The 'ctricky and Web Application Security' blog had a post on some great insight of things to ask during an app sec test.  I've never actually run across this particular scenario before but the point is that JS pop-up warnings mean nothing to your proxy and may present warnings that the tester will never see (like "If you do this you'll break all of prod").  Anyway, read the post for the full rundown.
[BToD Target Scope and Precautions]

VeriSign's new DDoS attack protection service is an interesting topic for me.  I've dealt with countless large enterprise carrier services along with the architecture around load balancing and multi-homed environments.  So offloading all of your traffic in an event (i.e. throwing the BGP switch) to VeriSign seems a tad bit scary, oh - but no worries they'll route the good traffic back.  The other thing is all of the Netflow data VeriSign collects (to do this) is an interesting concept.  To me, architecturally, this looks like a bad idea and maybe I'll just have to dig into this one a little more.  For now you can start your own opinions by starting to read about it at the link.
[VeriSign Extends DDoS Attack Protection]

Work in defense?  Then COTS is something you probably deal with on a daily basis.  The funny thing is that when I started my career in the defense industry a lot of proprietary hard and software were being gutted for COTS.  Even I knew (as I started out as a System Engineering Associate), that the square peg they were jamming in the round hole didn't fit.  Apparently the cyclical monster is coming around in the DOD on this one.
[DoD Rethinking Build Versus Buy]

West side what?  Go figure - China modeling how to take down the US power grid for fun.  Reminds me of a conference I was at a few years ago in which a consultant disclosed some interesting facts about the substation and grid connections the Mall of America has in it's substructure.  We then learned how to shut the lights off in all of the neighboring communities that particular day.
[DHS to Review Report on Vulnerability in West Coast Power Grid]

This was one of the best / most disturbing banking related articles I've read in a while.  It's also why you shouldn't do most any online business with HSBC.  I hope HSBC just had a PCI audit done by a large firm so that particular QSA can head to the chopping block.  This one's just downright "special" (and not really from today, but I ran across it in my feeds).
[So Funny I Forgot To Laugh]

This one came across the OSF data loss incidents list and it made me think.  Do you really think Jones General Store has any idea of PCI?  It's so focused today in big business and infrastructure security yet these types of processes still exist in hundreds of thousands of small businesses day in and day out.  In fact, this past weekend, I saw more carbon copies of card data at a local art fair than I'd care to pretend were still around.
[University Hill Shops Burglarized; Credit Cards Stolen]

As of this posting less than 19 hours until the Social Engineering Framework is released.  Mark it on your smartphone yo.
[Social Engineering: Exploiting Human Vulnerabilities]

All you need to know about this one: "Operation Hot Date", Dumb Sheriff in Florida, and Craigslist for your evening entertainment.
[Another Sheriff Goes After CL]

That's all he wrote for tonight boys and girls.  We'll leave you with some links to peruse, but without the colorful commentary.  Take care and keep your stick on the ice!  Also, first person to tweet "I won the easter egg hunt at www.securitystallions.com" and @s me in the message wins a $20 Starbucks gift card (first person = one winner).  Figuring out where to find me on Twitter should be trivial.  Get your tweet in before 10:30pm on Wednesday, September 16th 2009 Central.

[Does IBM Have a Fix for Banking Infrastructure?]
[Security Attitudes]
[Thoughts on the Cult of Schneier]
[Pwnage Tool and iPhone 3.1]
[AMD 'Eyefinity' Powers 24 Monitors]
[A BSoD and Possibly More]
[No TCP/IP Patches for XP]
[OpenDNS Announces Premium Cloud Services]