dpsite.com [Information security news]

comp.news
net.tools
infosec.news

email.me
favorites
game.of.sticks
about.me

October 2006

Version 1.1

Security advisories and vulnerabilities (new)
Security advisories and vulnerabilities (archives)
Vendor and product security news
Email subscriptions
Miscellaneous information security news

SECURITY ADVISORIES AND VULNERABILITIES (NEW)

RSS Security News (OPML file, ready for import into your RSS news reader)
(DP - Selection of RSS news related to information security, for a variety of sources (more than enough to keep you busy)
Bugtraq and BugTraq (2)
(DP - BugTraq and other [will list later] archives)
ISS X-Force
(DP - look at Security Advisories and Security Alerts. excellent for brand new discoveries, including those they [ISS] identified)
@Stake
(DP - significant, contains only @Stake's discoveries)
eEye Advisories
(DP - significant, contains only eEye's discoveries)
PacketStormSecurity
(DP - essential resource with numerous unique additions, must-have)
Secunia Historic Advisories
(JK - near-real-time advisories from numerous platforms, also has free near-real-time email subscription notices)
SecurityFocus vulnerabilities
(DP - excellent resource with multiple vulnerability resources combined)
(JK - agreed, s/b placed in advisories category)
http://www.zone-h.com/en
(JK - not too much experience with the site - it's known for monitoring defacements. Also has news/advisories - it looks like it's updated, but also it just consolidates from other key sites such as SecFocus, CERT (although most sites do this…)
http://www.net-security.org/vulnerabilities.php
(DP - current vulnerabilities and advisories, need comparison/rating)
SecurityFocus vulnerabilities
(DP - don't leave home without it, many new/unpublished discoveries discussed here first, so it's good to pay attention to BugTraq)
SecurityNewsPortal
(JK - at the bottom they have some of the info consolidated from above sites [securityfocus, security tracker, MS, etc.], but its not updated real-time. I like this site for news and "smart-alec" commentaries, as well as the consolidated vulns/advisories, which are somewhat timely (usually a day behind the sources it uses))
Neohapsis
(AP - SANS critical vulnerability analysis newsletter often refers to this source)
(DP - This info is available in the Security Alert Consensus email notifications. Which is published first? Should test and recommend accordingly.)
CERT
(DP - essential for key published vulnerabilities. how quick are they in publishing new vulns?)
SecuriTeam
(DP - security news - general, Windows, Unix, need comparison/rating)
Securitytracker
(JK - very good (it's fairly complete), but the updates are always delayed a few days on purpose (unless you pay :-)
(DP - click on 'View All' or select specific vendor-based lists at the bottom-right of the screen)
http://www.xatrix.org
(DP - look at 'Advisories' and 'Vulnerabilities' sections, need comparison/rating)

SECURITY ADVISORIES AND VULNERABILITIES (ARCHIVES)

Common Vulnerabilities and Exposures (CVE) and a searchable National Vulnerability Database
(AP - standardized definitions database for vulnerabilities, not up to the minute information)
(JK - great if you are not in a hurry and need well-documented vulnerability information)

VENDOR AND PRODUCT SECURITY NEWS

Microsoft
(DP - windows)
http://www.microsoft.com/security/bulletins/archive.mspx (AP) and http://www.microsoft.com/technet/security/default.mspx
(AP - windows)
http://www.guninski.com/
(DP - windows)
Sun and Sun2
(DP - sun)
http://www.sun.com/software/security/index.xml
(DP - sun)
Cisco
(JK - cisco)
linuxsecurity.com
(JK - linux, good stuff, usually updated regularly)
http://www.securiteam.com/
(DP - multiple vendors)

EMAIL SUBSCRIPTIONS

US-CERT's mailing lists
(DP)
ISS's security advisory list
(DP)
SANS newsletters, including Security Alert Concensus
(DP - really good. past issues available here )
(JK - SANS Critical Vulnerability Analysis is GREAT!)
SecurityFocus Newsletters
(JK - various vendors, i.e., Linux/MS/etc.)
Information Security Magazine
(DP)
InfoWorld Security Adviser
(DP)
moreover.com
(DP)
Computerworld Security newsletter
(DP)
newOrder http://neworder.box.sk/index.php
(DP - needs evaluation)
OSDM newsletter
(DP - needs evaluation)

MISCELLANEOUS INFORMATION SECURITY NEWS RESOURCES

http://www.infosyssec.net/index.html
(DP - all sorts of useful things, including moreover.com news)
GigaLaw.com
(EB - Internet news with a legal slant, need comparison/rating)
The Risks Digest
(DP - draws on numerous resources for information security news, valuable for varied and in-depth understanding of computer-related risks, based on actual incidents)
http://www.securitynewsportal.com/
(DP - assisted by infosyssec.com, need comparison, if different)
http://www.networkworld.com/topics/security.html
(DP - security news resource, need comparison/rating)
http://www.compseconline.com/news.htm
(DP - LexisNexis computer security news online)
SC Magazine (news)
(DP - SC Magazine news, respectable resource, need comparison/rating)
http://computerworld.com
(DP - security news, need comparison/rating)
http://neworder.box.sk
(DP - not just news, a load of resources...more for exploration purposes than readily useful for security news)
http://www.newsnow.co.uk/newsfeed/?name=Encryption+%2F+Security
(DP - global news coverage on security, need comparison/rating)
http://www.newsnow.co.uk/newsfeed/?name=Hacking
(DP - global news coverage on hacking, need comparison/rating)
SANS Incident Response Center
(DP - good for trending)
http://www.antionline.com/index.php?action=forums
(DP - look at forums under 'Security Discussions', need comparison/rating)

Special Thanks to the editors and contributors (in alphabetic order):
Jonathan Kobrick ( STIGroup )
Danko Panchich
Artyom Poghosyan
as well as everyone else involved.