Anyone who’s hung around me for a while knows that I’m a bit of a security geek. As such,I try to keep up on what’s going on in the industry and try to keep current on what’s going on in the vulnerability research community.
Yesterday, someone in my division asked me where I go to get my security-related news.
I thought about it a bit, and came up with a couple of places:
First off, there are a number of internal mailing lists I’m on, lots of times, other people post interesting stuff to them.
I also lurk on a couple of the mailing lists related to vulnerability disclosure (full-disclosure, bugtraq), although I find that the noise-to-signal ratio is somewhat high on them.
And I read Slashdot – again, a high noise-to-signal ratio, but the discussions can be quite fascinating (seriously).
For blogs, I read (in no particular order)
Matasano Chargen – consistantly interesting reading about a relatively wide range of vulnerability related topics
rdist: setuid – Nate Lawson’s blog.
Skywing – Ken Johnson’s blog – he does some fascinating research into reverse engineering.
Emergent Chaos – Adam Shostak and friends
Bunnie Huang – What can I say about a guy who has a scanning electron microscope in his living room?
Bruce Schneier – I don’t agree with a lot of what he says, but he’s always interesting.
Jesper Johansson – Always interesting, doesn’t post enough
Jeff Jones – He does MAD Statistics.
Alun Jones – Not much to say except “always interesting” (but then again everyone on this list fits into that category).
Mark Russinovich – Newly at Microsoft, does great “why does this happen?” tutorials where he shows end-to-end how he troubleshoots problems.
I’m sure I’ve got others but those are a good overview…
Edit: Sorry Skywing
Edit2: Fixed Alun Jones link.