Thanks for the link chuck, will check it out right after this gets posted.

As we all know no one should even think of being on the internet without a firewall, patches and all the other stuff that goes along with it. New exploits come out all the time. Many are actually discovered by those who want to break into your machine and don’t care about getting high paying security consulting contracts. When one of these is found no cert advisories are given until after its been in the wild for a while. No patches have been made yet. Sigs have not been entered into IDS configurations. These sploits are OS specific. Unless someone tailor made one with you in mind, scan databases are checked for machines that fit the conditions of the exploit. If a binary bugler gets to your machine and finds his sploit doesn’t work h/she simply moves on to the next. Its only a matter of time before its discovered and patches are made.

I thought it might be helpful to compile a list of hints in this area, collected from AO members give it to msmittens for the news letter/zine if there were enough to make it worth while.