zxcvbn tests (test xkcd-like passwords)
Schneier on Security: In Praise of Security Theater (Making things seem as secure as they really are)
The Six Dumbest Ideas in Computer Security
The OWASP Top 10 Website Vulnerability List
The Diceware Passphrase Home Page
SecLists.Org Security Mailing List Archive
Dropbox authentication: insecure by design
Kill the Password: Why a String of Characters Can't Protect Us Anymore | Gadget Lab | Wired.com
CWE - 2011 CWE/SANS Top 25 Most Dangerous Software Errors
A Few Thoughts on Cryptographic Engineering: A diversion: BEAST Attack on TLS/SSL Encryption
GRC's | Password Haystacks: How Well Hidden is Your Needle?
The Case for Elliptic Curve Cryptography - NSA/CSS (contains key size recommendations for three different types of encryption)
How Apple and Amazon Security Flaws Led to My Epic Hacking
Penetration Testing: Kali Linux
It’s Me, and Here’s My Proof: Why Identity and Authentication Must Remain Distinct
Static Detection of Malicious JavaScript-Bearing PDF Documents
… Green For The Anti-Pineapple | Pentura Labs's Blog
The Invisible Things Lab's blog: Evil Maid goes after TrueCrypt!
The Invisible Things Lab's blog: Anti Evil Maid
The Scrap Value of a Hacked PC, Revisited — Krebs on Security
SSL Labs: Deploying Forward Secrecy | Security Labs | Qualys Community
The Safe Mac » Mac Malware Guide
Schneier on Security: Changing Passwords
Schneier on Security: The Psychology of Security (Part 1)
So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users
Avoiding the Top 10 Software Security Design Flaws - CybersecurityInitiative-online.pdf
Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” | Ars Technica