Whatis.com Solutions Directory

Solution Search:
Enable Project-Centric Manufacturing with Business Software by IFS
Project-centric manufacturing business models that involve outsourcing and short product lifecycles expose manufacturers to a number of risks they were not...
Achieving Effective Inventory Management by Sage North America
of Sage MAS 500, an award-winning business software suite that provides superior power, flexibility, and integration with your existing line of business applications.

...

Maximize Software Cost Savings by License Reharvesting, Recycling & Applying Product Use Rights by Flexera Software
the key components to maximizing software spend and software asset management through license agreements and license types, common product use rights...
ManageEngine Applications Manager 9.2 by ManageEngine
and performance monitoring software that helps IT Operations and Application Support to ensure high uptime for their business applications in...
Best Practices for Implementing Automated Functional Testing by Hewlett-Packard Company
can achieve a higher ROI from software projects.

Today's enterprises need to conduct thorough functional testing of their mission-critical applications to...

Why Cloud BI? The 9 Substantial Benefits of Software-as-a-Service Business Intelligence by Birst
Business Intelligence (BI) solutions in the Cloud offer a timely and cost-effective resource for businesses of all sizes to...
Business Intelligence Product Directory - 2010 Edition by SearchDataManagement
This product directory of top BI software options will help IT and LOB professionals select the right BI software for their organization. This interactive...
Integrating IBM WebSphere Portal and IBM Mashup Center Software by IBM
to the IT infrastructure and drive business innovation, whatever the company’s size. And it can help employees and business partners work more efficiently...
Architecture, Design, and Construction Part 1 by IBM
a demonstration of the IBM Rational Software Development tools focusing on application modeling, design, development and coding.

Join this briefing to see a...

Guidelines to Create a Robust Test Automation Framework by Alliance Global Services
and maintaining quality software releases is critical to business performance. This paper presents the benefits of different Test Automation...
Presentation Transcript: The Buy Versus Build Dilemma by Tableau Software
for integrating analytic and Business Intelligence (BI) features into existing applications.  Discover the benefits and drawbacks of each approach, and...
The Buy vs. Build Dilemma: Adding Embedded Analytics and BI by Tableau Software
for integrating analytic and Business Intelligence (BI) features into existing applications.  Discover the benefits and drawbacks of each approach, and...
Disaster Recovery Planning with Virtualization Technologies by Double-Take Software
Business continuity is not just a good business practice - it can mean success or failure if data and applications on a production...
E-Book: Successfully Leveraging Marketing Automation Technology: Building a Business Case by SearchCRM
loyalty. Marketing automation software can help solve these challenges, but it too requires a financial investment. Read on and learn how to successfully...
CRM+: An Innovative Approach to Agile Solution Development by Pivotal CRM, a CDC Software solution
that support extensive enterprise business processes and enable ongoing agility.

The high failure rate of enterprise software due to inadequate business fit has...

Rational Team Concert Evaluation Guide by IBM
Read this paper to learn how this software can aid in starting new projects and adding and transitioning team members quickly, thereby increasing your ability...
E-Guide: Data Visualization - Key Trends in the Business Intelligence Environment by Tableau Software
you will discover an overview of business intelligence software and trends for 2010.

Thanks to increased pressure on companies to do more with less, the business...

CollabNet TeamForge 5.4 by CollabNet
Distributed software development teams need tools to help them collaborate efficiently using Agile processes, while meeting regulatory...
CIO Decisions Ezine Volume 3 by CIO Decisions
can drive flexibility and meet business needs. Also in this issue: MDM's strongest business case and how to navigate the compliance minefield. In this issue we...
The Evolving Role of the Business Analyst by IBM
Oriented Architecture (SOA), the business analyst now has to think about issues such as IT services and how to define business logic as rules for easier and faster...
Steps to Creating your "Lean BPM Game Plan" by SERENA Software, Inc.
benefits of Lean thinking and Lean Business Process Management (BPM) to rapidly deliver customer value, increase business process flexibility, and eliminate...
Software Asset Management: Taming the Wild Beast by CA Technologies.
and implementing a successful Software Asset Management (SAM) program, including recommended approaches to mitigate risks and ensure program success.

Join...

E-Book: How to Set Up and Manage a Successful Business Analytics Program by SAS Institute Inc.
structure, and manage a successful business analytics program that will give your organization more insight into its data than conventional reporting-based...
#1 Definition

An independent variable is a variable that is manipulated to determine the value of a dependent variables. The dependent variable is what is being measured in an experiment or evaluated in a mathematical equation and the independent variables are the inputs to that measurement.

