers will support the WebP image format, but I imagine it will be all the browsers which currently have native WebM support — Firefox, Chrome, and Opera." Independent analysis of WebP is available from a few different sources.

Following on the 19 ZeuS botnet arrests in the UK, adeelarshad82 and other readers sent word that US and New York officials have unsealed more than 90 indictments of money mules and others accused of helping siphon more than $3M from 5 banks and dozens of individuals, and sending it overseas. The Manhattan US Attorney announced charges against 37 individuals and New York charged 55. Most of those indicted are foreign students who came to the US on exchange visitor visas. Most are from Russia, the Ukraine, Kazakhstan, or Belarus. Here is the FBI's lengthy press release. A security blogger has put up Facebook party photos of some of the indicted individuals who are still at large.

mask.of.sanity writes "Days after the Pentagon's #2 called for a NATO cyber-shield, the Australian government has announced it won't lift a finger to help the country's businesses to defend themselves against cyber attacks unless it presents a high risk to national security. Instead, Australia's security agencies will forge a response based on the 'pathology of the problem,' incorporating the risk the attack poses to government and the community. A senior security official said the government 'struggles to defend its own systems from the current threats,' let alone that of other industries. He went on to rubbish claims that existing military force strategies can be applied to cyber warfare, noting that the demarcation between civil attacks, such as domestic hacking, and those against nation-states, such as espionage, is blurry. Former US counter-terrorism advisor Richard Clarke said the US government has taken a similar line."

eldavojohn writes "The BBC and AFP are releasing more juicy details about the now infamous Stuxnet worm that Iranian officials have confirmed infected 30,000 industrial computers inside Iran following those exact fears. The targeted systems that the worm is designed to infect are Siemens SCADA systems. Talking heads are speculating that the worm is too complex for an individual or group, causing blame to be placed on Israel or even the United States — although the US official claims they do not know the origin of the virus. Iran claims it did not infect or place any risk to the new nuclear reactor in Bushehr, which experts are suspecting was the ultimate target of the worm."

colordev writes "Yesterday Nokia and AT&T announced a mobile software coding contest worth $10 million in prize money. The move is intended to help Symbian compete with Android and iOS. The day before this announcement, Sony Ericsson said it would not be making any new Symbian devices and is instead focusing on Android. That left Nokia pretty much alone with Symbian, and now it wants to find new coding 'friends' to keep the platform alive. Natural selection seems to be slowly eroding Symbian's future. Is this contest too late?"

eldavojohn writes "A Spanish judge has dismissed a case brought against YouTube by Spanish television station Telecinco for violating Telecinco's intellectual property. The ruling reads in part: 'YouTube is not a supplier of content and therefore has no obligation to control ex-ante the illegality of those. Its only obligation is to cooperate with the holders of the rights in order to immediately withdraw the content once the infraction is identified.' Telecinco brought the case against YouTube when it found that episodes of its television programs were turning up on YouTube prior to their official air and release date on their television channel. Things are looking up for Google's video service as YouTube was granted safe harbor from Viacom earlier this year in the United States. You can find an official response from Google on their EU Policy Blog."

An anonymous reader writes "AFP reports that WikiLeaks founder Julian Assange is free to leave Sweden, after prosecutors said there was no arrest warrant against him for an alleged case of rape. Assange said the charges against him were part of 'a clear set-up,' and that he had 'two reliable intelligence sources that state that Swedish intelligence was approached last month by the United States and told that Sweden must not be a safe haven for WikiLeaks.' The news comes just one day before the Swedish national election."

An anonymous reader writes "The Swiss canton Solothurn has put a stop to their ongoing migration to Linux. [Original, in German.] The project started in 2001, and has been under harsh public criticism ever since. The responsible CIO resigned this summer. Solothurn plans to convert all desktop computers to Windows 7 in 2011."

DesScorp writes "Recalling the famous Rosenberg nuclear spy case of the '50s, the US Justice Department has arrested a couple working at a 'leading nuclear research facility' for giving nuclear secrets to Venezuela. Pedro and Marjorie Mascheroni 'have been indicted on charges of communicating classified nuclear weapons data to a person they believed to be a Venezuelan government official and conspiring to participate in the development of an atomic weapon for Venezuela,' the department said in a statement. If convicted, the couple would receive life in prison."

tcd004 writes "Instead of using Detroit engineers or Silicon Valley bitheads, Virginia-based Edison2 relied on retired Formula 1 and Nascar engineers to build its entry for the X-prize. Relying on composite materials and titanium, the team assembled an ultra-lightweight car that provides all the comforts of a standard 4-passenger vehicle, but gets more than 100 mpg. The custom engineering goes all the way down to the car's lug nuts, which weigh less than 11 grams each. Amazingly, they expect a production version of the car should cost less than $20,000." Earlier today, in a Washington, DC ceremony, Edison2 received $5 million as the X-prize winner. Writes the AP (via Google) "Two other car makers will split $2.5 million each: Mooresville, N.C.-based Li-Ion Motors Corp., which made the Wave2, a two-seat electric car that gets 187 miles on a charge, and X-Tracer Team of Winterthur, Switzerland, whose motorcycle-like electric mini-car, the E-Tracer 7009, gets 205 miles on a charge. Both of those companies are taking orders for their cars."

An anonymous reader writes "Last week several defendants including one high-profile TV presenter were sentenced in Portugal in what has been known as the Casa Pia scandal. The judges delivered on September 3 a summary of the 2000-page verdict, which would be disclosed in full only three days later. The disclosure of the full verdict has been postponed from September 8 to a yet-to-be-announced date, allegedly because the full document was written in several MS Word files which, when merged together, retained 'computer related annotations which should not be present in any legal document.' (Google translated article.) Microsoft specialists were called in to help the judges sort out the 'text formatting glitch,' while the defendants and their lawyers eagerly wait to access the full text of the verdict."

GCPSoft writes with this quote from a Google announcement: "Google Instant is a new search enhancement that shows results as you type. We are pushing the limits of our technology and infrastructure to help you get better search results, faster. Our key technical insight was that people type slowly, but read quickly, typically taking 300 milliseconds between keystrokes, but only 30 milliseconds (a tenth of the time!) to glance at another part of the page. This means that you can scan a results page while you type."