security
The Pwnie Awards are like Blackhat's version of the SANS Top 20 . Categories include Best Client-Side Bug, Best Server-Side Bug, Most Epic FAIL, Mass Øwnage, etc... Check it out at: http://pwnie-awards.org/2008/awards.html
Read More...
One big change that I haven't posted about yet was my transition from Visual Studio Diagnostics to Office Security a few months ago. Here's an article published yesterday in "Dark Reading" that covers my team and the pen test system we're building: Microsoft
Read More...
J.D. Meier has posted a decent index of videos covering performance testing, ASP.NET 2.0, and VSTS: http://blogs.msdn.com/jmeier/archive/2007/11/22/videos-security-performance-testing-and-visual-studio-team-system.aspx
Read More...
The Unintended Consequences of the Information Age Lecture Series: Our Infrastructures: Online and Vulnerable? Jointly sponsored by The Center for Information Assurance and Cybersecurity, UW-INSER, the MS Program in Strategic Planning for Critical Infrastucture,
Read More...
"Click Here" http://blogs.msdn.com/jmeier/archive/2007/03/24/patterns-practices-security-videos.aspx
Read More...
I'm preaching to the choir here, but if your wireless router still has the default password you might want to do something about it. Locally grown: Good! Drive-by Pharming: Baaaaddddd. http://www.symantec.com/enterprise/security_response/weblog/2007/02/driveby_pharming_how_clicking_1.htm
Read More...
Here's the link... http://www.cigital.com/silverbullet/show-006/
Read More...
"This web site exists to support the development of secure coding standards for commonly used programming languages such as C and C++. " https://www.securecoding.cert.org/confluence/display/seccode/CERT+Secure+Coding+Standards
Read More...
This article has an interesting peek into life at the Microsoft Security Response Center: http://redmondmag.com/features/article.asp?EditorialsID=616 "I'm at the shop and over the radio I hear: 'The Internet was taken down today by a worm affecting SQL
Read More...
Exercise your mind: Let me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They're the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers.
Read More...
Here's an interesting blog to watch courtesy the Open Source Software Lab @ Microsoft - http://port25.technet.com/ (for RSS - http://port25.technet.com/rss.aspx )
Read More...
Some good links if you want to check out some of the speakers and topics addressed at the last Microsoft bluehat conference: http://blogs.technet.com/bluehat/archive/2006/03/21/422707.aspx
Read More...
"In the ongoing battle to fight internal and external threats on the corporate desktop, IT staffers may be forgetting one very potent weapon in their arsenal—system lockdown." http://www.thechannelinsider.com/print_article2/0,1217,a=166172,00.asp If you
Read More...
There were two vendors at SecureWorld conference today in Bellevue that might be worth checking out if you are looking for developer/tester related security products. They should also be there tomorrow as well - free registration if you are just walking
Read More...
"a simple yet little-known approach exists for users to avoid many of these vulnerabilities in any web browser" http://www.securityfocus.com/infocus/1848
Read More...
