Books

Book Review: Designing and Building a Security Operations Center

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators. This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues. In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. Keep reading for the rest of Ben's review
Programming

The American App Economy Is Now "Bigger Than Hollywood" 39

Posted by samzenpus
from the there's-an-app-for-that dept.
Lemeowski writes Technology business analyst Horace Deidu found an interesting nugget while closely examining an Apple press release from earlier this year: "The iOS App Store distributed $10 billion to developers in 2014, which, Deidu points out, is just about as much as Hollywood earned off U.S. box office revenues the same year." That means the American app industry is poised to eclipse the American film industry. Additionally, Apple says its App Store has created 627,000 jobs, which Deidu contrasts with the 374,000 jobs Hollywood creates
Education

Nobel Laureate and Laser Inventor Charles Townes Passes 33

Posted by samzenpus
from the rest-in-peace dept.
An anonymous reader writes Charles Hard Townes, a professor emeritus of physics at the University of California, Berkeley, who shared the 1964 Nobel Prize in Physics for invention of the laser and subsequently pioneered the use of lasers in astronomy, died early Tuesday in Oakland. He was 99. "Charlie was a cornerstone of the Space Sciences Laboratory for almost 50 years,” said Stuart Bale, director of the lab and a UC Berkeley professor of physics. “He trained a great number of excellent students in experimental astrophysics and pioneered a program to develop interferometry at short wavelengths. He was a truly inspiring man and a nice guy. We’ll miss him.”
Space

We May Have Jupiter To Thank For the Nitrogen In Earth's Atmosphere 34

Posted by Soulskill
from the jupiter-never-forgets-our-birthday dept.
An anonymous reader writes: Nitrogen makes up about 78% of the Earth's atmosphere. It's also the 4th most abundant element in the human body. But where did all the nitrogen on Earth come from? Scientists aren't sure, but they have a new theory. Back when the solar system was just a protoplanetary disk, the ice orbiting the early Sun included ammonia, which has a nitrogen atom and three hydrogen atoms. But there needed to be a way for the nitrogen to get to the developing Earth. That's where Jupiter comes in. During its theorized Grand Tack, where it plunged into the inner solar system and then retreated outward again, it created shock waves in the dust and ice cloud surrounding the sun. These shock waves caused gentle heating of the ammonia ice, which allowed it to melt and react with chromium-bearing metal to form a mineral called carlsbergite. New research (abstract) suggests this mineral was then present when the Earth's accretion happened, supplying much of the nitrogen we would eventually need for life.
Businesses

Comcast Pays Overdue Fees, Offers Freebies For TWC Merger Approval 62

Posted by Soulskill
from the bought-and-paid-for dept.
WheezyJoe writes: In seeking more support for its mega-merger with Time-Warner Cable, Comcast has been going across the country giving local governments a chance to ask for favors in exchange for approving a franchise transfer. In Minneapolis, this turned up an unpaid bill of $40,000 in overdue franchise fees, so Comcast will have to pay the city money it already owed in order to get the franchise transfer. Comcast will also throw in $50,000 worth of free service and equipment.

"Thirty Minneapolis city buildings will get free basic cable for the next seven years as part of a package of concessions (PDF) the city wrung out of Comcast in exchange for blessing its proposed merger with fellow cable giant Time Warner," Minnesota Public Radio reported. The article notes that getting any kind of refund out of a cable company is not easy.

Part of the deal with Minneapolis involves the spinoff of a new cable company called GreatLand Connections that will serve 2.5 million customers in the Midwest and Southeast, including Minnesota. After the deal, Comcast's franchises in those areas would be transferred to GreatLand. Such goodwill concessions may seem impressive as Comcast seeks to foster goodwill, but one wonders how Comcast/Time Warner will behave after the merger.
Businesses

Apple Posts $18B Quarterly Profit, the Highest By Any Company, Ever 401

Posted by Soulskill
from the all-about-the-benjamins dept.
jmcbain writes: Yesterday, Apple reported its financial results for the quarter ending December 27, 2014. The company posted $18 billion in profit (on $74 billion in revenue), the largest quarterly profit by any company, ever. The previous record was $16 billion by Russia's Gazprom (the largest natural gas extractor in the world) in 2011. Apple sold 74.5 million iPhones last quarter, along with 5.5 million Macs and 21.4 million iPads.
Youtube

