Apparently this garnered some attention at BlackHat this week.  Rich Mogull gave a little write up about it over on Securosis, but I've been seeing a lot of others talking about it, too.

I'm going with 2 out of 3...and it ain't the first one

p.s. - are we the only ones NOT at BlackHat/DefCon?

Those extra keystrokes justify more budgetary allotments 

Does anyone here have any experience they could share regarding HIPAA training/certification?  I'm looking at the HIPAA Academy; any experience with them?

Thanks,
Brian

That may be the case, but until it loses its stigma with hiring managers, is it really worth anything?  (understanding that any training/education is obviously good for you)

Dan's posted his slides

Was anyone at the presentation?  Was it as awe-inspiring as Dan was leading us to believe?

I was in a compliance meeting during his talk, and by the time I got back, I'd had over 150 Twitter messages from people on the floor.  Most just talked about how crowded it was.

I'm hoping to get the audio.

Apparently one of his lines was, "Every time you deploy a security virtual appliance, god kills a kitten."

...and M$ loses another Vista evangelist 

Wondering why I've yet to see any updates from our illustrious members attneding BH/Defcon...too busy partying it up while the rest of us slave away, I suppose.

Why are you trying to hack in his end?

This isn't that kind of bar, buddy.   

That, and they are rarely up to date...at least for very long.  But if you're just trying to get the basics, to teach your mind to think in certain ways, the used books off of Amazon or other vendors can be a good start.

And they look good on the bookshelf, just make sure you dust them because it will gather 

Dr. Strangegoogle or: How I Learned to Stop Worrying and use the Search Field, by Chris Gates   

In all seriousness, though, check out this thread which has some pretty good advice on getting started.

Some books to check out, in no particular order:

The Art of Deception, by Kevin Mitnick, et al.
Hacking for Dummies, by Kevin Beaver
Google Hacking for Penetration Testers, Vol. 2, by Johnny Long
Hacking Exposed, Vol.5, by McClure, Scambray & Kurtz

Then pick book or three on programming.  No need to become an expert programmer right away, but it'll at least help to understand what it is you're looking at.  Then you can start writing your own exploit code.

As a follow-up...

The M$ patch (MS08-037) is flawed.  I just spoke with a rep at M$ who stated that they are working on fixing it (it pretty much stops you from reaching the internetz if you have ZoneAlarm, and from reaching any update sites anyway), but that "it was a good thing that you haven't installed the latest patches for MS08-037."

How reassuring...

To those of you who are currently stuck as patch monkeys like me, hell, to everyone, this is HUGE!

Over on the Network Security Podcast, Dan talks about how he got the cooperation of damn near every vendor out there and developed the patches that were simultaneously released today (including MS08-037) patching a "gaping hole in the DNS protocol."

He basically states that on August 6 at BlackHat Vegas, he'll be releasing proof of the vulnerability.

To prove how rediculously huge this is, when have you ever seen all the competitors work on something together AND keep it secret?

(The CERT advisory Word doc lists all the vendors)

That's because you're running Vista