Blogs: Another Tool in the Security Pro's Toolkit (Part Two), 2003-08-06
“
The blog, and especially the RSS feed, are some of the newest tools available to the security professional.
”
Our starting point is the usefulness of blogs to professionals. Blogs are not a replacement for mailing lists or visits to trusted Web sites. However, they can be an excellent source of information and perspectives that you can't find elsewhere. But how can you tell that the information on a blog is accurate? The same way you validate the information from any resource: by asking questions. What is the source of the information? What do you know about the author? What do other folks say about the author and the information? Do the statements made fit in with other information you know? Does it pass your personal "gut check"?
Ask those questions as you check out blogs. If you find a blog that provides you with useful knowledge, then it can be a real treasure. Subscribe to its RSS feed, read it regularly, and make it another tool in your toolkit.
Blogging Best Practices
I talked about RSS feeds in my last column. Unfortunately, some blogs don't have RSS feeds, and that can seriously impair their value. For instance, one with really informative posts is "TaoSecurity", a blog dedicated to "network security monitoring, incident response, digital forensics," and more. But, while I might visit once in a while, it doesn't have an RSS feed, and since it doesn't have an RSS feed, I can't subscribe to it, which means that the site doesn't exist for me. If you want folks to use your site - not just visit, but actually use your site - then you must set up an RSS feed! People are just too busy to visit all the sites they find useful.
A plea to security pros interested in setting up their own blogs: make your RSS feeds obvious! If you're proud of your feed and want people to subscribe, then show them where it is. Use the little orange RSS button -
- which for some inexplicable reason says "XML" instead of "RSS". Those in the know are aware that the XML button indicates a URL pointing to an RSS feed. We'll use a smaller version of that image for the links in this article. For the many who don't know about the RSS button, bloggers should provide an obvious link, perhaps something along the lines of, "Subscribe to our news with this RSS feed". Failing to do so can drive potential subscribers away.In addition to a clearly labeled, detailed RSS feed, blogs should provide an email address so interested parties can communicate with the author. A calendar so visitors can easily jump to past days is a nice thing to have; a search engine is essential. If you post items using categories, provide a hyperlinked list of the categories so blog visitors can read only the types of posts they want to read. Most blogging tools provide these features.
You can aggregate any number of the thousands of feeds availabe by using an RSS reader on your desktop. A quick search on Google will give you a list of freeware RSS readers for whatever desktop environment you have.
Blogs of Note
Two RSS feeds should be subscribed to by every security professional: CERT
. The RSS feed includes information about CERT documents, advisories, notes, and more. It's a must. The other essential RSS feed is the BugTraq list , scraped and converted to RSS by djeaux.com. Actually, djeaux.com includes RSS feeds for 15 security mailing lists, so you should check it out.Some major companies are starting to provide official, company-sanctioned RSS feeds. Apple has a general feed titled "Apple Hot News" available
. It's not focused on security, but some items of interest to security pros will appear from time to time. Oracle has several feeds that might be of interest to security experts: "Oracle Technology Network News" has a general focus, but does include important security info, and Oracle expert Tom Kyte has a page listing several feeds devoted to technical issues. Cisco features the latest security news from News@Cisco ; it's a bit on the fluffy side, but provides nuggets of useful info. Microsoft's MSDN recently announced the addition of several new RSS feeds, including one devoted to Microsoft's efforts to develop "trustworthy" software . I'm sure it will be quite a busy feed.Curiously, some major IT corporations do not bother to provide any RSS feeds, let alone ones devoted to security. Red Hat, Computer Associates, Internet Security Systems, and IBM, I'm talking to you! Oh sure, you may be able to find RSS feeds written by employees of those companies, and those feeds can be tremendously informative, but an official source of news would be a great thing to have.
The MSDN example mentioned above brings up an interesting point about corporate RSS feeds. The information provided by MSDN is oriented towards developers trying to program more secure software. At this time, Microsoft does not provide an RSS feed to detail its many security issues. For that information, you'll need to subscribe to the "Microsoft TechNet - Security" feed
, which is not provided by Microsoft. Instead, it comes through NewsIsFree, which "scrapes" Web sites and then creates RSS feeds out of the information it gathers. For example, using NewsIsFree, you can create unofficial yet still valuable corporate RSS feeds for Symantec virus alerts and advisories on major security developments (and yes, Symantec does own Security Focus). If you're interested, just search NewsIsFree for "security" and you'll find lots of RSS-based resources to which you can subscribe.Analysts, and Software
Some magazine that cover the computer industry now provide RSS feeds of their content. Network World, for instance, provides several feeds, sorted by topic (including security
, privacy , wireless security , and identity management ), by company, by type of article, and by author. Other magazines do the same thing. Good sources include Computerworld, which provides a wealth of RSS feeds, subdivided in much the same manner as Network World and with even more security topics; InfoWorld, which provides only a few feeds and only one on security , but which does have an excellent technical overview of the XML makeup of an RSS feed (unfortunately, InfoWorld is now including advertising along with its RSS); and eWeek.Don't forget the online magazines. Wired News has a nice feed
, and it often includes items about security and privacy, as does CNET's News.com, which actually has several feeds available. Slashdot, which often carries stories of interest to those in the security field, has one of the busiest RSS feeds on the Net. One of my favorites is The Register, which provides an RSS feed containing its always entertaining content.Editor's note: SecurityFocus will be relaunching a set of RSS feeds in the near future. This will include vulnerabilities, news, infocus feature articles and weekly columnists.
