I like it.  I take the intensive approach for SANS certifications with a full in index of all the materials and any of the course authors books.  This will alleviate that.  Also, you get the course materials regardless of how you recertify.

Man, what was I thinking?  I totally missed that one.. and I'm CEH.   I should have remembered.  I don't post a lot of my CPEs for CEH.  I concentrate on my CISSP honestly and CEH eventually gets updated.

I almost did a spit take with my afternoon cup of coffee... it would not have been too bad though, I'm up for a computer refresh.

White worms have been discussed at great length, I've been a part of some of those heated discussions.  What it boils down to is access.  By creating a "white worm", you are accessing and changing a system you do not have permission to do so.  The debate started long ago with Code Red (http://en.wikipedia.org/wiki/Code_Red_%28computer_worm%29) and the theoretical Code Green worm.

The biggest one that sticks out in my mind is Welchia (aka Nachi http://en.wikipedia.org/wiki/Welchia), which exploited Microsoft security flaws in order to patch them.  In turn forcing reboots.

Other worms have similar concepts, but mainly used to closing the backdoor once they get in, like Conficker and Slammer.  There are also some macro viruses which have really advanced this idea for EVIL.

Thanks to my co-worker for collaboration on this.

In my experience drug users will only be able to sustain a healthy/drug free life if they make the decision to help themselves.  It's the first step.  Oh, wait... I feel a new mock website idea.  CIA, Computer Illiterates Anonymous?  The first step is admitting you have a problem.

(Adapted from http://en.wikipedia.org/wiki/12_steps)

   1. We admitted we were powerless over computers—that our lives had become unmanageable.
   2. Came to believe that a Power-User greater than ourselves could restore us to sanity.
   3. Made a decision to turn our will and our lives over to the care of the Admin, as we understood Him.
   4. Made a searching and fearless moral inventory of ourselves.
   5. Tweeted to Admin, to ourselves, and to another computer the exact nature of our wrongs.
   6. Were entirely ready to have Admin remove all these defects of character.
   7. Humbly asked Admin to remove our shortcomings.
   8. Made a list of all computers we had harmed, and became willing to make amends to them all.
   9. Made direct amends to such computers wherever possible, except when to do so would infect them or others.
  10. Continued to update anti-virus and when we were infected promptly cleaned it.
  11. Sought through scandisk and defragmentation to improve our conscious contact with Admin as we understood Him, Facebooking only for knowledge of His will for us and the power supply to carry that out.
  12. Having had a digital awakening as the result of these steps, we tried to carry this message to computer illiterates, and to practice these principles in all our affairs.

Seriously?

Oh, wait, I get it.  It's free advertising for Aten Design group (minus a few bucks for cold appetizers and watered down drinks).  Smart, very smart!  You can't buy this kind of advertising.

How do I hide malware, let me count the ways... polymorphic code, mutation engines, code substitution... 

I do not claim to have any advance knowledge of the plans for EC-Council or SANS.  I have just seen the trend sweeping across the certification boards.

I would not put any certification plans on hold for what may happen.  Get certified and let the chips fall where they may.

SEC505: Securing Windows with Fossen.  It fits in nicely with my GSE long term plan (ie one less gold paper).

I knew the price went up, but I did not know that facilitators did not used to have to pay for equipment.  I guess it makes sense.  They are discounting their bottom line, the instructors, but still requiring you to pay for the course materials, the certification, and miscellaneous.

I am looking forward because this is my first time in the work study.  I signed up last year, but couldn't get the funding from work.

Does that mean the good chrisj has a goatee/beard, or are you just trying to trick the rest of the evil alter egos?

You mean the days which do not end in "y"?   All the other times I'm sure you just shake your head and say "There's unsupported again!"

Ok, I just happened to be poking around and found this thread.  I feel I need to comment that the title seems a little misleading. The article itself says Microsoft looks for its own bugs.  They are just fixed in service packs and other point releases.  Microsoft stepped up by releasing the security bulletins and patches on Patch Tuesday for issues outside of the scope of their normal security bulletins.

My question is, what kind of business model do these other companies have which allow them to pay researchers to find bugs in Microsoft products?  Maybe I'm missing the bigger picture, like they sell their services to other companies after showing "We've found x number of Microsoft bugs for free, look how many we can find for you!!!".

Just my two cents while I avoid doing homework.

Last day! (unless you are on the other side of the world.. or however that works out, because for all I know it could be tomorrow where you are!)

Good luck to everyone!

That's what all the judgers say.
See?  You just have to read between the lines.

  I'm just kidding.