YouTube Ditches Flash For HTML5 Video By Default 208

Posted by Soulskill
from the now-if-they-can-ditch-the-commenters dept.
An anonymous reader writes: YouTube today announced it has finally stopped using Adobe Flash by default. The site now uses its HTML5 video player by default in Google's Chrome, Microsoft's IE11, Apple's Safari 8, and in beta versions of Mozilla's Firefox browser. At the same time, YouTube is now also defaulting to its HTML5 player on the web. In fact, the company is deprecating the "old style" Flash object embeds and its Flash API, pointing users to the iFrame API instead, since the latter can adapt depending on the device and browser you're using.
GNU is Not Unix

Serious Network Function Vulnerability Found In Glibc 197

Posted by Soulskill
from the audits-finding-gold dept.
An anonymous reader writes: A very serious security problem has been found and patched in the GNU C Library (Glibc). A heap-based buffer overflow was found in __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to make an application call to either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the program. The vulnerability is easy to trigger as gethostbyname() can be called remotely for applications that do any kind of DNS resolving within the code. Qualys, who discovered the vulnerability (nicknamed "Ghost") during a code audit, wrote a mailing list entry with more details, including in-depth analysis and exploit vectors.
Media

Ask Slashdot: Best Medium For Personal Archive? 243

Posted by timothy
from the but-with-8-tracks-you-can-still-lose-7 dept.
An anonymous reader writes What would be the best media to store a backup of important files in a lockbox? Like a lot of people we have a lot of important information on our computers, and have a lot of files that we don't want backed up in the cloud, but want to preserve. Everything from our personally ripped media, family pictures, important documents, etc.. We are considering BluRay, HDD, and SSD but wanted to ask the Slashdot community what they would do. So, in 2015, what technology (or technologies!) would you employ to best ensure your data's long-term survival? Where would you put that lockbox?
Communications

FCC Fines Verizon For Failing To Investigate Rural Phone Problems 92

Posted by timothy
from the shrugging-it-off dept.
WheezyJoe writes Verizon agreed to a $5 million settlement after admitting that it failed to investigate whether its rural customers were able to receive long distance and wireless phone calls. The settlement is related to the FCC's efforts to address what is known as the rural call completion problem. Over an eight-month period during 2013, low call answer rates in 39 rural areas should have triggered an investigation, the FCC said. The FCC asked Verizon what steps it took, and Verizon said in April 2014 that it investigated or fixed problems in 13 of the 39 areas, but did nothing in the other 26.

"Rural call completion problems have significant and immediate public interest ramifications," the FCC said in its order on the Verizon settlement today. "They cause rural businesses to lose customers, impede medical professionals from reaching patients in rural areas, cut families off from their relatives, and create the potential for dangerous delays in public safety communications." Verizon has been accused of letting its copper landline network decay while it shifts its focus to fiber and cellular service. The FCC is working a plan to protect customers as old copper networks are retired.
The Almighty Buck

Valve's Economist Yanis Varoufakis Appointed Greece's Finance Minister 312

Posted by timothy
from the finger-on-all-the-buttons dept.
eldavojohn writes A turnover in the Greek government resulted from recent snap elections placing SYRIZA (Coalition of the Radical Left) in power — just shy of an outright majority by two seats. Atheist, and youngest Prime Minister in Greek history since 1865, Alexis Tsipras has been appointed the new prime minister and begun taking immediate drastic steps against the recent austerity laws put in place by prior administrations. One such step has been to appoint Valve's economist Yanis Varoufakis to position of Finance Minister of Greece. For the past three years Varoufakis has been working at Steam to analyze and improve the Steam Market but now has the opportunity to improve one of the most troubled economies in the world.
Earth

"Mammoth Snow Storm" Underwhelms 373

Posted by timothy
from the blame-uber dept.
mi (197448) writes You heard the scare-mongering, you heard the governors and mayors closing public transit and declaring driving on public roads a crime. But it turned out to have been a mistake. Boston may have been hit somewhat, but further South — NYC and Philadelphia — the snowfall was rather underwhelming. Promised "2-3 feet" of snow, NYC got only a few inches. Is this an example of "better safe than sorry," or is government's overreach justified by questionable weather models exceeding the threshold of an honest mistake?
United States

