Dissemination of security information on the Internet
Mailing lists
There are many security orientated mailing lists on the Internet;
these four, at least, are essential. You can get any of them by
sendmail mail to the URL listed below:
Vendors
Vendors often have their own security mailing lists; in addition, they
usually have an ftp or WWW site that provides patches and
other information. ISS
keeps a good list of these on-line.
CERT also has some interesting information
about vendors and their OS vulnerabilities.
SGI has
an very nice page on various places to get web information
and patches, as well as locations of mailing lists and other niceties
in their "information
vault".
Newsgroups
Newsgroups (aka netnews, Usenet, etc.) have fallen slightly out of
favor, but they still contain a plethora of information about security
on the Internet, and are a fine resource if you have a general question
or simply would like to keep up to date on the latest security issues and
problems.
Miscellaneous Internet sites of note
- Wietse's site.
He's so cool, and has a very good all-around security site to boot.
- The l0pht. This place rules.
With the cult of the dead cow and the infamous deth vegetable,
who wouldn't? The names (site and individual) alone are enough
to justify HOF status in my book.
- No more Secrets! Run by
Aleph1, owner of the bugtraq mailing list. Needs some updating,
but has a lot to offer.
- Spaf's hangout.
He had a bunch of slave labor put this together; a good location to
get all the stuff that you know is out there but don't know where.
- International crypto
pages. Tres cool. A very nice piece of crypto-web work,
and well worth looking at for a ref. Of course it's outside the US -
we couldn't have any of that nasty US crypto stuff getting out into
the uncivilized world, eh?
- The RSA sig place. Cool
spot run with a good cause. What more do you want?
- Peter Galvin's SunWorld column.
Peter has been writing these for over a year, and put together a
very fine set of articles on security. Although they always have
a Sun focus, they are very good examples of quality security writing.
Lately they've been suffering in quality, going for flash rather
than substance, but be sure to check this out, especially the
older articles.
- Tons of things from fc.net.
What's the deal with all these ftp sites, anyway?
- The NT page.
Very nicely done, in the great tradition of giving away
useful information. The best write up on NT
security I've seen (throw away that godawful microsoft press book!)
Books & papers
Although not always on the WWW, I feel that I should point out several
very good written resources/references; these lists were created by my pal
Aleph1 (who is a very
smart and cool guy and the maintainer of the aforementioned bugtraq
mailing list and underground.org WWW site):