Slashdot Mirror

prostoalex writes "Yahoo is reporting that global cybercrime overtook global drug trafficking in terms of revenue this past year. In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent, and Americans filed 207,000 reports on cybercrime to FBI."

An anonymous reader wrote to mention a ZDNet blog entry by Garett Rogers, wondering aloud about the relationship between Google and Time Warner Telecom. From the entry: "It is rumored that Google has started testing 'Click-to-Call' which links potential buyers to advertisers via phone, but the third party who provides the communication services is still unknown. Could it be Time Warner Telecom who will be providing VoIP services for Google's Click-to-Call service?" We've previously mentioned the Click-to-Call service.

Dotnaught writes to tell us Reuters is reporting that the science fiction spoof "Star Wreck: in the Pirkinning" has become Finland's most viewed movie. From the article: " [...] relying on free distribution over the Internet to reach more than 3 million viewers in less than two months. "Star Wreck: In the Pirkinning" is a full-length feature in Finnish with English subtitles. It was made by a group of students and other amateur film makers with a bare-bones budget and a few home computers to create elaborate special effects."

An anonymous reader writes "The Xbox 360 launches on Tuesday, and ZDNet talks to some of the folks who are already prepping for it. John Dvorak also has commentary on the new console, and he seems to like it." From the Dvorak article: "Luckily Microsoft's Xbox 360 crew, and other game developers, are working on cool stuff that will cross over to PCs. When game developers retake their rightful place on top of the hill of progress, we'll all be better off. Needless to say, I am impressed by the Xbox 360. The Xbox 360 explores new menu structures with a unique and pleasant GUI. One often-overlooked element that the Microsoft games group brings to the party is its unique GUIs that are unlike the folder/desktop metaphor that Xerox and Apple developed."

An anonymous reader writes "ZDNet reported earlier this week that Microsoft was thinking of offering an Ad-Supported version of Windows. A blog post by John Carroll offers some reasons why Ad-Supported Windows makes sense. From the article: '4. More revenue through targeted marketing: The holy grail of marketing is to target an audience with the sort of ads that most appeal to them. Sending a bunch of male programmers advertisements for breast enlargement isn't terribly useful. Sending a bunch of male programmers advertisements for a four hour extended version of Star Trek: The Wrath of Khan is useful.' Is there any situation where you can see yourself open to the possibility of using an Ad-Supported operating system?"

An anonymous reader writes "ZDNet reported earlier this week that Microsoft was thinking of offering an Ad-Supported version of Windows. A blog post by John Carroll offers some reasons why Ad-Supported Windows makes sense. From the article: '4. More revenue through targeted marketing: The holy grail of marketing is to target an audience with the sort of ads that most appeal to them. Sending a bunch of male programmers advertisements for breast enlargement isn't terribly useful. Sending a bunch of male programmers advertisements for a four hour extended version of Star Trek: The Wrath of Khan is useful.' Is there any situation where you can see yourself open to the possibility of using an Ad-Supported operating system?"

JamesAlfaro writes "Hackers are likely to release more than 6000 keylogging programs this year--up 65 percent from the number in 2004--according to Reston, Virginia, security vendor iDefense." From the article: "Each variant could lead to anything from a few to several thousand infections, Ken Dunham, senior engineer at iDefense, said. Keylogger software typically tracks keystrokes on infected computers and is used to try to steal sensitive information such as user names and credit card data. The biggest problem with keyloggers, which silently relay data to attackers, is that they often go undetected, easily slipping past firewalls and antivirus software, iDefense, a division of VeriSign, said. "

Roland Piquepaille writes "In the nanotech world, molecular 'motors' have been heavily investigated during the last decade. And you probably read that these nano-carriers will one day be able to move a useful drug right where it's needed inside your body. But think for a minute to the size gap between yourself and a molecule. It's pretty impressive! Now, according to this news release, researchers from the Max Planck Institute of Colloids and Interfaces in Germany have developed a theory stating that only a few motor molecules should be enough for directed transport over centimeters or even meters. It's probably a meaningless comparison, but it's like if you were able to walk to the moon and come back."

