.:: Recent events ::.

This page is no longer updated and remains here for historical reasons. Instead of that I continue on my blog (in Slovak)

19. 10. 2006 - Privacy guidelines
Microsoft published a 49-page document, called Microsoftıs Privacy Guidelines for Developing Software Products and Services. See

15. 09. 2006 - Tips to protect online search privacy
The Electronic Frontier Foundation has developed six online search privacy tips. See

30. 08. 2006 - Data Loss Database - Open Source introduced DLDOS - a basic database that will assist others in tracking data loss and data theft incidents accross the world. See

2. 07. 2006 - 2006 Tool Survey Released
A whole site for the results of the 2006 top security tools survey has been created - see SecTools.Org.

28. 06. 2006 - OWASP Top 5
The Open Web Application Security Project made available its OWASP Top 5 - information on PHP vulnerabilities based upon attack frequency in 2005 as reported to Bugtraq. See

12. 06. 2006 - IT security handbook for managers
The National Institute of Standards and Technology (NIST) released a 124-page draft of its Information Security Handbook - A Guide for Managers. See

15. 05. 2006 - Performance metrics for information security
The National Institute of Standards and Technology (NIST) released a draft of guide meant to establish performance metrics for assessing information security - Special Publication 800-80 "Guide for Developing Performance Metrics for Information Security". See

8. 05. 2006 - Repository of software security flaws
The Information Technology Laboratory of the National Institute of Standards and Technology (ITL NIST) launched a repository of samples of C, C++, and Java containing software security flaws. See

1. 05. 2006 - Standard for security logs
The National Institute of Standards and Technology (NIST) released guidelines on how to manage security logs. For NIST Special Publication 800-92: "Guide to Computer Security Log Management" see

22. 04. 2006 - Site devoted to security conferences
A new site devoted to information on security conferences has been created. See

18. 04. 2006 - Plan to improve cybersecurity research and development
The National Science and Technology Council in USA issued a preprint release of the "Federal Plan for Cyber Security and Information Assurance Research and Development". See

5. 04. 2006 - ISM3 v1.20 published
Version v1.20 of the Information Security Management Maturity Model (ISM3) has been published. See

28. 03. 2006 - Web hacking incident database
The Web Application Security Consortium has a project dedicated to maintaining a list of web applications related security incidents. See

16. 03. 2006 - Standard for securing computer systems
The National Institute of Standards and Technology (NIST) has released the final version of the Federal Information Processing Standard 200. The standard sets minimum security requirements for securing computer systems under the Federal Information Security Management Act. See .

10. 02. 2006 - Guidelines for removing data
The National Institute of Standards and Technology (NIST) has released draft guidelines for safely removing data from storage devices - Special Publication 800-88, "Guidelines for Media Sanitization". See

1. 02. 2006 - Nmap version 4.00
Insecure.Org announced availability of the free Nmap Security Scanner version 4.00. It is available for most platforms in source or binary form from

28. 01. 2006 - Guidance for redacting Word documents for public release
The National Security Agency (NSA) has released a report offering advice on how to safely edit sensitive information from Word documents and Adobe PDF files before releasing them for public. See

16. 01. 2006 - The Web Application Firewall Evaluation Criteria v1 released
The Web Application Firewall Evaluation Criteria project has announced the first official release of The Web Application Firewall Evaluation Criteria (WAFEC). WAFEC v1.0 can be downloaded from the project home page

6. 01. 2006 - Uninformed Journal Volume 3
Uninformed has announced the release of its third volume. This volume covers topics like reverse engineering, rootkit technology, fuzzing, and other areas of research. See

25. 12. 2005 - New underground magazine
Obsidis is a scientific/underground magazine that focuses on research in ITC security. Number 1 was released at

15. 12. 2005 - Nessus 3 released
Version 3 of the widely popular Nessus vulnerability scanner has been released to the public for various Linux distributions and FreeBSD (versions for Windows, Mac OS X and Solaris will not be released until early 2006). See

27. 11. 2005 - IT Security Guidelines
The Joint Information Systems Committee together with the Universities and Colleges Information Systems Association (USICA) have issued formal IT security guidance for UK colleges and universities. See

