Jason Coombs on Bugtraq:
"I wrote an information security book last year under contract with Microsoft Press. The book was never published -- among other things it explains truthfully the poor security condition of Windows and offers detailed instructions and advice for defending against Microsoft's bad business practices and incorrect security decisions.
URLs for the free electronic book are: (PDF) http://www.forensics.org/IIS_Security_and_Programming_Countermeasures.pdf (Raw Text/PNG Graphics --> safer!) http://www.forensics.org/jasonc/iisforensics.zip"