Mortimer.CA writes "In a weblog entry, Paul Murphy mentions a Microsoft report (40 page PDF) that in many instances FreeBSD 5.3 and Linux perform better than Windows XP SP2. The report is about MS' Singularity kernel (which does perform better than the OSS kernels by many of the metrics they use), and some future directions in OS design (as well as examination of the way things have been done in the past)." From the post: "What's noteworthy about it is that Microsoft compared Singularity to FreeBSD and Linux as well as Windows/XP - and almost every result shows Windows losing to the two Unix variants. For example, they show the number of CPU cycles needed to "create and start a process" as 1,032,000 for FreeBSD, 719,000 for Linux, and 5,376,000 for Windows/XP."

Luigi30 writes "ZDnet reports that RetroCoder, makers of the SpyMon remote monitoring program, are suing Sunbelt Software, makers of ConterSpy, a spyware detector program, for detecting the SpyMon as spyware. According to the EULA, SpyMon can not be used in 'anti-spyware research,' and detecting it is therefore a violation of it. 'In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice,' a RetroCoder spokesperson said."

An anonymous reader writes "The OpenDocument format is gathering steam, as several influential companies seek an alternative to Microsoft Office." From the article: "The ODF Summit brought together representatives from a handful of industry groups and from at least 13 technology companies, including Oracle, Google and Novell. That stepped-up commitment from major companies comes amid signs that states are considering getting behind OpenDocument. James Gallt, the associate director for the National Association of State Chief Information Officers, said Wednesday that there are a number of state agencies are exploring the use of the document format standard."

Microsoft is apparently hoping to sell 3 million of its next-gen console in its first three months of life, reports ZDNet. From the article: "'We think through the first 90 days of launch...we expect to have sold 2.75 (million) to 3 million consoles worldwide,' said Bryan Lee, chief financial officer of Microsoft's Home and Entertainment unit. Lee's comments came as part of a speech at the Harris Nesbitt Media & Entertainment Conference in New York. Lee said the prediction should translate to about $1.5 billion in sales of Xbox devices, games and accessories during that period."

An anonymous reader writes "Microsoft has released word that several image handling flaws may open Windows PCs to Spyware or viruses. From the article: 'We will continue to see this type of vulnerabilities in every major application for the foreseeable future ... It is not just images, but any type of complex file format. This is something that security researchers and hackers have realized to be a weak point in many applications.'"

rbochan writes "Some of you may recall a couple of years back when Microsoft and Unisys decided that a multi-million dollar ad campaign against *nix was in order, dubbed 'We Have A Way Out.' The results weren't what they'd hoped. ZDNet is now reporting that Unisys has done an about face and is now touting Linux as 'a mature technology and the right cost-effective option for many companies.'"

dptalia writes "According to an article on ZDNet, IBM has come up with a way to slow light to 1/300 of its normal speed. While this has been done in laboratories before, IBM has found out how to do this using standard materials, which opens the possibility of mass production. This means that the dream of having optical based CPUs may be closer than previously thought." From the article: "When the optical conversion might start to occur is a matter of speculation. Luxtera has said it will start to commercially produce products in 2007. The computer industry, however, tends to move slowly when it comes to major overhauls of computer architecture. Several components will have to be developed before photons can replace electrons inside computers. A paper providing details on the chip will run in Nature on Wednesday."

legaleagll writes "According to this article , a British Judge has ruled that a teen who sent approximately 5,000,000 e-mails to his former employer was not in violation of the U.K.'s Computer Misuse Act. It appears that the Computer Misuse Act is a bit outdated being that it was created 15 years ago when a number, perhaps most, of the current methods for misuse of computers were not contemplated."

Ray writes "Google may be creating their own branded digital television DVR / satellite service. A DVR that lets you "Log In" with your Google Account before you begin your television watching would allow Google to serve up relevant ads based on: the program you are watching, your search history, the type of emails you have received in the past 24 hours (excluding spam hopefully), or anything else Google can track. Imagine the possibilities... You are watching Google Satellite TV through your "internet ready" Google DVR."

* * Beatles-Beatles writes to tell us that several insurance agencies have formed a partnership to offer open-source compliance insurance. From the article: " The insurance will cover up to $10 million in damages, including profit losses related to noncompliance with an open-source software license. The policy could, in some cases, cover the cost of repairing code that was found to infringe on open-source licenses such as the General Public License, which is used with the Linux operating system."

