http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx about windows SID issues and machine cloning: explains what windows SID is, who it is used, and why you should or shouldn’t change it when you image-clone a windows machine
http://sial.org/howto/openssh/publickey-auth/ notes on setting up SSH pubic key auth
http://www.shrew.net/download An alternative to CiscoVPN Client, which is, sadly, is known not to work on 64bit versions of windows xp/vista/7.
http://www.mxtoolbox.com/blacklists.aspx website that does blacklist lookups.
http://science.ksc.nasa.gov/shuttle/missions/51-l/docs/rogers-commission/Appendix-F.txt famous and somewhat forgotten so called “minority report” by Richard Feynman on the aftermath of Challenger Shuttle disaster in 1986 that determent that management culture of NASA to responsible for the disaster, and not some particular technical failures. Starting quote:
http://blog.tenablesecurity.com/2009/03/ranums-rants-the-anatomy-of-security-disasters.html highly recommended read for anyone dealing with security and PHBs. This is by http://en.wikipedia.org/wiki/Marcus_J._Ranum
Interesting paper from UCSB with statistics provided by hijacking torpig bootnet for aprox. 10 days.
http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254.html Charlie Miller is the one who broke in to up2date fully patched mac in about 1 minute and won (macbook air ) in the latest Pwn2Own content. Good read if you have 20 minutes.
http://support.microsoft.com/kb/555092 Apache authentication against AD (via Kerberos). Really easy to do, but make sure you put your kerberos real all in UPPER CASE, i.e. MYDOMAIN.COM. If you are using something like MYDOMIAN, then put it into config as MYDOMAIN.LOCAL
http://fscked.org/blog/fully-automated-active-https-cookie-hijacking a note from security ppl that session/login cookies that normally delivered via https have to be explisidly marked as “secure” so they only delivered via https. Otherwise bad ppl can hijack them.