The Internet Storm center shares an important awareness related to the need for companies and individuals to better protect laptop security
Data Encryption - Important Privacy Protection
QUOTE: One of the challenges that any security professional is sure to face revolves around encryption and getting support/funding to put a solution into place. Not only is cost an issue, but there is the people factor to consider and their resistance to change. For the most part, people understand that the encrypting of laptop hard drives is a necessity. However, that only came about due to the mass amounts of laptop thefts and the publicity surrounding the data that was being stolen on those laptops. Even still, laptop encryption is not being done as it should be by many organizations.
Open Security Foundation - Annual Data Loss Statistics (53 page PDF)
Microsoft IIS Anonymous FTP vulnerabilities
Microsoft has issued security bulletin 975191 to warn for some FTP vulnerabilities, especially for the use of anonymous FTP accounts. This will most likely be patched soon and system administrators should monitor further developments closely.
Microsoft IIS FTP vulnerabilities
QUOTE: Microsoft has published an advisory on multiple vulnerabilities in the Microsoft FTP services bundled with IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0. At this time arbitrary remote code execution only works against IIS 5.0 running on Windows 2000 fully patched. On more recent versions a DoS condition occurs. If you are still running an Internet accessible FTP service you may want to take this opportunity to rethink running it under IIS. For internal instances I might monitor them very closely. One mitigation is to NOT allow anonymous connections (as indicated in the POC circulating on the Internet).
Microsoft Security Bulletin 975191