An anonymous reader writes "ZDNet News reports that Oracle is likely to announce a free version of its Oracle 10g Database. Oracle Database 10g Express Edition will be free for development and production use, and could even be distributed with other products. What does this mean for the future of MySQL and PostgreSQL?" From the article: "By introducing a free entry-level product, Oracle intends to get more developers and students familiar with its namesake database, Mendelsohn said. Those customers, Oracle hopes, will eventually upgrade to a higher-end version."

An anonymous reader writes "An editorial at ZDNet talks about the concept of subscription licensing for software." From the article: "But the software industry is greedy enough to want to go even further. Ignoring the subtleties of DRM -- which snares users by glossing over the unseen ties between content and format -- vendors from BEA to Microsoft are eager to take up the blunt cudgel of subscription licensing, which merely asserts that, if you don't pay up again at the end of the year, your software stops working. The best way to deploy the mechanism of subscription licensing, of course, is as a hosted service, because it gives the software vendor the ability to instantly turn off the software-on-tap if the renewal is not forthcoming. Perhaps this explains Microsoft's new-found attraction to 'hosted everything' (whether or not it can work)."

J. Random Luser writes "Groklaw is carrying a story about Microsoft quietly engaging a French company to develop Open Document filters for Office 12, due out mid-2006. The SourceForge project claims to be an import filter for MS Office, and that is how the developer describes it. But ZDNet quotes Ray Ozzie as talking about an export filter from MS Office, and this french blog takes Ozzie at his word. Ostensibly the tarball unpacks as OpenOfficePlugin, and SourceForge has the WindowsInstaller.msi listed as 'platform independent'." From the ZDNet article: "Ozzie told me that supporting ODF in Office isn't a matter of principle. Microsoft isn't opposed to supporting other formats. The company just announced support for PDF, and he added that the Open Office XML format has an 'extremely liberal' license."

cygnusx writes "ZDNet's George Ou has been writing a series of posts about Open Office bloat. Includes some interesting system usage comparisons" From the article: "Even when dealing with what is essentially the same data, OpenOffice Calc uses up 211 MBs of private unsharable memory while Excel uses up 34 MBs of private unsharable memory. The fact that OpenOffice.org Calc takes about 100 times the CPU time explains the kind of drastic results we were getting where Excel could open a file in 2 seconds while Calc would take almost 3 minutes. Most of that massive speed difference is due to XML being very processor intensive, but Microsoft still handles its own XML files about 7 times faster than OpenOffice.org handles OpenDocument ODS format and uses far less memory than OpenOffice.org."

cygnusx writes "ZDNet's George Ou has been writing a series of posts about Open Office bloat. Includes some interesting system usage comparisons" From the article: "Even when dealing with what is essentially the same data, OpenOffice Calc uses up 211 MBs of private unsharable memory while Excel uses up 34 MBs of private unsharable memory. The fact that OpenOffice.org Calc takes about 100 times the CPU time explains the kind of drastic results we were getting where Excel could open a file in 2 seconds while Calc would take almost 3 minutes. Most of that massive speed difference is due to XML being very processor intensive, but Microsoft still handles its own XML files about 7 times faster than OpenOffice.org handles OpenDocument ODS format and uses far less memory than OpenOffice.org."

DD writes to tell us ZDNet is running a story about a new Santa Clara, CA based startup that is boasting a new line of low-power, Power chips, the same architecture found in current day Macs and IBM servers. From the article: "The company's first so-called PWRficient chip will feature two processing cores, run at 2GHz and consume on average about 5 watts, thanks to an emphasis on integration and circuit design. At a maximum, it will consume 25 watts, far less than the single-core Power chips that can hit 90 watts found on the market today."

VitaminB52 writes "Microsoft is only winning about one out of four deals where IT shops are trying to move off of proprietary Unix. To turn that trend around, there are four specific Linux strongholds where Microsoft is focusing its attention." From the article: "After discussing server clustering, Web hosting, and server appliances, Ballmer was cut off by the interviewees before he could identify the fourth. But my guess is that, given the way Ballmer emphasized Software as a Service (SaaS) as a core theme for all the work that's taking place at Microsoft right now, the fourth stronghold of Linux that Microsoft wants is the SaaS stronghold where Linux is the operating system behind a Java-based application server technology ... Ballmer knows he's got a long roe to hoe. 'The day I come in front of the Gartner audience and say we have a better Unix than Linux, that'll be a good day.'"

