Someone was asking about Security vulnerability resources and I realized I probably hadn’t blogged about this..now mind you this is includes information on both patched and unpatched vulnerabilties… oh… in case you are wanting to know..what’s a security vulnerability?  An issue …sometimes with software..sometimes with hardware that can have some sort of exploit… so if you are a Network admin or Security nutcase like I am, you’ll want to keep an eye on these…


First and foremost …in my opinion the BASIC thing that every IT Pro, Admin or Consultant should sign up for is the “Comprehensive version“ of the Technical Security Notifications over there on Microsoft’s web site. There’s also Security RSS feeds [and I’ll review what RSS is in a sec on another blog post….]


Microsoft Security RSS feeds
Microsoft Technical Security Notifications:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
You want the comprehensive version that gives you the heads up advanced notices and what not

Then here is the next MUST have in my book…the blog named the top number one most useful Microsoft blog:


MSRC blog
http://blogs.technet.com/msrc/


Now then the rest of this list includes information about patched and unpatched stuff [a patch is where there is a software patch that can fix the software bug]


Secunia http://secunia.com/  RSS feed on the right

This one can be …..well… a bit over the top to say the least.. a lot of flaming and what not…
Full Disclosure
https://lists.grok.org.uk/mailman/listinfo/full-disclosure

Daily Dave
https://lists.immunitysec.com/mailman/listinfo/dailydave

Metasploit RSS feed
http://www.metasploit.com/

OSVDB mailing list
http://www.osvdb.org/mailing-lists.php

NTbugtraq…. not quite as useful as it was
http://www.ntbugtraq.com/

SecuriTeam
http://www.securiteam.com/mailinglist.html

SecurityFocus Mailing Lists:
http://www.securityfocus.com/archive


So what about you?  What listserves or RSS feeds do you read/subscribe to so you can stay paranoid?

 

Comments are closed.