Articles

Specific articles I don’t want to lose track of (but have not mentioned in other posts)

• Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices (Electronic Freedom Foundation)
• NIST 800 series Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL’s research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.
• InfoSecResources is dedicated to increasing security awareness among layman users and the technology community. It should be of interest to technologists, information security professionals and business management. Direct access to security resources makes this site unique. With a few clicks, you have access to what you are looking for.
• Threat Geek (Fidelis Cybersecurity) threat advisories
• Trusted Computing Group
• SecurityMetrics.org
• Online Trust Alliance (OTA) 2011 Data Breach & Loss Incident Readiness Guide
• Microsoft Security Intelligence Report (SIR)
• Google Public Policy Blog
• How Google Handles IT Security – And What You Can Learn From It [video, 58 minutes]
• Google Apps vs. Microsoft Exchange [video, 58 minutes]
• TeamSHATTER The Leading Database Threat Resource
• 2007 Security by the Numbers By Tracy Mayor on June 5th, 2007 in IT Security
• 2009 CWE/SANS Top 25 Most Dangerous Programming Errors the most significant programming errors that can lead to serious software vulnerabilities
• 2010 CWE/SANS Top 25 Most Dangerous Programming Errors the most significant programming errors that can lead to serious software vulnerabilities
• Advanced Persistent Security blog Joe Gray et al.
• /dev/random Xavier Mertens
• Security Generation
• Coresec.org Information security blog
• Anitian Enterprise Security presentation and research papers
• Bitlocker in Windows 7 [pdf] Kevin Beaver
• IS Auditing Guide Business Continuity Plan (BCP) Review From IT Perspective [pdf]
• Common Internet Crime Schemes
• Default passwords
• Cryptome.org documents not normally available to the public. Whistleblower?
• How Does Secure Socket Layer (SSL or TLS) Work? Might be the most accessible answer to this popular question.
• John Michael Pierobon has many online courses, including an introduction to SSL
• How Google Analytics Works An accessible description, with examples.
• How To Build Cheap Cloud Storage 67 Terabytes for $ 7,867
• Build a 16TB (12TB w/RAID5) NAS device for the cost of the drives, motherboard, memory, RAID controller, fan, power supply and materials, and a weekend. [video] [video]
• IETF Recommendations for the Remediation of Bots in ISP Networks (draft 03) Applicable for large corporations as well
• Information Security & Technology at MIT Policy resources and a look at a mature environment
• Insider Threat Research How CERT does insider threat research
• Intel VPro VNC® Viewer Plus: Enabling remote access to the 2010 Intel® Core™ vPro™ Processor Family My three problems with VNC: Weak encryption (largely addressed in this implementation), an extra service consuming resources (not true with this implementation), and an extra interface (or “surface”) to defend. Log access and enforce strong passwords.
• Leaks Grow in World of Blogs Companies Search for New Ways to Stop Disclosures of Sensitive Information
• Mirror: The Protocol Informatics Project Identify protocol fields in unknown or poorly documented network protocol formats – Marshall Beddoe
• ShmooCon: P2P snoopers know what’s in your wallet Larry Pesce and Mick Douglas and information disclosed by users of peer-to-peer file sharing software
• Reality Check: Emerging Information Security Threats (Spring 2009) Video. Lenny Zeltser explores today’s emerging Internet security threats to help organizations fine-tune their defenses. Lenny examines attack patterns that have included the use of email as a gateway for fraud, the mighty power of network bots, the ferti
• Security Engineering by Ross Anderson Wiley has agreed to make the 1st edition (2001) free, and selected chapters from the 2nd edition are also free
• Sophos Security Threat Report (July 2009) [pdf]
• Storage Area Network (SAN) Learning Guide LAN, WAN, MAN … SAN?
• The 5 Most Dangerous Security Myths Erik Larkin, PC World, 01/06/2009
• The 60 Minute Network Security Guide [pdf] NSA UNCLASSIFIED I33-011R-2006 First Steps Towards a Secure Network Environment
• The Academy Pro How to videos (SourceFire, Nessus, Tenable, CheckPoint, Shavlik, Astaro …)
• Top Ten Database Security Threats [pdf] Imperva whitepaper
• Understanding IP Addressing [pdf] from 3Com, Everything You Ever Wanted To Know
• Packetstan packets and packet tools
• Understanding and Selecting a Database Assessment Solution [pdf] by Securosis Featuring AppSec
• Washington Post: Network Solutions Hack Compromises 573,000 Credit, Debit Accounts
• ZStack PRNG Fixed by Travis Goodspeed. Electric utilities with equipment using the MSP430 or Chipcon CC2530 should contact their vendors.
• HP pml faq
• Reliably Erasing Data From Flash-Based Solid State Drives [pdf]
• Security in virtualization: IDS/IPS implementation strategy by Dave Shackleford