It doesn't come easy wrote to mention a ZDNet article discussing a recent outage between Level 3 Communications and Cogent Communication. A business feud inadvertently highlighted the fragility of the Internet's skeleton. From the article: "In theory, this kind of blackout is precisely the kind of problem the Internet was designed to withstand. The complicated, interlocking nature of networks means that data traffic is supposed to be able to find an alternate route to its destination, even if a critical link is broken. In practice, obscure contract disputes between the big network companies can make all these redundancies moot. At issue is a type of network connection called 'peering.' Most of the biggest network companies, such as AT&T, Sprint and MCI, as well as companies including Cogent and Level 3, strike "peering agreements" in which they agree to establish direct connections between their networks. "

Anonymous Coward writes "The way John Carroll sees it, Microsoft doesn't get enough credit for all the technology it invents. The company's understanding of the marketplace, argues Carroll, has proved fertile ground for many of the inventions, however incremental, that Microsoft produces on a regular basis. That awareness is that all software markets, however "unrelated" they may seem, have linkages to each other. And it's an awareness that open source will have a hard time matching. Another reason many fail to appreciate Microsoft inventiveness, continues Carroll, is because most inventions are pieces of larger puzzles."

Anonymous Coward writes "The way John Carroll sees it, Microsoft doesn't get enough credit for all the technology it invents. The company's understanding of the marketplace, argues Carroll, has proved fertile ground for many of the inventions, however incremental, that Microsoft produces on a regular basis. That awareness is that all software markets, however "unrelated" they may seem, have linkages to each other. And it's an awareness that open source will have a hard time matching. Another reason many fail to appreciate Microsoft inventiveness, continues Carroll, is because most inventions are pieces of larger puzzles."

Anonymous Coward writes "Linux ought to be even more successful than it is. On ZDNet, Paul Murphy ponders the reasons why. For one thing: The GPL impedes Linux more than it helps. Licensing issues, coupled with patent and copyright FUD, have caused developers and VCs to think twice before committing to Linux. Murphy also suspects that desktop Linux is stuck on stupid." From the post: "Basically, legal issues, or the threat of legal issues, caused some key applications developers to back off Linux while the general negativism of Linux marketing caused many of the individuals whose innovations should have been driving Linux adoption to hang fire until MacOS X and Solaris for x86 under the CDDL came along."

Anonymous Coward writes "Linux ought to be even more successful than it is. On ZDNet, Paul Murphy ponders the reasons why. For one thing: The GPL impedes Linux more than it helps. Licensing issues, coupled with patent and copyright FUD, have caused developers and VCs to think twice before committing to Linux. Murphy also suspects that desktop Linux is stuck on stupid." From the post: "Basically, legal issues, or the threat of legal issues, caused some key applications developers to back off Linux while the general negativism of Linux marketing caused many of the individuals whose innovations should have been driving Linux adoption to hang fire until MacOS X and Solaris for x86 under the CDDL came along."

Anonymous Coward writes "Linux ought to be even more successful than it is. On ZDNet, Paul Murphy ponders the reasons why. For one thing: The GPL impedes Linux more than it helps. Licensing issues, coupled with patent and copyright FUD, have caused developers and VCs to think twice before committing to Linux. Murphy also suspects that desktop Linux is stuck on stupid." From the post: "Basically, legal issues, or the threat of legal issues, caused some key applications developers to back off Linux while the general negativism of Linux marketing caused many of the individuals whose innovations should have been driving Linux adoption to hang fire until MacOS X and Solaris for x86 under the CDDL came along."

Vicissidude writes "At present, companies that distribute GPL-licensed software must make the source code publicly available, including any modifications they've made. Though the rule covers many businesses that use GPL-licensed software for commercial ends, it doesn't cover Web companies that use such software to offer their services through the Web, as they're not actually distributing the software. GPL 3, the next version of the free software license, a draft of which is expected to be released in early 2006, may close this loophole, GPL author and Free Software Foundation head Richard Stallman said in an interview."

