This link (actually a bit.ly link, since the actual link requires you to be logged in to Facebook) is a demonstration of how much information *any* Facebook app can get about you.

ENISA (European Network and Information Security Agency)has extensive materials on setting up a CSIRT (Computer Security Incident Response Team). They have also provided significant exercise materials in order to test and train such teams.

Polly wanna crack a WPA network? A cloud based cluster is offering to help out, for a small fee. You send them a data capture, and they run a 130 million word dictionary against it, in as little as 20 minutes.

Do you trust them? Are they going to be used to crack WPA networks? Is this sufficient impetus to move to WPA2? Are you going to create a longer passphrase?

The SecLists.Org Security Mailing List Archive collects and archives a number of security related mailing lists, although it concentrates on those dealing with networking and exploits. It also provides a portal to the lists themselves, so it's a valuable resource for those looking for lists. (Check out Funsec and RISKS.)

The Open Security Foundation's (OSF) DataLossDB project is an interesting resource for information about data and confidentiality breaches. At a glance, it gives you news, latest breaches, a timeline of breach numbers, a "top ten" list, and other references you can use in security awareness materials, or for risk analysis.

Advertised as RSTEG (Retransmission STEGanography), the technique described in this paper actually uses the standard TCP operations to allow you to set up a kind of covert channel. Interesting idea, although likely neither terribly dangerous nor important.

This paper, although rather abstract and academic, is a good survey of the research into social network data gathering, as well as a particular de-anonymizing attack. It points out the dangers of data aggregation that inherently exist in social networking.

This paper provides an overview explanation of fast flux and double flux activities related to hiding malicious Websites, or avoiding takedown (particularly related to botnets. It also suggests certain actions which could mitigate such activity. The essay uses a lot of jargon and is not always clear, but does provide a decent basic explanation.

The tracking (and scope) of GhostNet, a significant example of the use of malware and botnets for espionage. Some items of this were given in a story in the New York Times (http://www.nytimes.com/2009/03/29/technology/29spy.html ). There is also related work in a report out of Cambridge (http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.html and full report at http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf )(which, like everything else Ross Anderson has written, is worth reading regardless of your level of interest).