It is pretty well-known that there is a high risk of keystroke loggers in Internet Cafes. That they are declared mandatory in a country however is pretty tough stuff!
http://indiauncut.com/iublog/article/indias-cops-get-orwellian/
Urs
Marco Giuliani posted: "I had an interesting read about a blog post of a famous researcher Joanna Rutkowska did. For those who don't know her, she's a professional security researcher well known on the web and in the world of security professionals for her research, especially in the field of rootkits and stealth malware.
Her last blog was about how, in her opinion, security companies - and especially antivirus companies are basically wasting their time developing antivirus products when they weren't useful but, instead, a digital signature could fix all problems for file infectors. Basically, a digital signature could assure us that the file we are going to execute isn't modified and, thus, isn't infected by a file infector virus."
See the full story: http://www.prevx.com/blog/60/Has-the-entire-AV-industry-been-wrong-since-its-start.html
Well... but read it yourself! :-)
http://msinfluentials.com/blogs/jesper/archive/2007/09/03/what-they-teach-kids-these-days.aspx
P.S. However, Jesper knows the difference between Sweeden and Switzerland! ;-)
WindowSecurity article on cross site scripting:
"Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. XSS in itself is a threat which is brought about by the internet security weaknesses of client-side scripting languages, with HTML and JavaScript (others being VBScript, ActiveX, HTML, or Flash) as the prime culprits for this exploit. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page which can be executed every time the page is loaded, or whenever an associated event is performed..."
http://www.windowsecurity.com/articles/Cross-Site-Scripting-Underestimated-Exploit.html
Application Verifier is a runtime verification tool for unmanaged code that assists in quickly finding subtle programming errors that can be extremely difficult to identify with normal application testing.
Application Verifier is designed specifically to detect and help debug memory corruptions and critical security vulnerabilities. It makes it easier to create reliable applications by monitoring an application's interaction with the Windows operating system, profiling its use of objects, the registry, the file system, and Win32 APIs (including heaps, handles, locks, and more). It also includes checks to predict how well the application will perform under Least-privileged User Account operation, compatibility tests to be used in logoing, and print tests to verify your usage of the print subsystem.
Running Application Verifier is easy; simply turn on the tool then run your project and go through your normal testing scenarios with a debugger attached. When your tests are completed, view the Application Verifier logs for any errors that may have been detected.
http://www.microsoft.com/downloads/details.aspx?familyid=bd02c19c-1250-433c-8c1b-2619bd93b3a2&displaylang=en&tm
BotHunter is a novel, "dialog-correlation-based engine" which recognizes the communication patterns of malware-infected computers within your network perimeter. BotHunter is a passive traffic monitoring system, which ties together the dialog trail of inbound intrusion alarms with those outbound communication patterns that are highly indicative of successful local host infection.When a sequence of in and outbound dialog warnings are found to match BotHunter's infection dialog model, a consolidated report is produced to capture all of the relevant events and event sources that played a role during the infection process.
http://www.cyber-ta.org/releases/botHunter/