Examancer2 writes "MIT is showing off a prototype of a $100 laptop. It uses a 500MHz AMD processor, stores everything on flash memory, and runs Linux. The AC adapter acts as the carrying strap, and there is a hand crank so if you can't find a source of electricity you can charge it kinetically. The prototype laptop is also much more flexible and durable than your average notebook. In addition the unit has a screen that has a special daylight-friendly black & white mode that makes a great ebook." From the article: "Nicholas Negroponte, the co-founder of the Media Lab at the Massachusetts Institute of Technology, detailed specifications for a $100 windup-powered laptop targeted at children in developing nations. Negroponte, who laid out his original proposal at the World Economic Forum in Davos, Switzerland, in January, said MIT and his nonprofit group, called One Laptop Per Child, is in discussions with five countries--Brazil, China, Thailand, Egypt and South Africa--to distribute up to 15 million test systems to children." More coverage of this story available from ITWorld, InformationWeek, BBC, ZDNet, and the Associated Press.

prostoalex writes "Perhaps many, who viewed Zimbra presentation from yesterday, thought about other office-related applications they would like to see moved to the Web. Richard McManus on ZDNet provides a list of the currently available AJAX apps. Did you know there was AJAX word processor, AJAX spreadsheet, AJAX calendar, AJAX presentation-building software, AJAX e-mail client, AJAX note-taking software and some other interesting applications, which, deployed on your local server, do not need installation and "just work" in a browser window?"

putko writes "Mike Singer has an article at ZDNet called Five reasons for Palm's slide which describes succinctly how Palm went from owning the palmtop platform -- OS and apps -- to getting chopped into pieces (some recently sold to a Japanese firm), using an OS from Microsoft and teaming up with Microsoft. The author claims, among other things, that Palm's stuff never worked well enough with Windows (while the RIM Blackberry did), which ultimately allowed Windows Mobile to eliminate them. A hard fall for a company that really did innovate."

christchurch map writes "Jonathan Schwartz, president of server and software maker Sun Microsystems, said that the personal computer is increasingly becoming a relic. Instead, what has become important are Web services on the Internet and the majority of the world will first experience the Internet through their mobile phones." From the article: "Schwartz points to the increasing wealth and power of companies, like eBay, Google, Yahoo and Amazon.com, that profit from free services available over the network. Among his audience, many more people said they'd rather have access to Internet services than their desktop computing applications. And Microsoft--the company with the biggest financial stake in the PC software business--has struggled to cope with the arrival of Web services."

stlhawkeye writes "The RIAA is at it again, attacking inconvenient technology because it can be abused. They have sent another round of letters to P2P services, asking them to stop "encouraging users" to illegally distribute copyrighted material. eDonkey, LimeWire, and Kazaa are all on the RIAA's hit list, along with 2Hub, BitTorrent, WinMX and Free Peers, maker of file-swapping software BearShare. One wonders how they intend to attack BitTorrent, which can be and is used in legitimate mass distribution efforts of legal material, such as World of Warcraft patches. Are FTP and /usr/sbin/scp next?"

prostoalex writes "With Firefox market share reaching a substantial level, is the popular Internet browser becoming a security nightmare for IT administrators? George Ou takes a look at the hard numbers. From the article: 'From March 2005 to September 2005 10 vulnerabilities were published for Microsoft Internet Explorer, 40 for Mozilla Firefox. In April-September timespan there were 6 exploits for MSIE, 11 for Firefox. Conclusion? As you can see, the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading. It just goes to prove that any popular software worth hacking that has security vulnerabilities will eventually have to deal with live working exploits. Firefox mostly managed to stay under the radar from hackers before April of 2005.'"

prostoalex writes "With Firefox market share reaching a substantial level, is the popular Internet browser becoming a security nightmare for IT administrators? George Ou takes a look at the hard numbers. From the article: 'From March 2005 to September 2005 10 vulnerabilities were published for Microsoft Internet Explorer, 40 for Mozilla Firefox. In April-September timespan there were 6 exploits for MSIE, 11 for Firefox. Conclusion? As you can see, the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading. It just goes to prove that any popular software worth hacking that has security vulnerabilities will eventually have to deal with live working exploits. Firefox mostly managed to stay under the radar from hackers before April of 2005.'"