In a simple mathematical equation, for example:

a = b/c the independent variables, b and c, determine the value of a.

Here's a simple example:
A teacher wishes to compare the number of tardy students wearing black with the number of tardy students wearing pink. In this scenario, clothing color is the independent variable and the... More...

Featured Articles
Exchange Server 2010 SP1 signals upgrade go-ahead by Bridget Botelho, Senior News Writer
For many IT shops, the release of a first service pack is the traditional green light for adopting a major release of a new... More...
Featured Q&A
Kaspersky researcher sees tough road ahead for antivirus detection by Robert Westervelt, News Director
You've done some interesting research on botnet operators and how their business works. Have you found middle-men involved?

Yes. The guarantor plays an interesting role. It's quite important to the whole botnet ecosystem and probably the ecosystems of any underground markets. If you can imagine a simple deal between two bad guys -- one has created the malware and another one owns the botnet and needs this malware. They want to make a deal, but these guys can't trust anybody when they're working for the dark side. They can't trust each other in this ecosystem. This is why this role [guarantor] appears. Both sides trust this middle-man, and then they can make a deal. Guarantors are usually respected people from hacker forums who have been there for ages. They're usually moderating hacker forums and are not going to disappear, so they are more or less reliable from the point of view of the criminals. At the same time, they don't do any illegal activities. They don't develop malware or own the botnet. All they do is verify what the seller is offering and what the buyer wants to buy.
Are these guarantors in a grey-space where they aren't doing anything that law enforcement can take action on?

That's correct. They feel safe doing what they do. These guys are playing one of the key roles in the whole ecosystem because if there were no middle-men, maybe there would be fewer deals because it's hard for the bad guys to trust each other. Right in the middle there is a botnet owner who buys malware, exploit keys or any kind of software keys from the producers through the guarantor. Then the guarantor is used again in deals between the botnet owner and the consumer of the services of the botnet. Those are spammers, people who want to conduct a distributed denial-of-service attack (DDoS) on some resource or any kind of other clients who are interested in using the botnet.
The latest Verizon Business Data Breach Report found the market is saturated for credit card numbers, causing the prices of that data to decline on the black market. Does that price fluctuation make this kind of guarantor business arrangement change over time?

No. It's just the normal flow of the market. The saturation of the market causing cheap credit card data is the result of having a really big number of credit cards stolen. The process is really easy with different automated tools developed and shared for free on the Internet. For example, the Metasploit framework is used to create malware quickly and efficiently. All of these helping technologies and frameworks are making it much easier for the bad guys to steal tons of credit card numbers. The more offers out there for stolen credit cards, the cheaper the price is.
One early prediction by Kaspersky for 2010 was that semi-legal grey market programs will be run by botnet owners. Is your research an indication that this is now true?

Actually there is an area in the dark side which is called "greyware". It's software which cannot be directly called malicious. But it was developed with an intent to do something malicious. At the same time it doesn't make any unauthorized access. A good example of "greyware" is remote administration software. It's software that can be utilized by a network administrator to control their networks and their workstations remotely and do administrative tasks. This same software can be installed and hidden from the user and utilized by the bad guys to steal information from remote workstations. This approach is migrating to other areas so the bad guys are trying to make their activities and services look more legitimate.
A hacker gave up his identity to Kaspersky to get payment for a service he created to trick malware researchers. Can you talk about what took place?

This case is not closed yet and is currently being dealt with in our legal department so I cannot share many details about it. There was an Austrian guy who developed a service called AV Tracker. The basic idea behind the service is to create malware -- special spyware -- that would be sent to the antivirus vendor laboratories to gain information. Using the stolen AV vendor data, the bad guy can track the IP addresses on the Internet where the malware was executed and he can be sure that the IP addresses that he sees belong to security companies. Then he offers an open source software module that anybody can use to make sure that any malware running at a security company will not behave as it would on the real home-user machine. That development was assisting the bad guys to make sure the malware would behave differently in our labs and we would have poor detection capabilities. We think the service was developed with malicious intent from the beginning. It seems the law is not restricting these things at the moment, but such services do not help the security community and the normal home user. It seems to be malicious.
Security researchers who develop signatures to detect malware and other insidious software are finding themselves increasingly under attack, according to Vitaly Kamluk, Kaspersky Lab's chief security expert based in Japan. Kaspersky is currently in a legal battle against a former Austrian security researcher who designed a program that can track the IP addresses of antivirus vendor malware analysis sites and ultimately make malware work differently on those security researcher systems, weakening antivirus detection. Kamluk said similar attempts to undermine signature writers and the increasing use of "greyware," software that isn't malicious, but can be used by criminals to carry out an attack, are causing problems for the security community. In this interview, Kamluk talks about the ongoing legal battle and his recent research on how botnet operators sell their services using a technique that dodges law enforcement. More...
Aug 11, 2010
Adobe vulnerability management: Arkin on the new threat landscape by Robert Westervelt, News Director
Is embracing Microsoft's software development lifecycle processes relatively new for Adobe?

