|
Solution Search:
#1 Definition
FPS stand for frames per second a measurement for how many unique consecutive images a camera can handle each second. Low-end digital still cameras typically have a frame rate of 1fps. Low end digital video cameras typically have a frame rate of 30fps. Learn more: To learn more about digital cameras visit DigitalCameraReview.com |
Featured Articles
Massive Epsilon email breach could lead to email attacks, spam
A massive data breach at a third-party company that handles customer email messaging for 150 major banks, retailers and... More...
Amplidata launches object storage system; more SNW Spring 2011 news
SANTA CLARA, Calif. -- Amplidata introduced its first product today, the AmpliStor object storage system consisting of a...
More...
Featured Q&A
IT security career experts to dish out practical advice at RSA Conference 2011
Have either of you noticed any interesting or unique trends in the security career landscape over the last year or so?
Information security is becoming an increasingly popular profession. There are more certified information security professionals than ever, and the numbers are growing by the day. Competition is going to increase dramatically for the roles that people truly want, and it is going to become more important for security professionals to differentiate themselves and build meaningful skills that can demonstrate their value. What do you think information security professionals should be attuned to, both in the job market as they're looking for jobs, and in order to advance their careers? I think there is an important move away from the technology of security and toward an organizational- and people-centric way of looking at security. Right now in the industry, everybody is talking about security awareness training, the threat posed by social networks and things of that sort. With that trend, security pros no longer just need to understand the packets going across the network, as much as they need to understand the way people interact with those technologies and how those technologies affect people in order to make their organizations more secure. Is there anything specific that you see, such as a specific career path or specific certifications, which could significantly help people to advance their careers? Your question is the biggest problem that we are facing in the industry. Many people view certification as a key component to determining somebody's success as a security pro. The truth of the matter is that the more certified security professionals there are, the lesser the value of the certification. If 10 people have a certain credential, it's important; if 100,000 people have that same credential, it decreases in its importance by the same factor, if not more. The problem is that there is no magic bullet. Information security professionals are going to have to think about the combination of their skills, their experience, their personal qualities, their career investments, you name it. It is going to be the accumulation of those things and the correlation of those things that probably will have the greatest impact on their success as information security professionals and their abilities to achieve meaningful career goals. Murray: I think it is important to realize that certification is not equivalent to skill. Regardless of what the certification is, the credential does not mean that you are going to be a successful professional any more than a degree means that you are going to be successful. It is an indication that you have done a certain amount of work and a certain amount of preparation for a test, but it is not the same thing as the skills themselves. Kushner: I do not think that they are asking different questions per se. I think that they are realizing, more and more, that taking ownership of their careers is their responsibility, and it is not going to happen on its own. Maybe they are not asking different questions, but more people are asking more questions. Murray: And when you know that, only then are you really prepared to start saying 'If I know I want to be a CISO, these are the things that I don't have right now, these are the skill sets I haven't learned [that I will need]. I haven't learned how to write a budget; I haven't learned how to manage people effectively; I haven't learned what organizational risk tolerance is all about. So, what plan can I make to go out and get those things? Where can I learn them? Who knows those things and who can teach them to me?' Feb 9, 2011
Sandboxing bolsters software security, but it has weaknesses, expert says
What is sandboxing and how long have software vendors been using it in one form or another for security?
