Science News

My personal blog

Quirky Criminal Bills Take Regulation Too Far, Critics Say

In Texas, it may soon be a crime to miss parent-teacher conferences -- just one of a wide assortment of transgressions that legislators in different states are considering making subject to criminal punishment. Some commentators see the latest wave of bills as part of a dangerous tendency toward overcriminalization. One expert cautions that politicians are misusing criminal law as a tool "to signal that they are serious about whatever the social problem of the month is."



Scout NFL Audible: Kasey Studdard

Scout NFL Audible: Kasey Studdard When the Houston Texans selected offensive guard Kasey Studdard in the sixth round of the NFL Draft, they added a fun-loving, brawler to their roster who's sure to become a fan favorite. Learn more about him in this exclusive interview and audio clip with Scout.com's Ed Thompson. (Read on Source)


Erin, It's Good to See You Again!

With the season fast approaching, here are seven words college football fans have grown to cherish: "Now let's go down to Erin Andrews." (Read on Source)


Webpage Creation in Dreamweaver - How I Deal With Font Conflicts

Dreamweaver would seem to have become the platform of choice for website designers. Simple enough for beginners to master to a workable level and sophisticated enough to keep the master designers comi...


Akademy 2007 Sponsors Announced

This Friday will see KDE contributors and our friends arriving from around the world to take part in the KDE World Summit in Glasgow. It costs a lot of money to host a conference of this size, but as in previous years our industry partners have stepped up and made it possible through generous sponsorship.


Linux: Rewriting the x86 Setup Code

KernelTrap: "H. Peter Anvin submitted a series of patches rewriting the x86 setup code..."


Add Logo And Support Information to Vista

In Windows Vista, adding support information and a company logo is not as simple as it was in Windows XP, and it requires some Registry editing. You will also need a small logo of the company or other entity you want to display. Please follow these instructions:


Windows Vista Video Training
src=
 I just finished watching Windows Vista training videos by Train Signal and I am very impressed. I was very surprised at how detailed the course was and by how much I DO NOT know about Vista. Learning Vista is a fairly steep learning curve and this course covers it better than any book or site that I have come across. I highly recommend this course for power users, as you will learn A LOT more than you will from a book (which all seem to be geared towards the basic user). You can read more and watch a video training demo here.


Getting Started With A Secure Configuration Effort

Hi, this is Chad Hughes again.  In order to maintain a proper security posture, an organization must commit to developing and maintaining secure configurations on all layers of its environment.  Such commitment may require the organization to reconsider commonly accepted assumptions, dispel security myths, or just ?get back to the basics? of security.


 


For example, the ?Chronology of Data Breaches? compiled by the Privacy Rights Clearinghouse includes a number of instances where the improper disclosure of sensitive information could have been prevented by common sense, or basic security policies and procedures.  It is therefore not surprising that a recent Ponemon Institute survey sponsored by Oracle found that ?42 % of IT practitioners believe their organizations can do more to prevent loss or theft of confidential information? and ?Only 55 % of IT respondents believe they would be able to notify users and customers impacted by a data breach.  Of course, these issues are not limited to businesses, but also impact government organizations as well.  For example, a recent article on CSO Online related how the U.S. Department of Agriculture managed to expose thousands of social security numbers.


 


Incorrect technical assumptions can also be very damaging.  For example, while many IT professionals may think that databases are usually sheltered within corporate firewalls, in his 2005 and most recent 2007 ?Database Exposure Survey ? research, David Litchfield found that many databases are directly exposed to the Internet.  Unfortunately, generally innocuous search sites such as Google can be used to search for specific systems and services exposed to the Internet, and known vulnerabilities on those systems.  See for example ?Google Code Search peers into programs' flaws? on SecurityFocus or ?Google Your Site For Security Vulnerabilities? on Security Devcenter.  Michael Sutton's blog entry, ?How Prevalent Are SQL Injection Vulnerabilities,? includes an example of a simple Google query intended to find databases exposed directly or indirectly to the Internet.


