This is handy, saves you the time & hassle of building your own backport debs.

Quoted: debian backports

Quoted: Dan Kaminsky of IO Active provides some information about recently announced cache poisoning flaw, but gives administrators 30 days to patch systems before explaining it in full. Read this blog post by Robert Vamosi on Defense in Depth.

See also: http://www.matasano.com/log/1089/dan-kaminsky-could-have-made-hundreds-of-thousands-of-dollars-with-this-dns-flaw/

Cold indeed. Very interesting attack on disk encryption.

This is really pretty basic ... I guarantee you all of these companies are aware of the issue (as well as most 16 year old hackers). Of course, SSL impacts response time and scalability, so they cheat.

Quoted: Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.

Quoted: Welcome to CSRSS.

SQL injection humor is ALWAYS funny.

Gives new meaning to the phrase "evil genius'.

Quoted: Storm is designed like an ant colony, with separation of duties. Only a small fraction of infected hosts spread the worm. A much smaller fraction are C2: command-and-control servers. The rest stand by to receive orders. By only allowing a small number of hosts to propagate the virus and act as command-and-control servers, Storm is resilient against attack. Even if those hosts shut down, the network remains largely intact, and other hosts can take over those duties.

Quoted: Storm has been around for almost a year, and the antivirus companies are pretty much powerless to do anything about it.

Quoted: I will demonstrate an extension of RSnake and Boneh's work, that grants full IP connectivity, by design, to any attacker who can lure a ...

You've been warned -- Tagged.com is evil.

Quoted: Opinion: Web 2.0 means a lot of fuzzy things, and they're opportunities for the bad guys too. One new social networking site is a poster child for the abuse of social networking.

Quoted: This is the heart of what Tagged is about of course, building a database with all this PII (personally indentifiable information). As far as I can tell, under this agreement they can sell your Gmail login credentials too. And who are the third parties to whom your PII may be sold? Spammers? Pornographers? That would be cool under this TOS.