Where to Go for Security Summaries
Recently, I presented my recommendations for security alert mailing
lists (Where to Go for Timely Alerts:
http://www.itworld.com/nl/lnx_sec/03052002). If you want timely, in-
your-face notification of issues that you need to address pronto, then
subscribe to those kinds of lists.
The other side of the coin includes lists recapping many security-
related issues. Such summaries may extend beyond just Linux issues,
which is good if you are administrating a heterogeneous environment or
if you simply want to smile at how many vulnerabilities have been found
in non-Unix operating systems.
Linuxsecurity.com
Linuxsecurity.com
(http://www.linuxsecurity.com/general/newsletter.html) -- by the folks
at Guardian Digital who created the EnGarde Linux distro -- has both an
excellent Web page and weekly summaries. Yes, I know I said I never
read Web pages for security info, but I lied. This one has pointers to
all the interesting articles you might want to read while you're
waiting for that compile to finish.
The site's "Security Advisories Weekly" details all the advisories
released during the previous week, while the "Linux Security
Newsletter" discusses those advisories and broader security issues as
well. Folks sometimes ask why Hackinglinuxexposed.com doesn't produce a
weekly security newsletter. The answer? Linuxsecurity.com already fills
that niche perfectly.
SANS
SANS (http://www.sans.org/sansnews) puts out a "Security Alert
Consensus" every week, covering all the vulnerabilities found that week
and grouped by OS. It also has the "SANS NewsBites" list, which gives
you quick snippets of security-related articles you may have missed.
Five to ten security professionals edit the NewsBites mailings.
Sometimes the best part of the mail is reading what the editors think
of the articles.
SecurityFocus Newsletter
This list provides quick links to SecurityFocus
(http://www.securityfocus.com) articles, the week's top security tools,
and summaries of SecurityFocus's BugTraq, Incidents, Vuln-Dev, and
other lists. This is an excellent list if you don't have enough
personal bandwidth to read all those mailing lists in real-time.
InfoSec News
ISN (http://www.c4i.org/isn.html) shoots copies of interesting security-
related articles directly to your email. The articles are very wide
ranging; they're usually not related to specific vulnerabilities, but
they do offer some enjoyable security reading. Volume ranges from one
to ten messages a day. Yeah, it's not a weekly security reminder, but
it's fun.
CERT Summary
Each quarter CERT (http://www.cert.org) publishes a list of the top
vulnerabilities out there on the big scary Internet. By the time this
comes out, you should have long since patched your machines. Subscribe
your manager to this list.
Remember, these lists should not replace time-sensitive security alerts
that you can get directly from your Linux distribution or other places
I mentioned in my previous article. However, they will help broaden
your security knowledge and give you a nice kick-in-the-butt should you
overlook one of the alert emails.
» posted by ITworld staff
ITworld
Build your tech library with our book giveaways.
Windows PowerShell 2.0 Unleashed
By Tyson Kopczynski, Pete Handley, Marco Shaw; Published by Sams
Windows PowerShell Unleashed will not only give you deep mastery over PowerShell but also a greater understanding of the features being introduced in PowerShell 2.0–and show you how to use it to solve your challenges in your production environment. Enter now!
Ubuntu Server Administration
By Michael Jang; Published by McGraw-Hill Osborne Media
Realize a dynamic, stable, and secure Ubuntu Server environment with expert guidance, tips, and techniques from a Linux professional. Ubuntu Server Administration covers every facet of system management -- from users and file systems to performance tuning and troubleshooting. Enter now!