 


A myopic concern with external threats and hackers may also lead organizations on the wrong path by focusing the security effort exclusively towards securing the perimeter of the organization.  For example, a quick glance at the web site of the Computer Crime & Intellectual Property Section of the United States Department of Justice shows that employees (both current and former) and contractors represent a significant portion of perpetrators.  When hardening exercises are performed in production environments, far too often only the Internet-facing edge of production environments get the hardening treatment, creating a hard, crunchy shell, but leaving a soft, gooey center.  The problem is that the hard crunchy shell often allows outside access to sensitive resources at the center to provide legitimate access to a set of services or applications.  When hardening the center is neglected, leaving it soft and gooey, it may be vulnerable to attack through these holes intentionally left open in the hard, crunchy shell.  As a result, it is not uncommon to witness situations where a compromised web applications server has resulted in the compromise of internal servers, sometimes even granting the attacker with privileged access on these machines.  An unprotected center also may unnecessarily expose valuable resources to internal threats such as human error, disgruntled employees, and malware propagation.


 


Even when an organization understands the need to work on all layers of its production environment, often enough, the secure configuration effort is hampered by the belief that such effort will require a tremendous amount of resources.  However, this is not necessarily true!


 


The effort of limiting the attack surface of the environment can yield significant security benefits.  This is because, in complex applications, no one-size-fits-all configuration can possibly accommodate the needs of every customer.  In most instances, customizing the installation to leave the proper balance of functionality is desirable to meet production and security objectives.  Production systems that are left in their default state are likely to contain unused functionality that varies from customer to customer.  Unused functionality in production environments needlessly increases the exposure surface, or total number of possible attack vectors.  To reduce the exposure risk, customers can limit production system functionality to that which is required.


 


The greatest advantage of reducing surface area of production environments is that it contributes to significantly increasing the security posture of the organization at a relatively small cost. This is particularly true when hardening can be automated so the incremental cost to harden is low. Hardening production environments by reducing the attack surface is relatively inexpensive compared to many other defense in depth safeguards: it typically doesn?t require expenses for acquiring additional licenses or hardware; hardening effort can be incremental so as to not dramatically impact production environment, etc.  Most importantly, the security return of a surface reduction effort is obvious -- if a defect is found in functionality you're not using, you're likely to be protected.  And you're likely to be protected before patching, before upgrading, before employing a work-around...nothing additional is required.  If a 0-day exploit happens to reside in unused functionality that was already disabled by a previous hardening exercise, you're protected.


 


For more information on Oracle?s Secure Configuration initiative, see my previous blog entry ?Oracle?s Approach to Configuration Hardening.?    Finally, the Oracle Software Security Assurance Resource Library includes valuable links to technical white papers and security checklists providing guidelines for reducing surface areas, or engaging in a more comprehensive hardening effort.


 


NOTE: Opinions expressed by the authors of the white papers and articles cited in this blog entry do not reflect the position of Oracle. Any advice, conclusion, or recommendations discussed on these sites (or sites they link to) are not validated by Oracle.


Microsoft warns of new Word attacks

... early if attacks persist or w orsen. Hundreds of thousands left without web access Internet Explorer users the worst of the bunch ...


W2i Recognizes Minneapolis?s Wireless Broadband ? fuelled by BelAir Network

... any enterprise-level need. Services include, but are not limited to, Internet voice and data, web hosting, anti-spam and anti-virus, remote system backup, collocation services, disaster recovery, ecommerce services, web site ...


Mozilla: Security a Significant Focus

Internet News: "Security Mozilla is moving forward on a number of initiatives to ensure that Internet security improves. Among the efforts is a new approach for determining and measuring security metrics."


How important is it to manage your computer's temperature?

When it comes to the lifespan of the hardware in your computer, as well as its reliability, heat is the ultimate enemy. Not just for PCs, but for all electronic devices in general. The solution? P...


Open source in an economic downturn

We are in an economic downturn, perhaps even a full-blown recession. Any doubts I had about that were removed by two related, recent phenomena. The first is that whenever I walk down a high street I see almost every single retailer involved in near permanent 'sales'. Looking into the figures confirms the picture - sales on the high street have fallen for four of the past five months.


