secretrobotron writes "I'm a recent university graduate from a co-op system which has kept me on the move every other semester, so I've never really had a permanent place to live, and I've never had the opportunity (or the capital) to buy expensive things. Now that I'm working, those restrictions on my life are gone and I'm living in an apartment with things I don't want stolen. I would love to build a DIY home security system, but I don't even know where to start since Google searches reveal things like diysecurityforum.com, which help only to an extent for a curious newcomer. Has anybody out there successfully built a home security system on a budget? If so, where did you start?" Related query: When similar questions have come up before, many readers have recommended Linux-based Zoneminder (last updated more than a year ago); is that still the state of the art?

An anonymous reader asks: "Microsoft Windows, from 2000 forward (except ME) offers secure certificate and private storage at the OS level in what is called a protected store. Offline, it's encrypted by a combination of the user's password and a session key stored on the filesystem. When the OS is running, the private keys stored are available to the logged in user, optionally encrypted with another password. The keys are stored in protected memory, so no applications can access them without going through the Microsoft CAPI calls. This code also is FIPS 140-1 level 1 (the best one can get for software cryptography modules) compliant." Does any other OS provide this kind of feature at the OS-level? If so, who? If not, why?

An anonymous reader writes, "A spam-sending Trojan dubbed 'SpamThru' is responsible for a vast amount of the recent botnet activity which has significantly increased spam levels to almost three out of every four emails. The developers of SpamThru employed numerous tactics to thwart detection and enhance outreach, such as releasing new strains of the Trojan at regular intervals in order to confuse traditional anti-virus signatures detection." According to MessageLabs (PDF), another contributor to the recent spam increase is a trojan dropper called "Warezov."

SurturZ writes "The Industrial Relations Commission of New South Wales, Australia, has ordered a company to reinstate an employee who downloaded porn onto a work laptop, even though it was in contravention of his workplace's code of conduct. From the article: the IRC said there was an 'air of automatically' about the annual signing off of employees on NCR's code of conduct, 'a degree of mechanical, unthinking routine in employees making a commitment to abide by the code.'" So, I think most of us can agree, porn at work == bad, but recognition that Click EULAs/other agreements are not binding is probably good. The question is — what replaces them?

Carl Bialik from WSJ writes "Microsoft is entering into an unusual partnership with Novell that gives a boost to Linux, people familiar with the companies tell WSJ.com. From the article: 'Under the pact, which isn't final, Microsoft will offer sales support of Suse Linux, a version of the operating system sold by Novell. The two companies have also agreed to develop technologies to make it easier for users to run both Suse Linux and Microsoft's Windows on their computers. The two companies are expected to announce details of their plan today at a press conference in San Francisco. In addition, Microsoft won't assert rights over patents over software technology that may be incorporated into Suse Linux, the people said. Businesses that use Linux have long worried that Microsoft would one day file patent infringement suits against sellers of the rival software.'"

adamdrayer writes "Wired recently conducted an interview with Pete Ashdown, the tech-minded ISP owner who is hoping for a major upset in the race for Utah's Senate seat against long-time incumbent Orin Hatch. Ashdown hopes to help pave the way for better decision-making on the Hill regarding technology. Hatch is among the more conservative politicians on the issues of 'digital privacy' and 'fair use,' while one of Ashdown's main objectives is to reform the Digital Millennium Copyright Act."

An anonymous reader writes, "Netcraft has discovered that the social networking site MySpace appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form submits the victim's username and password to a remote server hosted in France." From the article: "The hackers have engineered a fake login form on MySpace's own web site. Netcraft has notified MySpace of the issue, although it currently remains live. Because the fraudulent login page is hosted on MySpace's own servers and does not exhibit any signs of external content, such as cross-site scripting or open redirects, it is convincing and even security-conscious users are at risk of becoming victims. The attack is launched from a profile page, where the username is login_home_index_html, and uses specially-crafted HTML in order to hide the genuine MySpace content from the page and instead display its own login form." This Washington Post story from a few months back explains what's in it for the phishers.