Category Archives: Information Security Sites

Best information security news and email feeds

Here are the information security news feeds/email subscriptions I subscribe to in order to stay current with the latest in information security news. Drop me a line if you have others that you follow that should be added to the list. I am including details about average number of posts per week when they are available because I know it is easy to get swamped in reading material and understanding frequency of publishing vs. value you get from it is important so you can efficiently use your time.

RSS subscriptions

  • SANS Newsbites – SANS is my go to resource for information security related news and training.
  • All of the US-CERT feeds – I view the US CERT organization as a leading authority along with SANS and subscribe to all of their feeds most of them average less than 1 per week which is manageable.
  • NIST.ORG – Network Information Security & Technology News organization is a leading authority on all things information security.
  • Help Net Security – Excellent source with concise articles detailing the latest in information security threats, tools, and news.
  • Krebs on Security – Nice in depth security investigations especially around the underground criminal market in information security assets.
  • Darkreading Weblog – Good source for staying on top of the latest security compromises and exploits. Averages 20 posts per week
  • Infoworld Security Blog – Covers a variety of diverse and useful information security topics. Averages 1 post per week
  • Experian Data Breach Blog – Provides info around data breaches and things you can do to help stay secure. Averages 1.2 posts per week
  • SearchSecurity: Threat Monitor – Good summary of current information security threats in the wild. Averages .2 posts per week
  • SearchSecurity: Security Wire Daily News – Feed for general information security information around a variety of topics. Averages 3.5 posts per week
  • Qualys Newsletter – Security feed put out by Vendor Qualys I use it to get a vendor’s take on vulnerabilities and vulnerability management best practices. Averages .7 posts per week
  • Eeye Security Blog – Eeye Digital Security’s blog for keeping track of their information security ideas and news. Averages 1.6 posts per week.
  • SC Magazine Cybercrime Corner – Another source for staying on top of cybercrime news. Averages 2 posts per week.

Email newsletters

  • SANS Security Awareness Newsletter – Nice monthly newsletter that can be used for internal information security awareness campaigns.
  • SANS @RISK Newsletter – Weekly newsletter that summarizes the top 3-8 vulnerabilities that currently matter most and how to mitigate the risk from them.
  • Security Focus Mailing lists – I subscribe to a few of the many different mailing lists they offer including Web Application Security and Penetration Testing. I used to subscribe to the popular BUGTRAQ but opted out due to the volume.
  • Slashdot newsletter – Useful cutting edge information security stuff here but I get the summary newsletter because the general RSS feed is very busy and difficult to stay on top of.
  • Microsoft Monthly Newsletter – Nice email newsletter for those of you using and trying to secure Microsoft products
  • Apple security mailing list – For you Apple fans to keep on top of security issues (yes security things happen on Apple devices too, and expect it to expand in the future)

 

10 Top Websites for Information Security

Coming up with a Top 10 information security resource list like this is always subjective and based on personal preferences. So with that disclaimer out of the way here are my 10 favorite information security sites out there today. I regularly follow all 10 of these and try to comment and be active as much as possible on several of them.

Top 10 Information Security Sites

Krebs on Security

I consider Brian Krebs to be the leading information security reporter out there right now and it is convenient all of his stuff is easily available online. I love his material highlighting the risks that small-mid size businesses face while banking online. His coverage of the hacking underground economy is also a fascinating look into the economics behind the hack for profit crime culture. Favorite posts:

Dancho Danchev’s Blog

Dancho is an information security consultant whose posts specialize in cyber counter intelligence focusing on the current threats facing both individuals and corporations. There is a wide range of topics from the latest in bot net dissection to the inside workings of money mule recruiting. Favorite posts include:

TaoSecurity

Information Security professional Richard Bejtlich’s blog is a personal favorite of mine for the in depth reviews of information security related materials. I follow Richard on twitter as well and also enjoy his posts around the US-China relationship and the cyber security rivalry that exists between the powers. Favorite posts:

 

Ars technica

Their work on the Anonymous v.s HB Gary was so riveting that it deserved an award and it would have made for a fabulous Hollywood screenplay. I always link in to see what they have to say with respect to Anonymous and other high profile information security incidents. Favorite posts:

 

Lenny Zeltser on Information Security

I discovered this gem a little later in the game vs. a lot of these other sites but I really love the content. This is probably the site that is the closest to targeting the same type of audience that I write for. I will definitely be spending a lot of time catching up on the content here. Favorite posts so far:

 

ThreatChaos Security Blog

I love eye appealing design of this site and the content is top notch too. A lot of the subject matter in 2011 has focused on the information security exploits of China and Google. My favorite posts:

Roger’s Information Security Blog

Roger focuses his content from the perspective of a hands on information security practitioner and it is good to keep up with his latest writings. Roger has a ton of information security certifications and experience and a wealth of knowledge. Favorite posts:

 

Uncommon Sense Security

Great simple information security blog resource to keep up with Jack Daniel’s take on current issues (awesome name too). Favorite posts:

Kai Roer on Security

I first ran across Kai’s blog via some other people I follow on twitter and it has been a good find as I have enjoyed several of his recent posts. Kai focuses on current events in the information security industry and his material is more at a managerial level vs. that of a technical person. Favorite recent post:

Schneier On Security

Schneier on Security

Bruce Schneier is operating at near deity level when it comes to the field of information security so it would be outright heresy not to include him on the list. I like to check out his blog on occasion although I tend to focus more on business risk mitigation vs. detailed technical analysis. Alot of the posts are archived and hard to link but a current favorite post is:

Hopefully you have picked up some new information security resources by reviewing the information security site top 10 list. Feel free to disagree and make suggestions as to what I missed as I always have an appetite for new information.