Heavy rain ends free practice early

Heavy rain ends free practice early Heavy rain at Autodromo di Monza ended Friday's first free practice session early. The FIA decided it was not responsible to continue the session with four minutes left on the clock as even most Formula 1 teams saw their pitbox being flooded. (Read on Source)


Back From The Mediterranean!

For the last 2 weeks you may have noticed that the frequency of my posts have been very minimal, this was because my wife and I have been in Europe for the last little while cruising the Mediterranean aboard the Norwegian Jade. We enjoyed excellent weathe r while visiting Spain, Italy, Croatia, Greece and Turkey. The cities we visited included: ... (Read on Source)


Pedophile's Online Sock Puppets Include Fake Johnny Depp

A 46-year-old Iowa man's quarter-century long prison term is upheld on appeal. He was convicted of using a menagerie of online identities of various ages and genders in search of underage sex.
Add to Facebook Add to Reddit Add to digg Add to Google


Rise of the Argonauts Not Delayed to 2009? Kinda

Earlier we carried word that oft-delayed title Rise of the Argonauts had been delayed to 2009. Now it appears that the delay only applies to unfortunate European gamers as publisher Codemasters has now announced that Liquid Entertainment’s action-RPG will hit North America on December 16. Gamers in the UK won’t be able to get their hands [...]


AIG seeks to ease repayment terms for government loan

NEW YORK (Reuters) - American International Group Inc is seeking to ease terms for repayment of a $60 billion U.S. government loan, according to media reports.


Computer Input And Output Devices

Generally, you do not think of your computer's input and output devices like monitors, keyboards, and printers as storing your information and generally you would be right. None the less, they may ...


Video: Casio Digicam Shoots 1000 Frames Per Second

At CES 2009, Casio showed off one of its latest digital cameras, the Exilim EX-F100. This compact camera features a 30-shot burst mode and is capable of shooting video at 1000 frames per second.

Add to Facebook Add to Reddit Add to digg Add to Google


PC processor shipments to drop in 2009

PC microprocessor shipments slowed in the fourth quarter and will continue to decline this year, according to an IDC survey released on Wednesday.

Microprocessor unit shipments will decline by about 15 percent in 2009 compared to last year, according to preliminary numbers from the market researcher. Worldwide microprocessor shipments during the fourth quarter dropped 17 percent sequentially and 11.4 percent year-over-year, IDC said.

[ How severe is the impact of the economy on IT? Find out in "Is tech in more trouble than we think?" And also learn the "Five top spending priorities for hard times." ]

The research firm couldn't quantify the number of microprocessor shipped during the fourth quarter, but the fall was precipitous, said Shane Rau, research director at IDC.

"After hinting at a decline last September, the market fell of a cliff in October and November," Rau said.

The worldwide recession has slowed PC demand which will continue to affect microprocessor shipments. Worldwide PC shipments fell 0.4 percent year-over-year in the fourth quarter of 2008, IDC said in study released last month. Shipments of netbooks totaled 10 million in 2008, but strength in netbooks was outweighed by slow or even declining sales of traditional laptop and desktop PCs.

Intel took a big chunk of the server, mobile and desktop chip space from its rivals, Advanced Micro Devices and Via Technologies.

Intel's market share in unit shipments was 81.3 percent in the fourth quarter, up from 80.8 percent share in the third quarter and 76.7 percent in the fourth quarter a year earlier. AMD had a 17.7 percent share in the fourth quarter, down from 18.5 percent during the third quarter and 23.1 share it had a year earlier. Via Technologies held a 0.4 percent share during the fourth quarter, compared to 0.2 percent it had the previous year.

After dominating most segments, Intel is now looking for new markets to grow, Rau said. The company has its feet wet in the mobile space with chips like Atom for mobile devices, but the competition is intense from entrenched competitors like Texas Instruments and Qualcomm, Rau said. These markets are either flat or in decline because of the recession, which also poses a big challenge for Intel.

Beyond entering new markets, Intel on Tuesday announced it would try to provide faster chips by shifting to the 32-nanometer manufacturing process. The move should stimulate chip demand for Intel and help it gain market share over rivals, Rau said.

"Intel is enabling its customers to build better products rather than just cutting price," Rau said.

