Ping Tunnel - Send TCP traffic over ICMP
Another great example of why once you allow one protocol/port through your firewall, it's pretty easy to get any other traffic through... This one's interesting, in that it levereges ICMP...
Richard Monson-Haefel: Is Microsoft IIS 6.0 more secure than Apache HTTP Server 2.0?
Interesting posting on the relative security of IIS 6 and Apache 2.0. I'd agree that IIS 6 seems to have a MUCH better record than previous versions in terms both of vulnerability counts and initial configuration.
The only caveat I've got on it is my usual one about MS security, which is that with their products you have to look at the vulnerability of the whole stack as installed because it's so darn difficult to separate out the bits you don't want, unlike the situation with Apache running on something like Linux or BSD...
but I've done that rant before so I shan't do it again...