Is Blackdragon doing the notes this week? if not, I'll get it started...
== Stories for Discussion ==
[http://www.ranum.com/security/computer_security/editorials/codetools/ How do you know your code is secure?] - [Joe] - Wait until someone pwns it, of course! I like these quotes: "The more complicated the program is, the harder it is to get it right.
It's really hard to tell the difference between a program that works and one that just appears to work"
cbc. ca/ technology / story/ 2007/ 01/ 10/ rfid-defence.html "bugging" coins with RFID] - [ Joe] - "Canadian coins containing tiny transmitters have mysteriously turned up in the pockets of at least three American contractors who visited Canada, says a branch of the U. S. Department of Defence. Security experts believe the miniature devices could be used to track the movements of defence industry personnel dealing in sensitive military technology. "
[http://news.com.com/Flaw+found+in+Apple+bug-fix+tool/2100-1002_3-6148606.html Apple's Bug Fix tool...is Buggy!] - [Joe] - "Vulnerability researchers behind the "Month of Apple Bugs" project, which aims to publish one flaw per day throughout January in software used on Apple platforms, announced on Monday that they have found a vulnerability in a tool that is used by a group involved in finding fixes for the flaws. APE is a third-party piece of software, written by Unsanity, designed to "enhance and redefine" the behavior of applications running on Apple platforms. APE loads plug-ins containing executable code into active applications. Month of Apple Fixes uses the software to apply run-time patches to the flaws found by the Month of Apple Bugs project. The patches insert themselves into applications when they run, find the vulnerable code and apply themselves."