There has been quite a bit of discussion around some recent security issues. The first of which is a zero day MS exploit in IE. Details here:
 

If you visit any modern Express Oil Change, it sure can help!!

Now seriously, Matt and I have started noticing Ubuntu and other GPL'd operating systems running all over the place. Think about it...

Typically, companies give less security considerations to the web sites that they host internally on the intranet. This is understandable, given that the only users are trusted folks, and probably aren't going to try anything anyway. Most internal users do not have the technical skills to be a 1337 haxx0r and perform SQLi attacks on vulnerable web forms, and store XSS scripts on company knowledge bases. Now, I know what you are thinking.

I leave for a few days, come back and the security community has gone crazy with lots of exciting news. Here are a few things worth checking out:
 

For those of you that aren't on the mailing list, you may not be aware that Matt made some updates and a bug fix to the Live CD. Check it out here:
appseclive.org/content/downloads
 
Changes:

Just wanted to point out some new tutorials coming your way. I've decided to create a screen shot, walk-through, style tutorial for each of the vulnerability classifications in the OWASP Testing Guide v3.

I just wanted to get started by saying welcome to appseclive.org

Matt and I are really looking forward to growing this into a community where web application security folks can gather and discuss aspects and details of their field. There are a few goals that I personally have for the site.

I would love to see this site be a resource for any and every level of experience and knowledge. The only way to make a major, long term impact in the application world is through education.