So who all is going to attend? My company is sending two of us this year, mostly for the GREM class, but I'm also looking forward to a couple of one day classes and some SANS@Night stuff. We're pretty stoked!

Cool, guess its time to go buy a Nokia n800! 

Thanks Kev, I'd appreciate it. We have hundreds of  customers and very few that push off patches, and even then they really only do it when its the busy season for their applications. We've always tried to be very scrict with our PM process, however if we don't recognize the business needs of some of our customers, we may not have any left! 

We have a client who literally will not apply a patch unless a PoC is publicly available. There of course are many issues with this, but that's a conversation for another time

Anyone seen a legit PoC for MS08-001 yet? I know CANVAS already has a plug-in for this issue, which is usually a sign that a public PoC is floating around somewhere.

Excellent resource for security implementation guides for your new servers and check lists for your existing servers. You have no reason to be unsecure. Well, except for any crappy apps you run.

http://iase.disa.mil/stigs/index.html

Downloading private data that was retrieved by exploiting a vulnerability doesn't sound all that ethical. Unless of course theres nekked pics involved, in which case its open season. I mean, how do people expect me to be motivated to stalk hot chicks if I can't get hacked nekked pics of them? 

Oh the ethical woes...

Well, they do give the the site where the torrent is available and a search term to find it! 

I've never used this product so I can't recommend it, but PA is offering a free (as in beer) trial (a sip) of its Network Forensic Search Engine (Net/FSE) -- a tool used to collect and perform analysis of network alert data.

If anyone snags a copy or has used it in the past, please let the rest of us know your experience, thanks!

http://www.packetanalytics.com/download.php

Rough!

"A 17-gigabyte file purporting to contain more than half a million images lifted from private MySpace profiles has shown up on BitTorrent, potentially making it the biggest privacy breach yet on the top social networking site."

http://www.wired.com/politics/security/news/2008/01/myspace_torrent

http://news.yahoo.com/s/ap/20080121/ap_on_hi_te/eu_online_privacy

My favorite quote from this article:

The company's European Internet policy director, Thomas Myrup Kristensen, described the move as part of Microsoft's commitment to privacy.

"In terms of the impact on user privacy, complete and irreversible anonymity is the most important point here."

Look at the big brain on Microsoft!

Interesting read and propaganda from Websense report for 2007, namely that compromised web sites serve more malware than malicious ones.

http://blog.washingtonpost.com/securityfix/Security%20Labs%20Report%20Q4_011808.pdf

So the Chicken/Egg question begs to be asked:

What came first; The compromised site or the malicious one? Isn't the compromised site serving malware considered a malicious site? 

Didn't mean to stir up a hornet's nest. 

The work done here is very much appreciated, even by those of us who are new to the site, keep it up!

I'm kinda new here so please excuse my ignorance, but when are the winners usually announced? Not that I'm going to win , but I do enjoy seeing the winning responses!

This was a pretty fun challenge. As always, can't wait to see the winning responses!