LegRoom.net Kick back and relax

Okay, this is actually one of the coolest things I've seen in a while. According to the site:

SecurityDocs.com is a directory of information security articles, white papers, and other documents that information security professionals find useful.

I spent a little bit of time earlier browsing the site, and it looks like there's some REALLY good content on here, covering everything ranging from firewall rulesets to OS hardening to security awareness. Very cool.



http://www.securitydocs.com/

Microsoft yesterday released their latest collection of patches for vulnerabilities in Windows and Outlook Express. There are four patches total, but each covers multiple vulnerabilities, including several "critical" vulnerabilities. For thos Windows users out there, I'd recommend patching ASAP.

Overview article on SecurityFocus
Microsoft Security Bulletins

Recently, a string of attacks has taken place against numerous University systems and other high performance computing centers. This bulletin from the Stanford University ITSS provides an excellent overview of the attacks, covering how they were compromised, what evidence to look for, possible countermeasures, etc.

This is a very well-written article that also provides background information on the hows and whys of expoits. I highly recommend it.

Here's the full story.

You are engaged in a chat session with some friends and colleagues, when one of them makes a witty remark or imparts a pithy bit of information. You hit CTRL-A and select the conversation, then copy it to a document that you save. Under a little-noticed decision in a New Hampshire Superior Court in late February, these actions may just land you in jail.

So does that sound as rediculous to you as it does to me? You'll need to read the full story on SecurityFocus for all the details, but needless to say, it's an awful situation. Heck, all major chat clients (including the oh-so-wonderful Gaim include features to automatically save transcripts. This is a selling point. Let's hope this situation gets resolved quickly.



Here's the full story.

Here's the follow-up to the forensics article I posted below. This time the article focuses on the collection and analysis of data, and references some pretty good resources at the end of the article. Well worth checking out.

Here's the full article.

IBM developerWorks has posted a fantastic nine-part guide for transitioning from a Windows to a Linux environment.

This roadmap is designed to help you take the experience and knowledge that you already have in computing and redirect it to working in Linux. It's not the only reference you'll ever need, but it will help you get past some of your first obstacles and adjust to a new and, I think, exciting approach to computing. As you follow this roadmap, you'll discover many new resources to help you learn, troubleshoot, and manage Linux.

Note that this guide is geared towards helping you apply your knowledge of a Windows environment to Linux, rather than guiding you through the Linux installation/migration process itself.



Windows-to-Linux Roadmap: Series Overview

There's an interesting article on SecurityFocus about running a forensic analysis on a live Linux system. This would be applicable in situations where, for example, a server has been rooted, but you need to find out how and by whom.

This first article introduces the process and focuses on preparing the environment and data collection. Part Two will focus on the analysis stage. Definitely worth a read.

Read the full article