Top Reasons to Go With Managed WordPress Hosting Tags:#Product Reviews#web marshall kirkpatrick Why Tech Companies Need Simpler Terms of Servic… Spore, the hugely ambitious follow up to The Sims game series, won’t be publicly available until September – but you can start creating characters for the pan-evolutionary epic today using the just launched SporeCreator. Windows and Mac users can join a celebrity roster including Carlos Santana, Ze Frank and Jay Adelson of Digg in making Spore creatures for the SporeVote contest. Spore will be a game that tracks a world of creatures along each step of their evolution, from primordial slime fights to hyper civilized urban environments. If the read/write web is of interest to you, you’ll want to give Spore a look.The game is heavily influenced by leading Web 2.0 trends, including integration with the new YouTube API, a collection of widgets, at least some RSS feeds and some wiki inspiration. Does it seem a bit arrogant to ask users to start creating creatures months before the game is released, though? Some people think so.The creature creator will even be a revenue generator for Electronic Arts – the free version only includes an estimated 25% of the available body parts. We don’t feel like squabling over details right now – we’re just anxious to get our hands on the game.Below is a screenshot of the creature created by Ze Frank, from whom we learned about the availability of the creator on Twitter this morning. We think the likeness is pretty good.We’re excited to get our hands on Spore this September and this Creature Creator campaign will likely make good progress towards getting even more people excited. A Web Developer’s New Best Friend is the AI Wai… Related Posts 8 Best WordPress Hosting Solutions on the Market
This is another in a series of interviews with working professionals who have earned their LPQ or LPC certifications from the Loss Prevention Foundation (LPF) to hear in their own words why they pursued certification and how it has benefited their careers. Cita Doyle, LPQ, is the director of sales and marketing for InstaKey Security Systems. In over fourteen years of security consulting, she has published many articles, hosted multiple webinars, and conducted national training seminars. Doyle openly shares her knowledge and experience through education of effective key control practices. She is also an active member of The Loss Prevention Foundation, ASIS International, and the National Retail Federation, and serves on the Vendor Advisory Board for LP Magazine.When did you get certified? I received my LPQ certification in 2012.Why did you decide to pursue certification? From the initial start of the LP Foundation, our organization saw value in promoting education and growth in our industry and became a sponsor. Several members of our team, myself included, decided to go through certification so that we could have a better understanding of the role that loss prevention plays in the retail industry and learn what we could do to offer more value.- Sponsor – How would you compare certification to other educational courses that you’ve taken? Most courses that I have taken focus on one topic or practice. This certification covered more of a global operational business approach.Tell us more about the process. Having the coursework online really made it easy to work on at home and on the road traveling. The coursework was laid out very well and was easy to go through. Having videos to review was very helpful as well. When we went to take the proctored exam, the questions were more challenging than the coursework practice questions. You really had to think about what was being asked and apply what you learned.How has going through the certification process influenced the way that you approach your job? I have more confidence and truly feel it has made me a better leader professionally, both inside and outside of my organization. I have a better empathy and understanding for the role and challenges that loss prevention professionals and retailers face. As a result, our organization implemented sharing best practices in all of our marketplaces as we realized that one’s pain is usually shared by others.How has certification changed your expectations of loss prevention as a career, for yourself and for others? I have been a security solution provider for almost fifteen years in multiple marketplaces. After going through certification, I have even greater respect for this industry. I am very proud to be part of it.Is there anything else that you would like to share regarding the learning experience? I would highly recommend that solutions providers consider going through certification. Beyond learning more about retail operations and loss prevention, this course gave me a greater understanding of what our vendor community provides and has allowed me to make introductions that have created valued relationships andÊpartnerships.CertifiedFollowing are individuals who recently earned their certifications.Recent LPC Recipients Ronald Benkey, II, LPC, Lowe’s Amanda Bowen, LPC, Outerwall Bernard Brown, Jr., LPC, Belk Department Stores Christopher Caruthers, LPC, Publix Super Markets Andria Chrabot, LPC, Macy’s Logistics and Operations Mo Ferdause, LPC, Ahold USA Michael Forgione, LPC, Sterling Jewelers Jacob Gordon, CFI, CFE, LPC, Mattress Firm Sheila Hunt, LPC, Sears Holdings Eric Ives, LPC, FBI Headquarters Nicholas Mayer, LPC, Ahold USA Lindsey Miller, LPC, Brookshires Grocery John Norman, LPC, Lowes Food Stores Shawn Norris, LPC, The Vitamin Shoppe Christopher Ochs, LPC, Quality Food Centers Brandi Priest, LPC, Strategic