Not really. Microsoft's SDL is something they have been working on for 10 years or so. The Adobe secure product lifecycle (SPLC) has its roots in the Macromedia work that was started in January 2004. So they had somewhat of a head start. Anytime Microsoft makes documents and resources available, we always look at them with great interest, and anytime there's a great idea, we'll adopt that and put it into the way we do things.
How do you expect bug hunters to disclose bugs? What is Adobe's responsible disclosure policy?

Any time a researcher identifies a vulnerability in an Adobe product, we're thrilled to hear that research. You can contact us through psirt@adobe.com. We triage through that email list for anything that has any chance of having technical merit, and we try to initiate contact with the person who reported it to us. If we get the same results that the researcher saw, we work with our product team. The product team works on creating the patches, doing the testing to make sure the patches fix the vulnerability, and then the end result is eventually a security update that will ship. There is a small group of researchers that we have very sensitive relationships with and work with a lot, and then there's always someone who we may not have worked with before, but we may know them in the security community. Our goal is to always make sure to communicate how appreciative we are when they take the time to share this information with us, and we do everything we can to keep them up to date with what's happening.
Why not pay researchers for the bugs they find?

We spend a lot of money on external researchers helping us to improve our software. Rather than some type of bug bounty, what we've chosen to do is to look at a potential consulting engagement if someone comes forward with an idea to make our software security better. The effectiveness of the experience and skills that the researcher brings is so much higher when they are able to access the engineers who are directly working on the product and all the internal documents to help them do a full white box assessment. It's much harder to do that externally. Things are changing fast in the industry, though, so we're always paying attention to see if these other approaches [such as bug bounties] may work in our environment.
Since Adobe has gone to a quarterly patch cycle for Reader and Acrobat, you've had some out-of-band updates. Is that because those applications are targeted so much?

The quarterly updates are for things where there's no urgent need to get it out any sooner. We have to balance getting protections out as soon as we can to customers with the cost of disruption to the workflows of deploying a patch. No matter how hard we work to make it an effortless process, anything multiplied by hundreds of millions of machines is going to be really expensive. This is a really tough balance for us, because we can ship a lot of patches, which will help people defend against the latest things that have been reported, but at the same time, there is a great expense in keeping those machines up to date.
Talk about sandboxing and why it is needed.

When we looked at Reader and all the different ideas to make Reader more secure against this new type of threat we're seeing, we had to balance all of these ideas against the fact that there's hundreds of millions of people that use Reader in a particular way today. They don't want to have to change. So how can we make them safer and not change how they interact with the product? Sandboxing is one of the things that made it through the initial process. We've made a big investment to implement this. We started with this in the summer of 2009, and then we made the announcement that we are going to put sandboxing in the next major version of Adobe Reader. The first release is going to be write-only. The sandbox will run Reader in a low-rights process. If an attacker found a vulnerability that today might allow him or her to take over a computer, in the future he or she would be stuck in the sandbox.
You're addressing Reader and Acrobat, what can you do to address Flash issues?

Flash Player is installed on a lot of machines. For a couple of years now, Flash Player has opted into Internet Explorer protected mode if you are running IE7, IE8 or later, and using Windows Vista or later. Similar to what we did for Reader, Flash Player runs in low-rights and uses a broker process if you need to do something requiring higher rights. We have a lot of other things that we're working on with Flash Player as well. In the 10.1 version that just shipped, Flash Player now hooks into the privacy mode settings for the browser. If you are doing incognito mode or privacy mode, Flash Player is able to tap into that and respect those settings.
One of the announcements at Black Hat is that Adobe is joining the Microsoft Active Protections Program. Why join the program, and what does it mean for the security vendors in the program?