White House Drone Incident Exposes Key Security Gap 231

Posted by timothy
from the if-you-can-breathe-there's-a-security-gap dept.
HughPickens.com writes The Washington Post reports that the intrusion by a recreational drone onto the White House lawn has exposed a security gap at the compound that the Secret Service has spent years studying but has so far been unable to fix. Commercial technology is available that can use a combination of sensitive radar and acoustic trackers to detect small drones, though coming up with an effective way to stop them has been more elusive. "To do something about the problem, you have to find it, you have to track it, you have to identify it and you have to decide what to do with it," says Frederick F. Roggero. "But especially in an urban environment, it would be tough to detect and tough to defeat kinetically without shooting it down and causing collateral damage." Most recreational drones, like the one that crashed Monday, weigh only a few pounds and lack the power to do much harm. Larger models that can carry payloads of up to 30 pounds are available on the market and are expected to become more common. The FAA imposes strict safety regulations on drones flown by government agencies or anyone who operates them for commercial purposes. In contrast, hardly any rules apply to people who fly drones as a hobby, other than FAA guidelines that advise them to keep the aircraft below 400 feet and five miles from an airport. "With the discovery of an unauthorized drone on the White House lawn, the eagle has crash-landed in Washington," says Senator Charles Schumer. "There is no stronger sign that clear FAA guidelines for drones are needed."
United States

Researchers Tie Regin Malware To NSA, Five Eyes Intel Agencies 93

Posted by timothy
from the which-wolves-and-which-sheep dept.
Trailrunner7 writes Researchers at Kaspersky Lab have discovered shared code and functionality between the Regin malware platform and a similar platform described in a newly disclosed set of Edward Snowden documents 10 days ago by Germany's Der Spiegel. The link, found in a keylogger called QWERTY allegedly used by the so-called Five Eyes, leads them to conclude that the developers of each platform are either the same, or work closely together. "Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source codes, we conclude the QWERTY malware developers and the Regin developers are the same or working together," wrote Kaspersky Lab researchers Costin Raiu and Igor Soumenkov today in a published report. (Here is the Spiegel article.)
ch

Davos 2015: Less Innovation, More Regulation, More Unrest. Run Away! 330

Posted by Soulskill
from the can't-we-all-just-get-along dept.
Freshly Exhumed writes: Growing income inequality was one of the top four issues at the 2015 World Economic Forum meeting in Davos, Switzerland, ranking alongside European adoption of quantitative easing and geopolitical concerns. Felix Salmon, senior editor at Fusion, said there was a consensus that global inequality is getting worse, fueling overriding pessimism at the gathering. The result, he said, could be that the next big revolution will be in regulation rather than innovation. With growing inequality and the civil unrest from Ferguson and the Occupy protests fresh in people's mind, the world's super rich are already preparing for the consequences. At a packed session, former hedge fund director Robert Johnson revealed that worried hedge fund managers were already planning their escapes. "I know hedge fund managers all over the world who are buying airstrips and farms in places like New Zealand because they think they need a getaway," he said. Looking at studies like NASA's HANDY and by KPMG, the UK Government Office of Science, and others, Dr Nafeez Ahmed, executive director of the Institute for Policy Research & Development, warns that the convergence of food, water and energy crises could create a "perfect storm" within about fifteen years.
Education

Why Coding Is Not the New Literacy 199

Posted by Soulskill
from the pants-are-the-new-shirts dept.
An anonymous reader writes: There has been a furious effort over the past few years to bring the teaching of programming into the core academic curricula. Enthusiasts have been quick to take up the motto: "Coding is the new literacy!" But long-time developer Chris Granger argues that this is not the case: "When we say that coding is the new literacy, we're arguing that wielding a pencil and paper is the old one. Coding, like writing, is a mechanical act. All we've done is upgrade the storage medium. ... Reading and writing gave us external and distributable storage. Coding gives us external and distributable computation. It allows us to offload the thinking we have to do in order to execute some process. To achieve this, it seems like all we need is to show people how to give the computer instructions, but that's teaching people how to put words on the page. We need the equivalent of composition, the skill that allows us to think about how things are computed."