Intel already dominates the netbook space with its Atom processor, though Via could present some challenges. The small chip vendor can provide inexpensive chips for netbooks and enable new form factors, so customers may look at its chips as an Intel alternative.

As long as Via continues to ramp its C7 and Nano processors, it will inevitably gain some share though the numbers are hard to quantify, Rau said.

"[Via] is more a rebel with less to lose," Rau said.

Intel's primary rival, AMD, has held a steady market share in desktop processor shipments, but has been volatile in the mobile processor space. It hasn't been able to match Intel on pricing and features on mobile chips, Rau said.

The news for AMD is better in the server space, where it recovered from the earlier Opteron server chip mistakes with a new chip codenamed Shanghai it shipped last year. Unfortunately the recovery came when the worldwide economic crisis began, which has slowed down adoption of its server chips. But the company is well-placed to see those chip shipments rise as economies recover.

AMD's worst competitor is itself, and its strategies tend to work best if it doesn't focus on competition with Intel, Rau said. AMD's products on the crosshairs of specific market segments dominated by Intel -- like the Athlon Neo for ultrathin laptops -- have worked in the company's favor.

But with the recession, AMD needs to focus more on surviving in the market, not market share, Rau said. The company is spinning off its fabs and lowering its cost structure through downsizing.

But AMD has a price advantage over Intel, Rau said. If the company releases chips on time and lowers the cost structure, it will have better control over pricing its products. That could bring the company back into contention against Intel.

"No one should think that AMD's going away... the market needs two viable competitors to remain competitive," Rau said.




AMD Delays Foundry Vote After Low Turnout

AMD has given shareholders an extra week to vote on its manufacturing spin-off after too few votes were cast at a stockholder...

Add to digg Add to Reddit Add to Slashdot Email this Article Add to StumbleUpon


SAS and IDeaS to Host Hospitality Seminar in Singapore

SAS and IDeaS to Host Hospitality Seminar in Singapore.


Get Enterprise Hosting From A Leading Company

There are numerous web hosting companies for business to choose from. The array includes both large as well as small scale companies with different needs for their websites. Obviously, a large bus...


Ägypten: Steinplatte von König Skorpion entdeckt

In der ägyptischen Halboase Fajum haben Forscher Spuren von mehr als 6.000 Jahren Zivilisation entdeckt: von Pfeilspitzen aus prähistorischer Zeit bis zu Keramik aus der Epoche der islamischen Herrscher. (Read on Source)


Odds And Ends: Giles, Vlad, Bay

Links for your Memorial Day weekend... Bruce Jenkins of the San Francisco Chronicle writes  that the Giants should concede the division to the Dodgers and build for the future. Jose de Jesus Ortiz of the Houston Chronicle shows  that Nolan Ryan's presence has strengthened the Rangers by making it easier for them to recruit the coaches and ... (Read on Source)


Doctors Versus Midwives: The Birth Wars Rage On

There are a lot of reasons hospital-based doctors disagree with midwifery. Here's one: The only time OBs see midwives is when they come to the hospital with a patient in crisis (Read on Source)


SEOs should be thanking Matt Cutts and not criticising him

SEOs should be thanking Matt Cutts and not criticising him I’m seeing a lot of negative Twitter and some blog commentary regarding the new rel=”nofollow” news and advice from Matt Cutts. It’s SMX week. I’m at SMX Madrid but Mr Cutts decided to visit SMX Advanced instead. While he was there he explained that Google treats the nofollow value for the relationship attributes on ... (Read on Source)


Patient empowerment: Who should call the shots?

"Empowerment." What a grand word! After all, who doesn't want to be "empowered"? Certainly not me. Perhaps that's the reason why it's become the new buzzword in a movement known as "patient-centered" care. Old fart that I am, I'm a bit puzzled by exactly what that term means. After all, I've always thought I have been practicing patient-centered ... (Read on Source)


Rays' Longoria showing what Rockies missed

Rays' Longoria showing what Rockies missed Rockies outfielder Brad Hawpe exchanges high-fives with Little Leaguers before Tuesday night's game against the Tampa Bay Rays at Coors Field. Hawpe took a .337 batting average, nine home runs and 47 RBIs into the game. (Karl Gehring, The Denver Post ) (Read on Source)