Steve Friedl at Unixwiz.net has done a fantastic job designing a full explanation of how DNS works and why it's vulnerable to kaminsky's flaw

From unixwiz.net:
"The big security news of Summer 2008 has been Dan Kaminsky's discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends.

This all led to a mad dash to patch DNS servers worldwide, and though there have been many writeups of just how the vulnerability manifests itself, we felt the need for one in far more detail. Hence, one of our Illustrated Guides. This paper covers how DNS works: first at a high level, then by picking apart an individual packet exchange field by field. Next, we'll use this knowledge to see how weaknesses in common implementations can lead to cache poisoning. By fully understanding the issues at play, the reader may be better equipped to mitigate the risks in his or her own environment. We hope everybody who runs a DNS server patches soon. "

See the whole article at: http://www.unixwiz.net

Landon Fuller has taken on the challenge of patching each of the bugs reported by the month of apple bugs project. Thus far He's been able to patch each bug in about a day. As rumor has it, the month of apple bug project now plans on giving advance notice to Fuller to develop patches that will be released as the bugs are released.

For more info on Fullers project see: http://landonf.bikemonkey.org/code/macosx/

This initiative aims to serve as an effort to improve Mac OS X, uncovering and finding security flaws in different Apple software and third-party applications designed for this operating system. A positive side-effect, probably, will be a more concerned (security-wise) user-base and better practices from the management side of Apple. Also, we want to develop and provide tools and documented techniques to aid security research in this platform. If nothing else, we had fun working on it and hope people-with-a-brain out there will enjoy the results.

From: LMH and Kevin Finisterre

From askapache.com:

A few months back I did some intense testing of all the best vulnerability scanners out there… I had a couple nix boxes hooked up, as well as some dozers, and figured I could add clients to a “once-a-week” scanning contract. So naturally, I wanted to use the scanner that was the best for my purpose.

Read more at www.askapache.com

Irongeek and Glj12 have released a new tool for windows that ranomizes your windows MAC address and host name. This makes a host running this software extremely hard to track.

For more information see : http://www.irongeek.com/i.php?page=security/madmacs-mac-spoofer

ScatterChat was released Saturday July 22, 2006 by the hacktivismo arm of the cult of the dead cow at the sixth hope. Simply speaking scatterchat is a branch or fork off of the Gaim instant messaging platform that promises high security though its use of TOR and through its use of hard encryption (ElGamal, AES) (More on the crypto here: http://scatterchat.com/docs/crypto_protocol.txt)

According to a Register.co.uk news report Jerry A. Taylor is a complete idiot:

"The heartland turned vicious this week when an Oklahoma town threatened to call in the FBI because its web site was hacked by Linux maker Cent OS. Problem is CentOS didn't hack Tuttle's web site at all. The city's hosting provider had simply botched a web server.

This tale kicked off yesterday when Tuttle's city manager Jerry Taylor fired off an angry message to the CentOS staff. Taylor had popped onto the city's web site and found the standard Apache server configuration boilerplate that appears with a new web server installation. Taylor seemed to confuse this with a potential hack attack on the bustling town's IT infrastructure.

Read more at TheRegister

Or visit Tuttle, OK's website at cityoftuttle.org

I just got an email claiming that I won a lotto I never played and that I had to fork over some cash to "claim" my winnings.