pin_gween writes "ZDNet.com has published info on proposed changes to the telecommunications laws. The U.S. House of Representatives Energy and Commerce committee released a 77-page staff working draft (PDF alert) and is now calling for comments from interested parties. Highlights include: 'The draft defines, for regulatory purposes, broadband Internet transmission services--or BITS--as "a packet-switched service that is offered to the public," regardless of the equipment or protocol used. That puts DSL and cable providers on equal footing... A federal framework for regulating BITS, VoIP and broadband video services...BITS, VoIP and broadband video services must not block their subscribers' access to any content or applications and must allow their subscribers to connect to their services with whichever devices they choose...Recourse for VoIP providers: They're expected to negotiate their own rates with telecommunications companies for use of their wires'"

nazarijo writes "The security world has been taken by storm by intrusion prevention system (IPS) products in the past couple of years. After all, a typical intrusion detection system (IDS) only alerts you that something malicious may have happened, and an IPS reacts to it and can prevent the attack. Action in this scenario is obviously preferred to a passive bystander. Still, the IPS solution space is confusing to many." Read on for the rest of Nazario's review of a book designed to erase that confusion. Intrusion Prevention and Active Response: Deploying Network and Host IPS author Michael Rash, Angela D. Orebaugh, Graham Clark, Becky Pinkard, and Jake Babbin pages 424 publisher Syngress rating 7 reviewer Jose Nazario ISBN 193226647X summary An overview of host- and network-based IPS solutions

The June, 2003, report from Gartner on the death of IDS set off a lot of security industry activity. Everyone was busy trying to either defend the IDS product space, reposition their products as IPS devices, or trying to dismiss the Gartner position. Many security engineers had to suddenly evaluate the IPS products on the market and make purchase and deployment decisions, as well. However, there's been a lack of understanding of this marketspace for some time. If you've been curious about this technology, you may want to look at Intrusion Prevention and Active Response: Deploying Network and Host IPS to help you understand these solutions.

It would have been relatively easy to write a book that simply covered one facet of the IPS product space, such as network IPS systems. However, the authors have chosen to try and write a comprehensive overview of the tools currently available for both the network and the host, as well as ways in which they can be attacked and the scenarios they work in. While the book focuses on open source tools, including the Snort IPS extensions, the techniques apply to closed source, commercial tools as well.

In general I found Intrusion Prevention to be a decent first book on the subject, although a bit unfocused in its delivery. At times it seems to try and bite off more than it can chew, or go off on a tangent for too long (such as the many pages of nmap options), but in general the book does a fair job of delivering its promise. Through it you'll get a good overview of many of the technologies present in the IPS marketspace and what they offer. If you're up to it, you'll even learn a few ways to test the tools and weed out the snake oil vendors.

The book is heavy on actual system output and configuration examples. I like the explicit packet captures and snort rules, I think they go a long way towards illustrating the premise of an IPS system. As is somewhat common with Syngress press books, the formatting is a bit off at times (sometimes it's too wide or slips over the page boundary at the wrong time), but if you can work past that you're rewarded with a useful example.

For host-based IPS solutions, the book covers a number of approaches that aren't always evident as IPS techniques. Various stack protection mechanisms, including LD_PRELOAD techniques like Libsafe, GCC modifications such as StackGuard, and kernel modifications like LIDS, PaX, RBAC and GrSecurity are all described.

By now you can see that the book is pretty Linux and open source centric. This isn't too bad at all, since the basic functionality is present in most of the commercial tools, as well. These can include inline network data modification and reactions or application integrity checking tools. The open source versions, while they sometimes have fewer features, are excellent representatives of this technology.

The book really comes together in chapter 8, 'Deploying Open Source IPS Solutions.' Several vulnerable systems are set up, deployed in a fictitious network, and protected through a variety of IPS solutions which work together to create a layered security model. If the network can detect the attack, it's dropped or modified to remove the offending bits. If the malicious data gets through to the host, the host-level IPS tools remediate the problem. All in all a nice example chapter.

The discussion on how to evade IPS devices was a bit lacking, unfortunately. It seems squeezed in, and doesn't have the same level of detail as other chapters on similar topics. Detailed descriptions of the layer 3, 4 and application layer obfuscation techniques would have been useful to help explain this complex topic.

Before you begin thinking that the authors are entirely gung-ho on IPS technologies, they spend a long time discussing how they can be fooled and how they are fundamentally prone to false positives. This tempered stance is valuable, and they recommend that you take a limited set of functionality from your IDS system and make it reactive in your IPS.