Sustainable Solutionary Services Consulting Russ Raymond, LPC, Ahold USA Erik Robles, LPC, Stage Stores John Robson, Jr., LPC, Walmart Stores James Roper, LPC, Meijer David Scully, LPC, CVS Health Amy Spiehs-Hicks, CFI, LPC, CVS Health Charles Vega, LPC, Rite Aid Mark Wyand, LPCRecent LPQ Recipients Eva Alvarez, LPQ, Bed, Bath & Beyond Robert Brady, LPQ, 7-Eleven Gabriel Daigle, LPQ, AT&T/Cricket Communications Justin Gantz, LPQ, Zallie Supermarkets Ryan Hepburn, LPQ, Securitas Security Services USA Rick Hughes, LPQ, retired Wesley Justice, LPQ Timothy Larson, CFI, LPC, LPQ, Lowe’s Leneda Maxey, LPQ, Goodwill Industries International William Miller, LPQ, Delhaize America Sharon Myers, LPQ, Ahold USA John Sand, LPQ, Webster University Sylwia Urbaniec, LPQ, CAP Index Matthew Webb, LPQ, Lowe’s Ryan Wiltz, LPQ, Army veteran Stay UpdatedGet critical information for loss prevention professionals, security and retail management delivered right to your inbox. Sign up now
If you are responsible for the security of a product in development, you may be wondering what the options there are for security/penetration testing. First, you may need to know what is involved with security testing and more specifically, what is a penetration test? A penetration test, or pentest, is a method of assessing the security of a computer product, system or network by simulating an attack from a malicious source, which can be defined from a threat model. In most cases, a pentest is performed to validate security before shipment of the product with the overall purpose of providing assurance that the security objectives and mitigations are correctly implemented, thus limiting the potential risk of exposure.One important concept that is needed for anyone responsible for deciding who performs a penetration test is the difference between white box, black box, and grey box penetration testing. The difference is in the amount of knowledge of the infrastructure or product to be tested.White Box Testing – provides the testers with complete knowledge of the product or infrastructure to be tested. Often information provided to the testers includes architectural specifications, source code, infrastructure information including network diagrams and IP addressing information.Black Box Testing – assumes no prior knowledge of the product or infrastructure to be tested. The testers must try to figure out the inner workings of the product or infrastructure based on analysis of packaged documentation, shipped assemblies, inputs and outputs.Grey Box Testing – There are also several variations in between, often known as grey box tests. Penetration tests may also be described as “full disclosure”, “partial disclosure” or “blind” tests based on the amount of information provided to the testing party.So, who should perform a Penetration Test?Many organizations are training software developers and architects to improve secure development practices. Some product development teams have begun using static source code analysis tools as a means to determine insecure function calls, nonexistent or improper input validation and less secure coding practices. By all means, the increased security knowledge within a development team will definitely improve security as it is integrated into the Product Development Life Cycle (SDLC) and help in the awareness of potential security issues during requirements gathering, architecting, designing and coding of a product. But in many cases, the investment in security training and tools for developers is expected to pay off in that penetration testing before shipment might be deemed unnecessary. Although, these examples of best practices can really improve the security in development, it should not nullify the need of formal security testing that is provided in a penetration test.It is also important to note that vulnerabilities found in any stage of development or penetration test may not have a known exploit. This means that a buffer overrun discovered during any security testing should not have to be exploited to prove that it is not secure. Writing exploits to prove code is insecure may be out of scope for a security test due to the time it can consume. Any potential security issue identified during a Penetration Test should be evaluated based on risk and if necessary, mitigated using secure coding practices.Internal testing within the product development team:Pros – An advantage to this type of testing is that some security related issues can show up early on in the development cycle, allowing adequate time for changes to be made at the architectural or design phases. The developers can perform the security related tests with the white box approach as they would have the most complete knowledge of the product. This can also be beneficial if there are talented individuals within the groups that can share their knowledge, it could be a great benefit to others in the groups. Additionally, if security related tools have been purchased by the corporation, the use of these tools can be leveraged.Cons – There may be a lack of experience for the tester. If an attempt is made to find an experience security tester, the resource may not be available. Another likely con for developers testing security in their own code is that the mitigations or security objectives might not be tested as affectively due to a lack of objectivity which is important for any testing of a product. Quality Assurance (QA) team could get involved but it is important to note that any QA testing team is responsible for ensuring functionality in the deliverables and are not usually specialized in