- Want to know what what the story is behind the latest Microsoft security patches? Take a look at The Laws of Vulnerabilities or Security Street.
- Nessus 5.0 was released this week.
- SSL has been in the news this week, in part because of weaknesses in how pseudo random number generators have been used to generate the keys. See the work of Heninger et. al. or the work of Lenstra et. al.
- Recent versions of sudo- 1.8.0 through 1.8.3p1 are vulnerable to a format string attack. Explanations of how to exploit it are now in the wild.
- Pentestmonkey has a new post describing mimikatz and how to use the tool to pull plain text passwords from logged in windows users.