The first article isn't exactly security focused.  It is, in a way, because from my viewpoint network stability is a direct component to security.  If information isn't accessible then it's no good, right?  Sometimes.  Either way, Lawrence Roberts (of ARPANET fame) has stepped back from today's slow, expensive routing platforms and decided to fix the brokenness, not from a bandwidth perspective, but flow.  Now at first glance I thought his whole concept was CEF repackaged, but it's not.  Just goes to show how much of the same crap Cisco can feed customers and get away with it year over year.  Monolithic kernel: check, repackaged software that Cisco has no core competency in: check.  It's good to see outside-the-box-thinkers like Hoff go over to players like Cisco, but at the end of the day he'll just get washed, dried and pressed into Cisco's typical mold.  Anyway, on to the original story at hand:
[A Radical New Router]

Mu Dynamics today posted some vulnerabilities in Asterisk to their Labs site.  Looks to be a case of the parsing blues (as Asterisk has had problems with this in the past).  Glad to be running "PBX In A Flash - PIAF" these days as I can grab the latest Asterisk upgrades and compile with a few simple commands.
[Asterisk Bug Disclosed by Mu Dynamics]

In light of the fun WordPress bugs today eWeek was running an article about common PHP coding mistakes and what you can do about them.  Personally I think the OWASP ESAPI toolkits are a better reference (where's Rails OWASP?), but to each their own.  You can always learn something from another perspective, right?
[Common PHP Security Mistakes and What You Can Do About Them]
[OWASP ESAPI]

Wired was one of the first outlets to be seen running the story about the sentencing of the hacker with Aspergers sentenced to 55 months.  The original sentence would have been only slightly longer, but because because of the disease it was said that Mr. Berkovich was more susceptible to recruitment.  The actual hack was relatively impressive because of it's simplicity and reliability.
[Hacker with Asperger's Gets 55 Months]

The "insider threat", all too common right?  What about "insider risk"?  Dennis Kuntz over at the Security Catalyst ran a nice clip this afternoon talking about the separation of defining insider threat and risk.  Maybe it's time to start looking at it again (or for the first time).
[Insider Threat or Risk?]

Not a day goes by that we can't get around something new, clever, lame or exciting directly tied to PCI.  That's why I feel morally obligated to tell you that 1.2.1 is now official.  Yeah, sure, it's not really any real defining changes but more-so fixes.  Go check out Branden Williams rundown of what's new.
[PCI DSS Goes 1.2.1]

Gunnar Peterson sets up the story about why a simple DTD can DoS your XML parser.  Old security bugs never die, says Gunnar, until you kill them.
[Behold the Power of Fuzzing]

Oh Forrester, you get paid to come up with this stuff?  Forrester says all sec pros should drop what they're doing and focus on ways to secure the cloud because everyone knows the cloud is everything.  I'd honestly have to say that Rob Whiteley isn't too in touch with the real world these days.  Try hitting up your neighborhood Fortune 50 and see, actually, how much of their infrastructure is tied to SaaS, PaaS or IaaS.
[Data Has Become Too Distributed to Secure Says Magic 8-Ball Forrester]

That's all for the commentary we have today folks.  Check back tomorrow for more!  I'll leave you with today's grab bag...

-windexh8er

[Are you secure, or are you safe?]
[Adobe Flash Cookies Pose Vexing Privacy Questions]
[More Companies Monitoring E-Mail]
[Dasient Launches Web Anti-Malware Lite]
[Pirate Bay Sinks Under Electrical Storm]