9. 11. 2005 - RSA-640 factored
Successful factorization of the 193-digit composite number known as RSA-640 has been announced. See

29. 10. 2005 - VoIP security risks
Germany's Federal Office for Security in Information Technology (BSI) is warning of potential security risks with VoIP technology, in a study available (in German) at

24. 10. 2005 - Skype security evaluation
Skype has released an external security evaluation of its product, available at

17. 10. 2005 - New security mailing lists
SecurityFocus has added five new security maillists to its collection of well-known security related mailing lists, namely
- Phishing & BotNets
- Real Cases
- Binary Analysis
- Wireless Security
- Policy, Standards, Regulations & Compliance
For more information and subscription see

9. 10. 2005 - Site with security tools and tips for software developers
The U.S. Homeland Security Department together with the Carnegie Mellon Software Engineering Institute developed a special portal to provide best practices, tools and other resources for creating more reliable and secure software for developers and security professionals. See

5. 10. 2005 - Web security threat classification
The Web Application Security Consortium (WASC) announced the availability of the open source Web Security Threat Classification. The material is available in 4 languages and in TXT, PDF, and DOC formats - for download see

21. 9. 2005 - Guideline for implementing cryptography
National Institute of Standards and Technology (NIST) has published draft document "Guideline for Implementing Cryptography In the Federal Government". It is available at

10. 9. 2005 - Book about digital forensics
Full text of the book "Forensic Discovery" by the well-known specialists in the field Dan Farmer and Wietse Venema, is now available at

8. 8. 2005 - Vulnerability database
Information Technology Laboratory of the National Institute of Standards and Technology (NIST) has launched National Vulnerability Database (NVD). NVD is a comprehensive cyber security vulnerability database that is updated daily with the latest vulnerabilities. It integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources. It is available at

27. 7. 2005 - Free web application security book
The Open Web Application Security Project (OWASP) has released a free open-source web application security book, "The OWASP Guide to Securing Web Applications and Services 2.0.". The 277 page book can be downloaded in both PDF and Word formats from the OWASP website at

20. 7. 2005 - Publication describing minimum security requirements
National Institute of Standards and Technology (NIST) has released document "Draft Federal Information Processing Standard (FIPS) Publication 200: Minimum Security Requirements for Federal Information and Information Systems." The document can be found at

12. 7. 2005 - Security career guide
A nonprofit organization has created a "career guide" to spark interest for the information security profession among students. The booklet offers a description of information security, typical jobs, titles, industries and organizations, professional requirements, certification options, typical salaries, career outlook, and a listing of schools, education facilities, certification companies and other resources and associations. The guide can be found at

5. 7. 2005 - New version of OpenSSL released
The OpenSSL project team announced the release of version 0.9.8 of its open source toolkit for SSL/TLS. OpenSSL 0.9.8 is available for download via

23. 6. 2005 - Resource of attack patterns and security patterns
New Wiki repository for the Attack Patterns and Security Patterns started at

22. 5. 2005 - Report on insider sabotage
New report "Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors", presenting research conducted by the U.S. Secret Service and CERT is available at

13. 5. 2005 - A new blog
Those interested in usability and security might find interesting a weblog on usable security at

8. 5. 2005 - Web security mailing list
The Web Application Security Consortium (WASC) has created 'The Web Security Mailing List' - an open information forum for discussing topics relevant to web security. Subscriptions by sending email to

26. 4. 2005 - New security configuration standards
The Center for Internet Security released new security configuration benchmarks for wireless networks AIS, OS X, Oracle 9i/10g, and Solaris 10. See

14. 4. 2005 - Zone-H 2004 statistics
The graphical statistics of intrusions for the year 2004 by the well-known site Zone-H are available. See

26. 3. 2005 - Ten worst security practices
For a list of the ten worst security practices see

21. 3. 2005 - Interesting report on cybersecurity
U.S. Presidential IT Advisory Committee (PITAC) made available its report "Cyber Security: A Crisis of Prioritization". In addition to various recommendations the report also identifies key areas for future research. See .