Sources of consistently interesting articles

• Tao Security (Richard Bejtlich)
• Naked Security Blog (Sophos)
• Uncommon Sense Security (Jack Daniel)
• Positive Research Center
• Global Security Mag
• Google Online Security Blog
• Attack Vector
• eSploit the latest threats that occur around the globe. The site contains several segments like malware, exploits, Pen Testing and MalDomains, which are useful for malware and vulnerability/exploit researchers.
• Ben Edelman Adware, spyware, web browser malware research
• Black Hat USA 2009 presentations
• Command Line Kung Fu
• ConfigureTerminal.com Cisco tips and other tips for network professionals
• IOS Hints Cisco articles, seminars
• CSO Online – Security and Risk News, tools, templates
• Digital Bond Supervisory Control And Data Acquisition (SCADA) security topics
• EthicalHacker.net
• Ethical Hacking Tutorials
• Exotic Liability
• Google Online Security Blog
• Veracode Reports and Blog
• Help Net Security
• i-Hacked
• hackercool…….
• Information Security Guide: Effective Practices and Solutions for Higher Education
• Iron Geek
• IT Security Short articles on any topic. Not necessarily well-researched.
• Microsoft Security Intelligence Report (SIR) The changing theat landscape, updated twice a year.
• National Institute of Standards and Technology (NIST) Computer Security Resource Center Resources, important and useful publications
• NSS Labs Product evaluations (IDS, IPS, UTM, WAF) and methodology
• OSF DataLossDB Open Security Foundation collection of information about data losses
• PenTestIT new tools to support your framework
• Professional Security Testers Security testing
• SANS Internet Storm Center News
• SecureWorks Research Blog News
• SpywareGuide Greynets Blog
• SecureMac a site devoted to Apple Macintosh security and Mac OS X Security! Use the Side Bar to navigate the site, check this page frequently for updates and new security products for the Mac OS!
• Voice over IP Security Alliance (VoIPSA) VOIPSA’s mission is to drive adoption of VoIP by promoting the current state of VoIP security research, VoIP security education and awareness, and free VoIP testing methodologies and tools.
• Adobe Product Security Incident Response Team (PSIRT) Using Adobe products? Stay up-to-date on patch announcements and other mitigation recommendations.
• Apple Equipment Repair Unofficial manuals
• Bharath’s Security Blog Collector of Fake AV (Rogue AV)
• Brad’s Tech Tips
• Compliance & Privacy Bruce Schneier’s blob
• Darknet Ethical hacking, penetration testing & computer security
• De-ICE.net Thomas Wilhelm
• DEFCON Links-O-Rama Something for all tastes
• Dynamoo’s blog Current threat sources
• F-Secure blog
• hpHosts Blog
• Infinity Exists
• Infosec Island
• Jesse Kornblum’s blog Jesse Kornblum
• Kim Cameron’s Identity Blog
• Matthieu Suiche’s blog Root cause research
• Get Certified Get Ahead blog
• Microsoft’s Script Center Powershell, VB Script, for example
• Oracle and Oracle Security Pete Finnigan
• Push the Red Button Brendan Dolan-Gavitt
• Security Uncorked Jennifer Jabbusch, CISO, Network Security Specialist, CAD, Inc.
• SpywareGuide blog
• Sunbelt Blog
• TaoSecurity Richard Bejtlich
• Threat Level Wired magazine blog
• U.S.-EU Safe Harbor Framework privacy requirements when U.S. organizations do business in the EU
• Verizon Business Security Blog
• Windows Incident Response Harlan Carvey
• Information Security Magazine
• IT Security Short articles on any topic. Not necessarily well-researched.
• NextGov.com Technology and the Business of Government
• North American Network Operators Group (NANOG) Insider information about the state of the Internet (ISPs, outages, malware …), the actual news behind the broadcast news.
• SANS @RISK Critical Vulnerability Archives in one bulletin, you get the critical ones, what others are doing to protect themselves, plus a complete list of the full spectrum of newly discovered vulnerabilities.
• US-CERT The United States Computer Emergency Readiness Team has a variety of mailing lists and news feeds.
• White Hat World Calendar of events, vendor presentations
• Squidoo Computer Security lens
• Hackbloc and HackThisZine

