Here are one or two resources some of you might find useful and interesting.
Infragard and the Center for Information Security Awareness have a Security Awareness in the Workplace program that looks worth a closer look. It consists of 14 separate lessons addressing key information security issues "that can impact in the workplace". The free lessons are presented as web-based Flash movies. People who complete the course can also register to be examined for a certificate. This isn't free, but a nominal $24.95 doesn't sound unreasonable. It ain't CISSP or a GIAC qualification, but as a reward for working on security awareness, it might be a good investment.
The US-CERT Current Activity page is a regularly updated summary of high impact security incident reports. To give you an idea of the sort of information you can find there, the current page includes:
- May 29 VMware Releases Security Advisory
- May 28 Microsoft Releases Security Advisory 971778
- May 27 BlackBerry Security Advisory
- May 26 Microsoft Releases Service Pack 2 for Windows Vista and Windows Server 2008
- May 22 Novell Releases Updates for GroupWise
- May 20 NSD DNS Buffer Overflow Vulnerability
- May 20 Cisco Releases Security Advisory for CiscoWorks TFTP Vulnerability
- May 20 Mac OS X Includes Known Vulnerable Version of Java
- May 19 Microsoft Internet Information Services (IIS) WebDAV Request Vulnerability
- May 18 Gumblar Malware Exploit Circulating
Of course, the page gives more information than this, and includes links.
Finally, the Anti-Phishing Working Group (check the web site: some pretty useful resources there). A project I've just caught on to is an education initiative called the AWPG/CMU Phishing Education Landing Page program. The intention is to catch potential victims who've clicked on a known phish link by redirecting them to an informational web site.
Find out more here. But don't forget the Securing Our eCity initiative, either: www.securingourecity.org
David Harley
Director of Malware Intelligence