We've been looking for ways to get this actionable, detailed technical information out to the security vendors, so they can protect our mutual customers against these types of attacks that were possible. The feedback that we got was that the MAPP was the right way to do it. Rather than reinventing the wheel, we're working together with Microsoft so that product security information is going to get through to the participants in the MAPP program. There are 65 participants. Adobe is not becoming the 66th, but rather the second software maker that is sharing product vulnerability information.
LAS VEGAS -- Brad Arkin and Adobe Systems Inc. have had to endure a lot of ribbing at Black Hat 2010. Arkin, senior director of product security and privacy at Adobe, attended the Adobe Hater's Ball on Wednesday. The event, hosted by security vendor SourceFire Inc., was attended by security researchers who think Adobe is not doing a good job protecting its applications. But Arkin is going on the offensive, trying to make the company's security processes more transparent. At the conference, Adobe announced that it would join Microsoft's Active Protections Program, giving out early vulnerability data so security vendors can produce signatures to block attacks against flaws discovered in Adobe Reader, Acrobat and Adobe Flash. In this interview, Arkin explains Adobe vulnerability management and security strategies moving forward. More...
Jul 30, 2010
Definitions

Smart grid is a generic label for the application of computer intelligence and networking to dumb electricity transmission and distribution systems. Smart grid initiatives seek to improve operations maintenance and planning through automation and by making sure that each component of the grid can both talk and listen.?

The United Stated Department of Energy proposes that four types of well-defined open standards will drive the advancement of smart grid technology:

? Integrated communications?

? Sensing and measurement technologies?

? Automated controls for distribution and repairs

? Improved management dashboards and decision support software

Learn more:

The Smart Grid: An Introduction?is a publication sponsored by United States Department of Energy s Office of Electricity Delivery and Energy Reliability.

The National Institute of Standards and Technology (NIST) is working to define a framework of standards for smart grid technology.

The economic stimulus package signed by President Obama in February contains $11 billion for smart grid technology.

Smart grid is a generic label for the application of computer intelligence and networking to dumb electricity transmission and distribution systems. More...
Apr 11, 2009

Parallel ATA (Parallel Advanced Technology Attachment or PATA) is a standard for connecting hard drives into computer systems. As its name implies, PATA is based on parallel signaling technology, unlike serial ATA (SATA) devices that use serial signaling technology. Parallel ATA dates back to the 1980s. Integrated Drive Electronics (IDE) drives operate according to this standard.

The connections for PATA devices were originally made using 40-conductor ribbon cables. These were later supplanted by 80-conductor cables in which every other conductor is grounded, minimizing mutual capacitance (and consequent crosstalk) between conductors. The maximum workable cable length is 46 centimeters (about 18 inches). This means that PATA cables are only practical for use with internal drives.

Parallel ATA was originally called Advanced Technology Attachment (ATA) until the year 2003 when SATA was introduced. The cable for a SATA connection has seven conductors. These cables are more flexible than PATA cables and can be much longer, allowing the designer more latitude in the physical layout of a system. Because there are fewer conductors, crosstalk is less likely to be troublesome in SATA than in PATA. The signal voltage is lower as well (250 mV for SATA as compared with 5 V for PATA). Parallel ATA (Parallel Advanced Technology Attachment or PATA) is a standard for connecting hard drives into computer systems... (Continued) More...

Apr 17, 2006
A keyboard wedge can be either a software program or an inserted hardware device that translates digital signals from a barcode reader or magnetic strip reader (MSR) into keyboard strokes for a computer. The software form of a keyboard wedge intercepts the dignal signals from the reader when they arrive at the computer and instantly translates them into keyboard strokes. The hardware form of a keyboard wedge inserts the translation device between the reader and the keyboard. Data sent through a wedge appears as if it was typed into the computer, while the keyboard itself remains fully functional. Because a computer using a keyboard wedge can't tell the difference between data that is entered by a scanning device, or data that is entered by keyboard typing, a wedge can be used to easily add barcode reading capability to an existing computer without modifying software applications. More...
Oct 21, 2002
How To
Notebook Reviews

HP Pavillion dv5t Review

The dv5t features an Intel Core 2 Duo Processor, up to 4096MB DDR2 System Memory, NVIDIA GeForce Go graphics available and 15.4" diagonal WXGA BrightView Widescreen.
Find HP Coupon Codes

Dell Inspiron 1525 Review

The Inspiron 1525 is a Core 2 Duo powered 15.4" screen notebook from Dell. The Inspiron 1525 has Intel X3100 integrated graphics, an Intel Core 2 Duo processor and a thinner and lighter form factor than the previous Inspiron 1520.
Find Dell Coupon Codes

Dell Deals, HP Deals, Lenovo Deals, All Laptop Deals