Back in the late 1990s the Defense Advanced Research Projects Agency (DARPA) funded some work that developed sandboxes. A sandbox is intended to stop untrusted code from behaving badly. An important attribute of a sandbox compared to straight application code is that it can allow imperfect code to run, be exploited, but not cause damage on the host system. That is the role of the sandbox. That's a very important concept because, for software that doesn't run in a sandbox, a single flaw can result in a full compromise of the desktop. Now what we see in the market are sandboxes in mainstream commercial products. Google Chrome deploys a sandbox for their rendering engine. Adobe Reader X incorporated deployed a sandbox so when you open a PDF file the rendering engine that Adobe Reader X uses, runs in the sandbox. So software makers are trying to create an application that runs independent of the operating system and the server, right? That's how some sandboxes work and really that's what virtualization does, not so much what sandboxing does. The Java Virtual Machine (JVM) is an example of that. For example, with sandboxing, Google recognizes that some of the content you are going to get on a website (a JavaScript) is going to be malicious. They know there's going to be flaws in the JavaScript engine that they are not going to be able to account for or know ahead of time. The idea behind the sandbox is that even if that flaw is there in the JavaScript engine and even if there's exploit code that exploits that vulnerability the fact that the JavaScript engine is running within that Google Chrome sandbox should stop that exploit from succeeding. The idea is to contain that malicious behavior inside of that sandbox. It's a step in the right direction to enable coders to not have to write perfect code, which we know they can't. But on the other hand, application-level sandboxes don't go far enough. The basic design of a sandbox involves trying to mediate any system call that they can think of that can be potentially exploited. As the example, in the Adobe Flash plugin exploit shows, they try to blacklist all the different communication protocols that could be called from Adobe Flash and they forgot at least one and who knows how many more. So fundamentally that approach of trying to think of everything that could be exploited and then trying to mediate those system calls is not a robust enough approach. It's not going far enough to isolate untrusted code that a user might run from their desktop. When Google Chrome came out it had the sandboxing capability right? They were sandboxing a number of third-party components? Actually, they were sandboxing their own renderer. They had not at that point supported sandboxing of third-party components. What's happened since then is Adobe has put in their sandbox for the Flash plugin for Google Chrome. We don't see sandboxing with a lot of applications. Is it really difficult for the coders to create the sandboxing capability? It does require a redesign and a rewrite of the application itself. If you look at Adobe Reader X, it is a completely new code base from Adobe Reader 9.x. That's part of the reason why it's not that easy. It's because of the approach they've taken, which requires them to think about all the different ways an attacker can run code that's going to try to exploit something on that system. When they develop a model that says this code is likely to call the file system and we're going to allow these reads and not those rights, they have to run code around each one of those rights to block them. In a glaring omission in the Reader X sandbox, was they decided not to try to stop code from reading files and potentially stop a machine from sending them to some remote server. We hear sandboxing from time to time when it comes to Android, Apple and even Windows smartphones. Is that the same basic concept? Yes. Android employs a version of JVM called Dalvik for running apps. What you are getting is the Java Virtual Machine as your sandbox when you run an Android app, which is good because JVM has been around for a long time. The problem is that a lot of apps require permissions that go outside of that sandbox. When you download an app as a user you're asked to give permissions to that app that essentially break the sandbox. Of course, as a user, you're pretty much always going to answer yes, because you want to get the full functionality of that app. You'll give it permission to the GPS or the camera, the microphone or the phone. All these things essentially break the sandbox. So that model of asking users to grant permissions doesn't protect the user because most of the time users aren't equipped to make good security decisions. Adobe is using protocol handler blacklists, which security researcher Billy Rios has pointed out is a weakness. What is a protocol handler blacklist? Is there an alternative way to block certain protocols? They put a requirement on any Flash files that the user loads from disk. The requirement is that when the Flash file runs, it should not be able to make any outbound communications. The risk they are worried about is that the Flash file is harboring malicious software and it might be able to read sensitive documents unbeknownst to the user and then send them out over the network. That was the security requirement. They implemented a sandbox to prevent that exfiltration of data from happening. The way they did it was by picking out the various ways that you can send data out. They enumerated different network protocols. We don't know what all they were, but we do know they didn't enumerate all of them. Billy Rios knew that wasn't a comprehensive approach so all he needed to do is find one protocol that probably is not on their blacklist. All he needed was one to leak any data he found on the desktop. Adobe Systems Inc. and other software makers have made sandboxing technology an important part of the application security strategy, isolating certain processes from interacting with the host machine's system memory. The goal is to stop attackers from reaching critical system files, preventing them from stealing sensitive data. But recently a security researcher pointed out an inherent flaw in the way the technology is being deployed, allowing savvy hackers to bypass sandboxing in Adobe Flash files stored on a user's computer. Sandboxing technology was developed in the 1990s and only now has reached mainstream adoption, said network security expert Anup Ghosh, founder and chief scientist of Fairfax, Va.-based Invincea Inc. In addition to Adobe, sandboxing technology is used by smartphone platform makers to isolate applications from accessing different functions of the device and it's used by some browser makers to isolate the browser's rendering engine. In this interview, Ghosh describes the basics of sandboxing, explains why it is a step in the right direction and points out some of the weaknesses in the current implementations of the technology. More... Jan 18, 2011
Definitions
What is Drizzle? Drizzle is a lightweight open source database management system in development based on MySQL 6.0. Drizzle is a slimmed-down version of MySQL 6.0 aimed at the Web application and cloud computing markets where users want software with less computing overhead. MySQL 6.0 features removed from Drizzle include stored procedures query cache prepared statements views triggers and grants. Drizzle also differs from MySQL in its use of a micro kernel architecture that makes it more modular. In addition Drizzle is optimized for multi-core processors and uses fewer data types and engines. The Drizzle development community is writing the software in C and C++ with support for many UNIX-like operating systems including Linux Solaris and Mac OS X. No Windows support is planned. As of October 2008 no release date was scheduled. Learn More About IT: Oct 20, 2008
Big Mother is the concept of pervasive parenting, in which parents use modern geolocation, wireless and video technologies to constantly track the activities of a child.