Sources of information about current threats

• AV-Test.org See their collection of LINKS Anti Virus, Anti Spyware, Personal Firewalls, Security Suites, Corporate Editions, Online-Scanner, Virus Infos, Virus Libraries, Security Blogs AND their Update Frequency of Anti-Virus Software (number of updates in the past
• Bad Mal Web Russian Business Network (RBN) where are they now?
• Banking Information Security News Need security breach horror stories? The ones everyone hears about?
• CERTStation News Threat Management Advisory (TMA) Summary of recent activity
• CircleID Breaking Internet News, Opinions and Blogs
• Cyber-TA (Threat Analytics)
• Dark Reading Information Week Business Journal
• Department of Homeland Security (DHS) Daily Open Source Infrastructure Report
• Department of Homeland Security News email or RSS
• DShield Mirror of ISC. ISC uses the DShield distributed intrusion detection system for data collection and analysis. Submit firewall logs here.
• E Hacking News
• Emerging Threats More real threats that mainstream media doesn’t cover, with SNORT signatures and firewall rules
• Exploit-db Vulnerabilities. Take vulnerabilities seriously, and if it takes damples to become serious, then look here.
• ExtremeTech News, 802.11 tips
• GNUCITIZEN
• HostExploit Current threat news
• Hosts News More real threats that mainstream media doesn’t cover
• hpHosts Malicious URL list
• Immunity CANVAS Early Updates You may not be able to afford their test tool, but you may wish to follow the exploits as they appear.
• Malware Advisor
• Malware Block List Collects links to malware
• Malware Domain List (MDL) WARNING: All domains on this website should be considered dangerous. If you do not know what you are doing here, it is recommended you leave right away. This website is a resource for security professionals and enthusiasts.
• Malware Patrol Malware Patrol is a free, automated and user contributed system for verifying URLs for the presence of Viruses, Trojans, Worms, or any other software considered Malware.
• Malware Web Threats More real threats that mainstream media doesn’t cover
• MalwareURL Malicious URL list
• NIST’s CVE database
• Offensive Computing Submit a suspicious file AND more real threats that mainstream media doesn’t cover
• SANS Internet Storm Center (ISC) SANS
• Security Wizardry Computer Network Defence Operational Picture from Talisker Computer
• SecurityFocus Bugtraq mailing list
• Shadowserver Foundation Bot and botnet statistics and whitepapers, malware definitions,
• Spyware Sucks More real threats that mainstream media doesn’t cover
• Spyware Warrior
• SpywareGuide
• SRI Inc Malware Threat Center Most Aggressive Malware Attack Source and Filters, Most Effective Malware-Related Snort Signatures, Most Prolific BotNet Command and Control Servers and Filters, Most Observed Malware-Related DNS Names, Most Effective Antivirus Tools Against New Malware B
• Stop Badware
• sudosecure.net More real threats that mainstream media doesn’t cover
• Team Cymru Research NFP a specialized Internet security research firm and 501(c)3 non-profit dedicated to making the Internet more secure. By researching the ‘who’ and ‘why’ of malicious Internet activity worldwide, Team Cymru helps organizations identify and eradicate problems.
• TeMerc Internet Countermeasures Emerging Security Threats and News
• The H (formerly Heise Online UK) News, more Linux orientation than many
• Threatpost Kaspersky’s consolidated web threat news
• Twitter: Elcomsoft
• UnderForge of Lack More real threats that mainstream media doesn’t cover
• US-CERT
• Washington Post Security Fix column by Brian Krebs
• Web Hacking Incidents: Planting of Malware Successful web application attacks

Podcasts

• GetMon Podcasts for Cyber Security Professionals
• Hak5 Video
• PaulDotCom Not introductory. Lots of insider-speak. An interview, then the news.
• Radio Free Security Watchguard
• Security Buzz MX Logic