Going Security and Privacy - A Look At Blogs and Newsfeeds

In my new position at a Big Four audit firm here in Tokyo, I will have to lead, coordinate, promote, and execute within the Security & Privacy Services team.

STOP!

Within a single sentence above, I have provided all the clues any one would need to deduce which Big Four firm I am talking about. Heh... hold on a couple days. I will send an announcement out in a couple days. I start work on Thursday next week, and since it will be much narrower of a working requirement than I have recently undertaken, I have been assembling a listing of security blogs. First, I just started with the first blogs that came to mind, like SANS Reading Room (news feed) then Schneier on Security (blog) and worked from there. Then I started up DevonAgent and performed an intelligent deep search for "security blog", which finished several hours later with a solid listing of 148 hits.

The listings are mixed between personal and organizational, are not distinguished between a newsfeed or a blog, and listed in alphabetical order. The idea behind this little project was to create a listing of news sources that one could scan briefly and daily for the latest news, so of course, all 148 hits listed are not included in the list. If you use Newsfire (OS X), you can import this file to list all the sources, and here is the listing in OmniOutliner format. Again, just to clarify, the listing is in alphabetical order and does not reflect any ranking of the sites.



Organizational
Most of these news sources speak for themselves, but a couple popped up that I haven't paid much attention to or noticed. First, the SANS Reading Room has come a long way since I last read the material a couple years ago. The subjects covered are now more narrow and deeper, so when a paper gets posted, it's probably worth the time to see if the subject is in your area of security or not. Another feed that surprised me because it is right down my area of expertise is the Build Security In site. Finally a security site that focuses on the basis of many, if not most, security issues - secure software development and programming!

• @RISK: The Consensus Security Alert: feeds.feedburner.com—SansInstituteAtRiskAll
• Black Hat Announcements: www.blackhat.com—BlackHatRSS.xml
• BSI - Build Security In - Dept. of Homeland Security: buildsecurityin.us-cert.gov—normal-rss.xml
• CERT Announcements: www.cert.org—cert_announcements.rss
• CGISecurity.com: www.cgisecurity.com—index.rss
• Computer and Network Security, Malaysian Style: security.org.my—index.php
• Digital Common Sense: feeds.feedburner.com—DigitalCommonSense
• Google Online Security Blog: feeds.feedburner.com—GoogleOnlineSecurityBlog
• Latest Secunia Security Watchdog Blog Entries: secunia.com—o.rss
• OSVDB Blog: osvdb.org—blog
• Packet Storm Security Last 20: packetstormsecurity.org—whatsnew20.xml
• SANS Information Security Reading Room: feeds.feedburner.com—SansInstituteRRLast25
• SecuriTeam Blogs: blogs.securiteam.com—feed
• Security Bytes: feeds.feedburner.com—SecurityBytes
• Security Fix: blog.washingtonpost.com—index.xml
• Security Resources on ZDNet: updates.zdnet.com—security.html
• SecurityFocus News: www.securityfocus.com—news.xml
• Vulnerability Analysis Blog: www.cert.org—rss.xml
• WindowSecurity.com: rss.windowsecurity.com—allnews.xml
Personal

Some of the authors listed below because I labelled their sites as 'personal', but I just call them like I see them. Of course Bruce Schneier is deserving of organizational status, but a quick peruse of his site lends a very personal (good) feeling. Dancho needs to take some medicine and mellow out a bit, but his postings are worth perusing regularly. Also, Mark Collier's VOIP Security Blog offers some good information worth staying on top of.

• d4rkr1d3r's Computer Security Blog: synthasoft.blogspot.com—default
• Dancho Danchev's Blog: feeds.feedburner.com
• David Lacey's IT Security Blog: www.computerweekly.com—atom.xml
• Derek Slater's blog: blogs.csoonline.com—feed
• Digital Soapbox - Security, Risk & Data Protection Blog: preachsecurity.blogspot.com—default
• Jeremiah Grossman: jeremiahgrossman.blogspot.com—default
• Kees Leune: feeds.feedburner.com—kees
• Mark Collier's VoIP Security Blog: voipsecurityblog.typepad.com—index.rdf
• Laptop Security Blog: blog.absolute.com—atom
• Recognize-Security: www.rec-sec.co.il—feed
• Schneier on Security: feeds.feedburner.com—fulltext
• securitymetrics.org : www.securitymetrics.org—rss.jsp
• The Security Skeptic: www.securityskeptic.com—feed.xml
• Writing Secure Software: http://securesoftware.blogspot.com