He further suggests that if anything, the "new" literacy should be modeling — the ability to create a representation of a system that can be explored or used. "Defining a system or process requires breaking it down into pieces and defining those, which can then be broken down further. It is a process that helps acknowledge and remove ambiguity and it is the most important aspect of teaching people to model. In breaking parts down we can take something overwhelmingly complex and frame it in terms that we understand and actions we know how to do."
Businesses

Ubisoft Revokes Digital Keys For Games Purchased Via Unauthorised Retailers 443

Posted by Soulskill
from the there-is-no-entertainment-except-through-us dept.
RogueyWon writes: For the last several days, some users of Ubisoft's uPlay system have been complaining that copies of games they purchased have been removed from their libraries. According to a statement issued to a number of gaming websites, Ubisoft believes that the digital keys revoked have been "fraudulently obtained." What this means in practice is unclear; while some of the keys may have been obtained using stolen credit card details, others appear to have been purchased from unofficial third-party resellers, who often undercut official stores by purchasing cheaper boxed retail copies of games and selling their key-codes online, or by exploiting regional price differences, buying codes in regions where games are cheaper to sell them elsewhere in the world. The latest round of revocations appears to have triggered an overdue debate into the fragility of customer rights in respect of digital games stores.
Government

Comcast Ghost-Writes Politician's Letters To Support Time Warner Mega-Merger 178

Posted by Soulskill
from the where-the-money-lies dept.
WheezyJoe writes: As the FCC considers the merger between Comcast/Universal and Time-Warner Cable, which would create the largest cable company in the U.S. and is entering the final stages of federal review, politicians are pressuring the FCC with pro-merger letters actually written by Comcast. According to documents obtained through public records requests, politicians are passing letters nearly word-for-word written by Comcast as their own. "Not only do records show that a Comcast official sent the councilman the exact wording of the letter he would submit to the FCC, but also that finishing touches were put on the letter by a former FCC official named Rosemary Harold, who is now a partner at one of the nation's foremost telecom law firms in Washington, DC. Comcast has enlisted Harold to help persuade her former agency to approve the proposed merger."

Ars Technica had already reported that politicians have closely mimicked Comcast talking points and re-used Comcast's own statements without attribution. The documents revealed today show just how deeply Comcast is involved with certain politicians, and how they were able to get them on board.
Software

Windows 10 IE With Spartan Engine Performance Vs. Chrome and Firefox 152

Posted by Soulskill
from the attempting-to-battle-back dept.
MojoKid writes: In Microsoft's latest Windows 10 preview build released last week, Cortana made an entrance, but the much-anticipated Spartan browser did not. However, little did we realize that some of Spartan made the cut, in the form of an experimental rendering engine hidden under IE's hood. Microsoft has separated its Trident rendering engine into two separate versions: one is for Spartan, called EdgeHTML, while the other remains under its legacy naming with Internet Explorer. The reason Microsoft doesn't simply forego the older version is due to compatibility concerns. If you're running the Windows 10 9926 build, chances are good that you're automatically taking advantage of the new EdgeHTML engine in IE. To check, you can type 'about:flags' into the address bar. "Automatic" means that the non-Spartan Trident engine will be called-upon only if needed. In all other cases, you'll be taking advantage of the future Spartan web rendering engine. Performance-wise, the results with IE are like night and day in certain spots. Some of the improvements are significant. IE's Sunspider result already outperforms the competition, but it has been further improved. And with Kraken, the latency with the Spartan-powered Trident engine dropped 40%. Similar results are seen with a boost in the Octane web browser test as well.
United States

Plan C: The Cold War Plan Which Would Have Brought the US Under Martial Law 293

Posted by samzenpus
from the gentlemen-you-can't-fight-in-here-this-is-the-war-room dept.
v3rgEz writes with this story of a top secret Cold War plan which would have brought the U.S. under martial law. Starting on April 19, 1956, the federal government practiced and planned for a near-doomsday scenario known as Plan C. When activated, Plan C would have brought the United States under martial law, rounded up over ten thousand individuals connected to 'subversive' organizations, implemented a censorship board, and prepared the country for life after nuclear attack. There was no Plan A or B....Details of this program were distributed to each FBI field office. Over the following months and years, Plan C would be adjusted as drills and meetings found holes in the defensive strategy: Communications were more closely held, authority was apparently more dispersed, and certain segments of the government, such as the U.S. Attorneys, had trouble actually delineating who was responsible for what. Bureau employees were encouraged to prepare their families for the worst, but had to keep secret the more in-depth plans for what the government would do if war did break out. Families were given a phone number and city for where the relocated agency locations would be, but not the exact location.