In case you neded a place to start in evaluating the steps required for building a Computer Security Incident Response Team (CSIRT) , look no further. CERT/CC has released the Action List for Developing a Computer Security Incident Response Team (CSIRT) .

In the wake of the latest PDF / ZIP spam surge, many security analysts and vendors have taken a shot at explaining this phenomenon. It is the case of GFI Software who released an interesting whitepaper called “Attachment spam – the latest trend”.

I would recommend the PCI DSS made easy to anyone who’s interested in getting a solid overview of the PCI DSS and also it’s interesting to see how GFI can help you address multiple sections in 9 of the 12 PCI requirements.

In adressing an IIS 5 bug (CVE-2007-2815), the Microsoft Knowledge Base article #328832 went a step further in presenting the conditions needed to reproduce the issue: they provided step by step instructions to what is basically an exploit of the vulnerability