So I'm in the speakers lounge and so far today we've had MarkRuss talk at some length about what are and are not considered 'security boundaries' in Windows. For example, user sessions are a security boundary. Virtual Machines are a security boundary. Various 'Defense in Depth' technologies like UAC, IEPM (protected mode), session 0 service isolation, KMCS and PatchGuard are not. It was a great talk as usual. Now I'm watching Roberto Preatoni (WabiSabiLabi - aka 'zero bay') explain to us why he thinks his "security marketplace" is such a great thing . . . next Kaminsky is going to do a talk on DNS which should be highly entertaining - Dan's a great speaker.
Here are some security related things going on today that I find interesting.