RSS feeds can also come from analysts. Forrester has a feed for both reports that require subscriptions
and reports that are free with registration . There are some interesting security-related free reports, on topics such as "Anti-Money-Laundering Regulators Must Get Technology," "Online Credit Card Security Confidence Erodes," "Wal-Mart Drops Item-Level RFID Pilot: Big Whoop," and "Microsoft Buys Antivirus To Inoculate Its Platform." Unfortunately, to my knowledge, Forrester is the only analyst firm offering RSS feeds. How about it, Gartner? Meta Group? IDC?One Web site making innovative and extensive use of RSS feeds is SourceForge.net, an enormous Web site that hosts thousands of open source projects in an almost dizzying variety of areas. Each project now has its own RSS feed, which means you can track the progress of any software that interests you. For instance, Bastille Linux is a project designed to harden Linux installations by configuring daemons and settings. On the summary page for Bastille Linux, just click on the link for "RSS feeds" and you'll be presented with a list of possible feeds, including project summary, news, and file releases. Try it for any project. It's a fantastic resource.
Blogs by Individuals
For security pros, the best feeds are those that are not provided by the big companies. The best blogs are written by informed, passionate individuals who want to share their point of view. For instance, "joatBlog"
focuses on security and admin issues (but why doesn't he provide a clear link to his RSS feed?!), as do the excellent "Security Blog" and "WiFi Security Project" , both overseen by Matt Tanase, who also happens to be an author at Security Focus. You can also thank Matt for providing clear links to his RSS feeds. An excellent blog that I greatly enjoy is "Stupid Security" , which focuses on security measures that are unnecessary, unworkable, or unthinking.Once again proving the power of the non-corporate blog, "Troy Jessup's Security Blog"
provides detailed information about network security. "Kill-HUP" states that its focus is on Unix and information security, but it covers Microsoft territory as well. If you're interested in biometrics, electronic signatures, and related issues, then Scott Loftesness' "Digital Identity" blog is the place for you.Some bloggers associate their Web site with a book they've written. In spite of the commercial bent, these are often quite informative. Some examples are Glenn Fleishman's always excellent "Wi-Fi Networking News"
, which contains quite a bit about security in addition to general issues about the 802.11 family (the book, by the way, is The Wireless Networking Starter Kit); Paul Robichaux's "E2K Security" , focused on Microsoft Exchange (and helping to push Secure Messaging with Microsoft Exchange Server 2000); and "Mark O'Neill's Radio Weblog" , which covers, in addition to many other subjects, Web services (the book, unsurprisingly, is Web Services Security).If you're interested in privacy and intellectual property, which are certainly related to security, I have three essential blogs for you. Lawrence Lessig, our foremost legal authority on copyright and related matters, posts comments that are always worth reading
. Siva Vaidhyanathan is a professor at New York University and the author of several excellent books on copyright; his blog can be counted on for fascinating insights. Finally, Edward Felten's blog, "Freedom to Tinker" , which focuses on DRM and other security matters, is consistently enjoyable and just-plain level-headed. I consider it required reading, as I do all of the blogs mentioned in this paragraph. Think about it: with a simple news aggregator, you too can be privy to the thoughts, musings, and analysis of three of the most brilliant minds working today in the arena of intellectual property. It's a privilege.Finding Blogs and RSS Feeds
You can find useful security-focused blogs and RSS feeds by using search engines like Google. Try searching for things like "security weblog", "security blog", "security rss", and "security rss feed." It can be a hit-or-miss proposition, but you can turn up some nice finds.
Specialized search engines have been developed in the last couple of years that can help the process quite a bit. NewsIsFree, mentioned above, is essentially a search engine that helps you find RSS feeds. There are other Web sites that perform the same function, especially the amazingly comprehensive Syndic8 (try searching it for "security").
There are also search engines that let you subscribe to the results of your search as an RSS feed. For instance, go to Feedster and search for "intrusion detection system". Be sure you sort by date. When I did it, I received 163 hits, with the orange XML button at the top of the page pointing to an RSS feed that contains the top 7 hits. Subscribe to the RSS feed, and receive a continually-updated list of results. You can do the same thing with DayPop (which indexes 35000 news Web sites and blogs every day) and Google Alert!, which allows you to create RSS feeds based on the results of Google searches, and which I cannot recommend highly enough. One important hint: after you create your searches at Google Alert!, click on the "Toolkit" button to set up your RSS feeds.
Finally, you may find a blog that has not clearly labeled its RSS feed. You can try appending "index.rdf", "index.rss", or "rss.xml" after the site's URL, but that doesn't always work. Before giving up in frustration, give BlogStreet a try. BlogStreet has a wonderful feature - called "RSS Discovery" - which allows you to enter the URL of a blog and receive a link to that blog's RSS feed, if it has one. Now that is pretty darn handy!
If you've gotten this far, I would be remiss if I didn't mention that I have my own blog, GranneWeb, which covers news stories on a variety of topics, not always technology-related, including politics, open source, and intellectual property. The three feeds that would be of particular interest to Security Focus readers are, of course, dedicated to Security
, Privacy , and Intellectual Property . My blog is not nearly as great as most of those that I mentioned above, but it might provide some folks with some useful information.As the profession of security progresses, the tools used by professionals in the field progress as well. The blog, and especially the RSS feed, are some of the newest tools available to the security professional. Try 'em out - you might find them to be indispensable.
