Two interesting research papers on website password policies. "Where Do Security Policies Come From?": Abstract: We examine the password policies of 75 different websites. Our goal is understand the enormous diversity of requirements: some will accept simple six-character passwords, while others impose rules of great complexity on their users. We compare different features of the sites to find which characteristics...

From the U.S. Government Accountability Office: "Cybersecurity: Key Challenges Need to Be Addressed to Improve Research and Development." Thirty-six pages; I haven't read it....

Apple is reporting new version of iTunes (9.2 ...(more)...

More of the LNKvulnerability. Additional fromour first report from Handler Joel and Inf ...(more)...

...(more)...

We observed anincrease on UDP connections that use UDP port 5060. This port is typically used ...(more)...

From Wired News: The four Wiseguy defendants, who also operated other ticket-reselling businesses, allegedly used sophisticated programming and inside information to bypass technological measures -- including CAPTCHA -- at Ticketmaster and other sites that were intended to prevent such bulk automated purchases. This violated the sites' terms of service, and according to prosecutors constituted unauthorized computer access under the anti-hacking...

We decided to raise the Infocon level to Yellow to increase awareness of the recent LNK vulnerabilit ...(more)...

This is excellent. And it's been cracked already....

If you don't like command mode to interact with metasploit, I have good news for you: there is a new ...(more)...

One of the biggest threats to effective incident response is correlating events and being aware of r ...(more)...

Symbiotic relationship between the Hawaiian bobtail squid and bioluminescent bacteria, with bonus security implications....

Someone claims to have reverse-engineered Skype's proprietary encryption protocols, and has published pieces of it. If the crypto is good, this is less of a big deal than you might think. Good cryptography is designed to be made public; it's only for business reasons that it remains secret....

We've received plenty of information over the past couple days about this alleged vulnerability in W ...(more)...

In what creepy back room do they come up with these names? The federal government is launching an expansive program dubbed "Perfect Citizen" to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program. The surveillance by the National Security Agency, the government's...

This is a notification just to let you know that ISC.org has released a new version of BIND, 9 ...(more)...

I don't think this is a good idea....

I am seeing a large amount of spam hit our network that has been successful at fooling our spam filt ...(more)...

Not that we need more ways to get random numbers, but the research is interesting....

This is interesting: Some of the scenarios where we have installed video analytics for our clients include: to detect someone walking in an area of their yard (veering off of the main path) that they are not supposed to be; to send an alarm if someone is standing too close to the front of a store window/front door after hours;...