2. 3. 2005 - Security advice for small business
Microsoft added a new "Security Guidance Center" to it's Small Business Center Web site. See

25. 2. 2005 - Security advice for non-technical people
The UK government launched an official virus alert website intended to help home users and small businesses protect themselves with free advice and threat alerts. See

18. 2. 2005 - iDEFENSE Labs Website
iDEFENSE Labs launched community site intended as repository for sharing their research and development with the security community. The site is at

2. 2. 2005 - Final public draft of recommended security controls
The National Institute of Standards and Technology has released the final public draft of recommended security controls for federal systems. The document that will become a mandatory Federal Information Processing Standard by the end of the year is available at

22. 1. 2005 - PHRACK comes to an end
Final Call for Papers for the FINAL RELEASE of PHRACK has been published ... see

12. 1. 2005 - New spyware mailing list
New mailing list to discuss spyware issues has been launched. To subscribe send an email to ''.

3. 1. 2005 - Information on phishing
An overview describing phishing and giving the public information on what to do about it is available at

31. 12. 2004 - Information Systems Security Assessment Framework Draft0.1
Open Information Systems Security Group (OISSG) released its Information System Security Assessment Framework (ISSAF) - a structured framework that categorizes information system security assessment into various domains & details specific evaluation or testing criteria for each of these domains. A draft version of this framework is available at OISSG website

21. 12. 2004 - Xprobe2 v0.2.1 is available
Xprobe2 is a remote active operating system fingerprinting tool. The new version can be downloaded from

30. 11. 2004 - WebGoat 3.5 released
New version of WebGoat - a web application that demonstrates a common web application vulnerabilities - has been released. Download it from

23. 11. 2004 - Security for home users
Microsoft's effort to educate end users on computer security is visible at

19. 11. 2004 - Annual global privacy study released
The 7th annual Privacy and Human Rights survey, published by Privacy International and Electronic Privacy Information Center (EPIC) is available free of charge at

17. 11. 2004 - First FIPS 186-2 validation certification for Elliptic Curve Crypto
Certicom Corp. has announced that its implementation for the Elliptic Curve Digital Signature Algorithm has earned the Federal Information Processing Standards (FIPS) 186-2 validation certification No. 1 - making it the first company to receive the designation for an elliptic curve cryptography (ECC) -based algorithm. See

3. 11. 2004 - Computer security training - Late booking deals portal
The new page with information on 'last minute discounts' for various security training courses is available at

21. 10. 2004 - The Origins of the National Security Agency
The study that traces the evolution of the military structures from the early 1930s to the establishment of the National Security Agency is available at

6. 10. 2004 - New Microsoft Security Response Center PGP Key
The Microsoft Security Response Center has generated a new PGP key which is going to be used to sign all security bulletin notifications. The new key is available at:

1. 10. 2004 - Toward secure code
18 concise tips to write more secure code were offered by experienced programmers in an article available at

18. 9. 2004 - Cyber Extortion Study
Interesting study that reviews the current understanding of cyber extortion as a crime has been made available at

15. 9. 2004 - ENISA Executive director elected
ENISA (European Network and Information Security Agency) Management Board elected Dr. Andrea Pirotti (Italy) for the position of the Executive Director of the agency.

1. 9. 2004 - Security contact information
The Open Source Vulnerability Database, a project to catalog and describe the world's security vulnerabilities, has expanded its offering and opened a vendor dictionary that serves as a centralized resource for vendor contact information for public use. The OSVDB vendor dictionary can be found at

24. 8. 2004 - Metadata risks
Various metadata can be hidden in documents and be inadvertently exposed, thus representing real risks. New website warning of the dangers posed by metadata has been launched ... see

18. 8. 2004 - Forum to discuss Windows XP Service Pack 2 issues
A new mailing list dedicated to discussion of Windows XP Service Pack 2 issues has been created. To subscribe, send an email to, or visit

13. 8. 2004 - "Phishing Attack Trends Report" for 2004
Tumbleweed Communications and the Anti-Phishing Work Group released the "Phishing Attack Trends Report" for 2004. See

10. 8. 2004 - IT security resource for developing countries
The World Bank infoDev program has published an "Information Technology Security Handbook," oriented to the needs of individuals, small businesses, governments and system and network administrators in developing countries. The document is available at


  home  |  services  |  team |  contact  |  publications  |  actualities