jueves, 14 de octubre de 2004

Insecure.org :: RSS newsfeeds

Desde la página de Djeaux puede accederse al listado de listas de correo de Insecure.org en formato RSS.

A continuación, enumero la descripción de las diferentes listas que pueden consultarse en Insecure.org.

-Bugtraq -- Arguably the most important Internet security list. Vulnerabilities are often announced here first, so check frequently!

-Full Disclosure -- An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.

-Penetration Testing -- While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

-Vulnerability Development -- A moderated list for discussing possible security issues and devising exploits for them.

-Security Basics -- A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I would recommend this list to network security newbies, but be sure to read bugtraq and other lists as well.

-Firewall Wizards -- Tips and tricks for firewall administrators

-VulnWatch -- A non-discussion, non-patch, all-vulnerability annoucement list supported and run by a community of volunteer moderators distributed around the world.

-VulnDiscuss -- This sister-list of VulnWatch allows for discussions about new vulnerabilities.

-Incidents -- Lightly moderated list for dicussing actual security incidents (unexplained probes, breakins, etc). Topics include information about new rootkits, backdoors, trojans, virii, and worms.

-Info Security News -- Carries news items (generally from mainstream sources) that relate to security.

-Security Jobs -- A popular list for advertising or finding jobs in the security field. Employers post openings and job seekers post resumes (run by SecurityFocus)

-IDS Focus -- Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

-Web App Security -- Provides insights on the unique challenges which make web applications notoriously hard to secure.

-MS Sec Notification -- Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products -- note how most have a prominant and often-misleading "mitigating factors" section.

-Honeypots -- Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.