The Swiss Federal Institute of Technology (ETH) just released a pretty interesting e-Learning Course regarding "Security in the Information Age".
I personally think that ir somewhere opens up the IT-Security-Guy's mind:
http://www.isn.ethz.ch/crn/activities/elearning.information-age.cfm
Roger
MS Research has released a paper on "Strider Typo-Patrol: Discovery and Analysis of Systematic Typo-Squatting" Typo-squatting refers to the practice of registering domain names that are typo variations of popular websites. We propose a new approach, called Strider Typo-Patrol, to discovering large-scale, systematic typo-squatters. We show that a large number of typo-squatting domains are active and a large percentage of them are parked with a handful of major domain parking services, which serve syndicated advertisements on these domains.
http://research.microsoft.com/research/pubs/view.aspx?type=technical+report&id=1084
Urs
Windows registry contains lots of information that are of potential evidential value or helpful in aiding forensic examiners on other aspects of forensic analysis. This paper discusses the basics of Windows XP registry and its structure, data hiding techniques in registry, and analysis on potential Windows XP registry entries that are of forensic values.
http://www.forensicfocus.com/forensic-analysis-windows-registry
Laptop Thieves get more and more agressive over time. Therfore think about protecting your information (e.g. Rights Management, Windows Vista)...
http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2006/04/08/MNGE9I686K1.DTL
...The purpose of this article is to go beyond the basics and explore how social engineering, employed as technology, has evolved over the past few years. A case study of a typical Fortune 1000 company will be discussed, putting emphasis on the importance of education about social engineering for every corporate security program.
http://www.securityfocus.com/infocus/1860?ref=rss
Well, it is pretty well known that more than 50% of the security incidents come from inside. But now organized crime reached a new level. Read yourself: http://blogs.zdnet.com/threatchaos/?p=322
There are days, where a lot of companies will think: Glad it did not happen to us: http://www.computerworld.com/printthis/2006/0,4814,110142,00.html
We all think about patching Windows, Office, the Backup Software, etc. Who of you thinks of the printers? Watch out: http://www.theinquirer.net/?article=30878
You probably saw this already. There is the first proof of concept virus out there that seems to be able to cross the plattform boundaries and flip between Windows and Linux: http://www.viruslist.com/en/weblog?weblogid=183651915
I would be interestend in how you see this threat? Is it real? How big is the problem from your point of view? Do you expect an outbreak soon?
Microsoft is joining more than 36 companies in participating in the second annual Email Authentication Summit in Chicago. Microsoft announced "strong momentum" in its work with other technology industry leaders to help promote email safety. Included in this strong momentum is the heightened use of the Sender ID framework for e-mail authentication, as well as the launch of an enhanced MSN Postmaster Services program. The program is designed to assist email senders and ISPs to manage their outbound email infrastructures better. http://www.securitypronews.com/news/securitynews/spn-45-20060419MicrosoftShowsStrongMomentuminEmailProtection.html
Microsoft/SenderID:http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx
Based on some questions and feedback of our customers, I would like to give you an update on MS06-015.
If you install this update, there might be some problems that could look like the following:
If you experience one of those issues, you most likely have either nVidia or HP software installed. We are working actively with those vendors to solve these issues.
If you need more information, please consult the corresponding KB article: http://support.microsoft.com/kb/918165/en-us
I usually do not reference to bulletin releases or re-releases but as I mentioned the problems regarding MS06-015 in this blog, just as an information: We re-released the ptach today in order to solve those problems