this area.Insource – Testing within the same company using an internal dedicated security validation team:An internal team may be already in place in some organizations and can be engaged to completely manage the security testing for a product. There are positives and negatives to this strategy as well.Pros – This option can allow for sharing of knowledge of the product with the security testers and developers who can communicate directly with each other and discuss architecture, design and implementation. The employees may be permanent employees that allows for less legal agreements than a completely outsources solution when there are IP concerns. This can provide the ability for full white box testing if desired. The sharing of security testing knowledge is more possible and can achieve a higher level of objectivity in testing than in the case of a development group performing the security tests. The biggest benefit to this option is that it can allow the most open and direct communication and collaboration between the security testing team and the developers. The Security validation team can use a white box approach as they would have access to the complete knowledge of the product by communicating with the development team.Cons – Expert security testers are limited resources these days so it may be necessary to pull in less experienced resources who can request support from those who are more experienced. If a formal certification is required for the product, this option may not be good as the organization would be self-certifying its security in a product.Outsource – Security Penetration Testing using an external dedicated security validation team:In some cases, it is good to have a 3rd party engagement for penetration testing of a product. This option completely outsources the service of penetration testing to an external company that specializes in this service.Pros – The external security testers specialize in this type of work and may be dedicated to security testing. Outside source can provide the most objectivity. If needed, external security testing can provide certification to a specific level of security assurance. One beneficial way to achieve the most from this type of testing is to create a collaborative security test environment and work side by side to ensure the knowledge is shared amongst the development team and the security testing team.Cons – This is most likely the costliest solution. Additionally, Intellectual Property (IP) protection is an issue and legal oversight with Non Disclosure Agreement’s NDA’s are needed to lower the risk to IP disclosure. This can also limit the amount of knowledge that can be provided to the 3rd party forcing a more black box or grey box approach to security testing …but a black/grey box approach may be the intent (pro) in some cases. Location and access to the testing environment for support may be limited for the customer, so validation of the testing environment may be difficult causing less assurance that tests are run with the most stable product(s) or version(s). There may also be less communication and collaboration between the testing team and the development team if the product is sent out for testing without expertise to assist the security testers in fully understanding the product.To summarize, security testing through penetration testing is a valuable approach to validating security during development and before shipment of a product. If the risk of a product is valued high enough, it may be necessary for all of the proposed options to be utilized in some way so the suggestions provided here can be combined to ensure the best security solutions are planned in from the start. Even though some security testing can be performed at different stages in the development of a product, a pentest is most commonly planned for and scheduled before shipment of a product. But it is important to emphasize that security can never be appropriately and cost effectively “tested in” to a product after development.
Researchers have found a way to increase how fast, and for how long, four paralyzed people can type using just their thoughts. The advance has to do with brain-machine interfaces (BCI), which are implanted in brain tissue and record hundreds of neurons firing as people imagine moving a computer cursor. The devices then use a computer algorithm to decode those signals and direct a real cursor toward words and letters on a computer screen. One of the biggest problems with BCIs is the brain itself: When the soft, squishy organ shifts in the skull, as it frequently does, it can displace the electrode implants. As a result, the movement signal extracted from neuronal firing is constantly being distorted, making it impossible for a patient to keep the cursor from drifting off course without a researcher recalibrating the instrument every 10 minutes or so. In the new study, part of a clinical trial of BCIs called BrainGate, researchers performed several software tweaks that allow the devices to self-correct in real time by calculating the writer’s intention based on the words they’ve already written. The devices can now also correct for neuronal background noise whenever a person stops typing. These improvements, demonstrated in the video above, allow BCI users to type faster and for longer periods of time, up to hours or days, the team reports today in Science Translational Medicine. Though the technology still needs to be miniaturized and wireless before it can be used outside of the lab, the new work is a big step towards BCIs that paralyzed people can use on their own at home, the scientists say.