Where to Go for Security Summaries
Recently, I presented my recommendations for security alert mailing
lists (Where to Go for Timely Alerts:
http://www.itworld.com/nl/lnx_sec/03052002). If you want timely, in-
your-face notification of issues that you need to address pronto, then
subscribe to those kinds of lists.
The other side of the coin includes lists recapping many security-
related issues. Such summaries may extend beyond just Linux issues,
which is good if you are administrating a heterogeneous environment or
if you simply want to smile at how many vulnerabilities have been found
in non-Unix operating systems.
Linuxsecurity.com
Linuxsecurity.com
(http://www.linuxsecurity.com/general/newsletter.html) -- by the folks
at Guardian Digital who created the EnGarde Linux distro -- has both an
excellent Web page and weekly summaries. Yes, I know I said I never
read Web pages for security info, but I lied. This one has pointers to
all the interesting articles you might want to read while you're
waiting for that compile to finish.
The site's "Security Advisories Weekly" details all the advisories
released during the previous week, while the "Linux Security
Newsletter" discusses those advisories and broader security issues as
well. Folks sometimes ask why Hackinglinuxexposed.com doesn't produce a
weekly security newsletter. The answer? Linuxsecurity.com already fills
that niche perfectly.
SANS
SANS (http://www.sans.org/sansnews) puts out a "Security Alert
Consensus" every week, covering all the vulnerabilities found that week
and grouped by OS. It also has the "SANS NewsBites" list, which gives
you quick snippets of security-related articles you may have missed.
Five to ten security professionals edit the NewsBites mailings.
Sometimes the best part of the mail is reading what the editors think
of the articles.
SecurityFocus Newsletter
This list provides quick links to SecurityFocus
(http://www.securityfocus.com) articles, the week's top security tools,
and summaries of SecurityFocus's BugTraq, Incidents, Vuln-Dev, and
other lists. This is an excellent list if you don't have enough
personal bandwidth to read all those mailing lists in real-time.
InfoSec News
ISN (http://www.c4i.org/isn.html) shoots copies of interesting security-
related articles directly to your email. The articles are very wide
ranging; they're usually not related to specific vulnerabilities, but
they do offer some enjoyable security reading. Volume ranges from one
to ten messages a day. Yeah, it's not a weekly security reminder, but
it's fun.
CERT Summary
Each quarter CERT (http://www.cert.org) publishes a list of the top
vulnerabilities out there on the big scary Internet. By the time this
comes out, you should have long since patched your machines. Subscribe
your manager to this list.
Remember, these lists should not replace time-sensitive security alerts
that you can get directly from your Linux distribution or other places
I mentioned in my previous article. However, they will help broaden
your security knowledge and give you a nice kick-in-the-butt should you
overlook one of the alert emails.
» posted by ITworld staff
ITworld
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