The term is a play on the Orwellian construct of "Big Brother," in which government "Thought Police" monitor a population by using human agents armed with hidden cameras and microphones. The Big Mother phenomenon has seen a sharp spike in recent years as relatively inexpensive wireless digital cameras and GPS devices have become available to parents who are unable to monitor their children in person but are still concerned about their safety. Cell phones are a common way for parents to remain in contact with children throughout the day. Other technologies, like RFID tags, may be embedded in schoolbags or clothing to track the location of children within school or daycare grounds, a practice that has already been implemented in select institutions in California. Some schools provide parents with access to secure Web sites, where they can sign in and watch their child at school or play and keep tabs on what homework has been assigned. Parents can even use debit or charge cards as a relatively low tech tracking device to monitor their child's dietary choices in the school cafeteria or purchases at the local convenience store. In the neighborhood, parents can use security cameras to watch children interacting with other children, enabling correction of deviance from a desired parental norm by cell phone or push-to-talk (PPT) phone. School-age kids are not the only people Big Mother is watching. Anyone who interacts with children is fair game. School bus drivers, for example, can have their busses equipped with GPS-navigation systems to let the parent know where the bus is and how fast the bus is moving. In the home, parents may use stuffed animals or other toys to hide cameras to watch nannies or babysitters. Big Mother is the concept of pervasive parenting, in which parents use modern geolocation, wireless and video technologies to constantly track the activities of a child. The term is a play on the Orwellian construct of "Big Brother," in which government thought police monitor a population through human agents armed with hidden cameras and microphones. The Big Mother phenomenon has seen a sharp spike in recent years as relatively inexpensive wireless digital cameras and GPS devices have become available to parents. (Continued...) More... May 2, 2006
An isotope is a form of a chemical element whose atomic nucleus contains a specific number of neutrons, in addition to the number of protons that uniquely defines the element. The nuclei of most atoms contain neutrons as well as protons. (An exception is the common form of hydrogen, whose nucleus consists of a lone proton.) Every chemical element has more than one isotope. For any element, one of the isotopes is more abundant in nature than any of the others, although often multiple isotopes of a single element are mixed.
The isotope of an element is defined by the nucleon number, which is the sum of the number of protons and the number of neutrons in the atomic nucleus. The nucleon number is customarily written as a superscript preceding the chemical symbol for the element. For example, 16O represents oxygen-16, which has 8 protons and 8 neutrons, while 12C represents carbon-12, with 6 protons and 6 neutrons. These are the most common naturally occurring isotopes of oxygen and carbon, respectively. Some carbon-14 is found in nature. An atom of carbon-14 contains 6 protons and 8 neutrons and is denoted 14C. Over time, 14C decays into 12C. Sometimes the isotope of an element is denoted by writing the nucleon number after the chemical symbol, and not as a superscript. Thus, some texts will denote carbon-14 as C-14 or C14 instead of 14C. Certain isotopes of elements are unstable, giving off ionizing radiation, also known as radioactivity. Such an isotope is called a radioisotope. Carbon-14 is a radioisotope of carbon. In the case of an element that is radioactive in all its known forms, such as uranium (U), certain isotopes are more radioactive than others, and/or give off different proportions of the various types of ionizing radiation. More... Oct 31, 2002
How To
Direct transport VPN configuration
Previous articles in this series on IPsec VPN configuration using Cisco routers covered building a VPN gateway and...
More...
Notebook Reviews
|