Operation n

Are today’s browsers inherently bad? Security experts will tell you so. This doesn’t even start considering bugs that may well be found in certain browsers, such as Firefox 3

Half of malicious sites are tied to just 10 Chinese networks.

A classic trick is to embed a script or text in a file with different extension. For example, saving a text file as jpg. When the browser comes to look it, it will likely try to resolve it as jpg. But there is a plethora of extensions out there. Some extensions activate applications (e.g. acrobat, windows media player), which read data in their own special way.
For Advanced Systems Format (ASF), the format uses combination of media and text streams. URLs can be embedded in a malicious ASF files, which point to malware. Anti-virus software should pick up. But there should really be checks on the contents on the ASF file itself, which should stop surfing off to the Internet. A sans.org reader wrote a simple tool for this.

A staggering 12000 laptops are lost or stolen every week at US airports. There is every chance that at least one has some form of confidential information on it or worse that lost laptop holds the only copy of certain corporate information. This is demonstrated by the Daily Mail where a laptop was lost that contained employee information including names, addresses, bank accounts and sort codes. Surprise surprise, no mention of it on the Daily Mail website but they do happily mention the Ministry of Defense losing 3 laptops and that confidential home office cd found in a laptop sold on ebay. Talk about the pot calling the kettle black.

A growing technology is VOIP and there are a number of things, you can look for. Ideally, your voice network should be segregated from your data network using VLANs. Traditional phone/voicemail attacks may be used. There are two useful blogs that you may want to look into if you want to find out more, voipsecurityblog and Nortel.