In this post from the ACE Team, they show how to generate Security Code Review Checklist using patterns & practices Guidance Explorer and Outlook 2007. Checklist documents can be generated without Outlook 2007 by only using the Guidance Explorer...

The Anti-Phishing Working Group (APWG) has just released their Phishing Activity Trends Report for the month of December. Overall, the report showed a decrease in activity from the previous month; however, there were a few notable exceptions. It appears...

Apparently, software updates are getting so big these days that simply downloading them from a server is becoming prohibitively time consuming, especially when the same updates need to be applied to many different machines. A Dutch university has some...

Security portal Zone-H , which documents attacks on and defacements of Web pages, has compiled statistics about the attacks within the last year. Apparently, Linux servers were successfully defaced twice as often as Windows servers. Apache servers were...

Apple's teasing commercials that imply its software is safer than Microsoft's may not quite match the facts, according to new research revealed at the Black Hat conference on Thursday. Researchers from the Swiss Federal Institute of Technology looked...

In addition to my previous blog post: http://blogs.technet.com/ms_schweiz_security_blog/archive/2008/03/29/black-hat-who-patches-security-holes-faster-microsoft-or-apple.aspx From IBM Internet Security Systems: http://blogs.iss.net/archive/AppleCrumble...

Spyware authors are offering financial rewards to botnet operators and other cyber-criminals who covertly install their spyware, security experts warned today. http://www.vnunet.com/vnunet/news/2212403/spyware-authors-offer-dollars Urs

The start-up's rootkit detection technology will be added into Microsoft's Windows Live OneCare and Forefront security products. http://www.news.com/8301-13860_3-9899808-56.html?part=rss&subj=news&tag=2547-1_3-0-5 Urs

Bruce Schneier: " Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your...

From Roger's blog post: http://blogs.technet.com/rhalbheer/archive/2008/03/19/sun-and-apple-update-a-sheer-nuisance.aspx http://blogs.technet.com/rhalbheer/archive/2008/03/25/sun-and-apple-updates-a-sheer-nuisance-part-2.aspx Well, a little bit in...

"Across the globe, Windows Internet Explorer 7 has more than 100 million users seeing green," VeriSign said in a press release about Extended Validation SSL technology earlier this month. About 5,000 sites are using the new technology, which gives users...

A majority of government IT organizations say identity management is very important to securing their networks and will become even more so over the next five years, but that funding to keep pace is a major impediment to growth. The respondents also...

The rise of PCs, graphical user interfaces, the Internet, and Web 2.0 technologies have obviously had major impacts on the IT industry, but according to Microsoft (NSDQ:MSFT) CEO Steve Ballmer, the computing revolution that's about to take place will...

New Book: The New School of Information Security by Adam Shostack and Andrew Stewart About the Author: Adam Shostack is part of Microsoft’s Security Development Lifecycle strategy team, where he is responsible for security design analysis techniques...

If you travel across national borders, it's time to customs-proof your laptop. Customs officials have been stepping up electronic searches of laptops at the border, where travelers enjoy little privacy and have no legal grounds to object. Laptops and...

Blog Posting from Neil Carpenter: "A number of people are reporting that 10K+ Web sites have been hacked via a SQL injection attack that injected a link to a malicious .js file into text fields in their database. Since the CSS Security team here at...

The commercial use of biometrics will become widespread in five years, but is not without security risks The growing use of biometrics by businesses to identify individuals is insecure and in need of serious attention, according to one IT systems company...

Security researchers are cooking up tactics for beating phishing fraudsters at their own game. Phishers perennially set up fraudulent sites on servers they have compromised. But due to the sheer volume of sites that need to be set up to perform a successful...

While some investigations rely on highly trained professionals using expensive tools and complex techniques, there are easier, cheaper methods you can use for basic investigation and analysis. In this article, we will focus on computer forensic techniques...

At a closed-door security summit hosted on Yahoo’s Sunnyvale campus last week, a researcher demonstrated a new technique to more easily identify phishing and other malicious Websites. Dan Hubbard, vice president of security research for Websense, showed...

Researchers from a German university have developed a model to predict programming errors in applications. The method has the potential to save software companies money by allowing them to isolate parts of their code that need more rigorous testing...

Cisco has taken a leaf out of Microsoft's book by adopting a regular patch release cycle. However, the change will apply only to security bugs involving its core IOS software and not all its products. Starting on 26 March, Cisco will release bundles...

Microsoft Corp. hopes to beef up online privacy with the acquisition of the U-Prove technology, the company announced on Thursday. U-Prove was developed by Stefan Brands at Credentica Inc. to allow Internet users to disclose only the minimum amount...

We just made Internet Explorer 8 Beta 1 available. This could be important if you are developing web applications or just if you are curious! :-) http://www.microsoft.com/windows/products/winfamily/ie/ie8/readiness/Install.htm See also: http://channel9...