There are only a couple of books that cover IPS technologies to any significant degree, and this appears to be the only one solely devoted to discussing IPS approaches for both the host and network. To that end, the authors have done a pretty good job of introducing the reader to what an IPS can give them, how to evaluate it, and what to expect in the real world. While the book itself has some production and layout problems, the material is worthwhile and will give the reader much-needed advice.

You can purchase Intrusion Prevention and Active Response: Deploying Network and Host IPS from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

xzap writes "ZDNet is running an article about TrustedSource.org which is a new portal that provides reputation information for IP addresses. It can be used to configure your spam filters or when deciding whether to add an unknown host to your blacklist. Dmitri Alperovitch, a research engineer at CipherTrust said "Often companies don't realize that they have zombie machines on their network that have been sending e-mail. It may be more helpful for organizations to identify which systems on their networks are sending e-mail." Users can drill down to find more information on each domain. The portal is an initiative of CipherTrust who have previously been covered on Slashdot."

a.different.perspect writes "The Federal Communications Commission has extended the deadline for formal acknowledgement of the limitations of the Enhanced 911 service used by VoIP providers by 30 days, to September 28. The FCC requires that VoIP companies in the United States inform and receive acknowledgement from all their customers of the pitfalls of E911, which corresponds 911 calls made on a VoIP service with the physical address of the caller according to company records but which won't report correct information if, for example, a customer uses their VoIP phone away from their registered address. Currently 1.5 million VoIP subscribers have confirmed their acceptance of E911, but 100,000 are yet to respond and had faced the termination of their service."

An anonymous reader writes "There is a new story on ZDNet about more lawsuits against P2P file sharers. The catch is that Hollywood is using the log files off Bit Torrent sites like Suprnova and LokiTorrent."

SixDimensionalArray writes "The rumor mill is exploding with stories that large voice-over-ip (VoIP) provider Vonage is planning an initial public offering to raise nearly $600 million. This information is interesting coming out not long after Google's recent release of Google Talk, which overs instant messaging/VoIP services PC-to-PC as well as a surge in marketing by VoIP providers such as Covad and Skype. Could this be yet another bubble?"

andy1307 writes "CNET is carrying an article about a settlement between AOL and New York State that includes AOL paying a $1.25 million fine and agreeing to reform its customer service procedures. The agreement stems from consumers' complaints that AOL customer service representatives would either ignore requests, or make it unduly difficult, to cancel their service, according to a statement from Attorney General Eliot Spitzer. The policy probaby had something to do with rapidly declining customer numbers at AOL as more Americans switch to broadband."

andy1307 writes "CNET is carrying an article about a settlement between AOL and New York State that includes AOL paying a $1.25 million fine and agreeing to reform its customer service procedures. The agreement stems from consumers' complaints that AOL customer service representatives would either ignore requests, or make it unduly difficult, to cancel their service, according to a statement from Attorney General Eliot Spitzer. The policy probaby had something to do with rapidly declining customer numbers at AOL as more Americans switch to broadband."

prostoalex writes "With increased offshore outsourcing and continuing simplification of such tasks as writing a trivial application, Computer Science degrees are not as attractive for college students anymore, NYT finds. Students prefer interdisciplinary majors, where the programming skills are combined with solid scientific backgrounds in biotech, chemistry or business." From the article: "For students like Ms. Burge, expanding their expertise beyond computer programming is crucial to future job security as advances in the Internet and low-cost computers make it easier to shift some technology jobs to nations with well-educated engineers and lower wages, like India and China."

prostoalex writes "There are 2.7 million paying VOIP customers in the United States, according to research by TeleGeography. The whole industry will generate $220 million this year, with Vonage leading as far as customer number."

An anonymous reader writes "The Bush administration is objecting to the creation of a .xxx domain, saying it has concerns about a virtual red-light district reserved exclusively for Internet pornography. This is despite the the .xxx domain being approved in June and New.net selling domain names using the .xxx suffix for many months before the approval." From the ZDNet article: " The sudden high-level interest in what has historically been an obscure process has placed the Internet Corporation for Assigned Names and Numbers (ICANN) in an uncomfortable position. ICANN approved the concept of an .xxx domain in June and approval of ICM Registry's contract to run the suffix was expected this week Other governments also have been applying pressure to ICANN in a last-minute bid to head off .xxx. A letter from ICANN's government advisory group sent Friday asks for a halt to 'allow time for additional governmental and public policy concerns to be expressed before reaching a final decision.'"