[KLUG Members] Security list info

[Tony Gettig]

Hi folks,


>From the "For What It's Worth" department:

The only thing worse than an unpatched and insecure system is a
*compromised*, unpatched, and insecure system. With the Linux momentum
ever growing, I think it is important to keep our systems up to date.

Up2date is a great way to stay current with Red Hat, and other distros
have similar "auto-update" features. Even so, you may want to get the up
to the minute info on the latest vulnerabilities...like the one in Snort
that was just reported...which by the way is in the current version of
IPCop, if you're using the Intrusion Detection System of that firewall. (I
hope they update it soon!)

So here are some places I've found handy. They aren't Linux exclusive, but
it's great to see how fast the Linux vulnerabilities get resolved. The
other operating systems aren't always as fast. :)

http://www.sans.org - they have a great security vulnerabilities list, and
their conference is outstanding!

http://www.secunia.org - they just started a new security advisory list.
It's higher traffic than SANS and a bit more thorough.

http://cve.mitre.org - great place to get technical info on vulnerabilities.


http://isc.incidents.org - want to know what the latest attacks are and
what ports are being targeted? Check here!

http://www.cert.org - federally funded security info. (tax dollars at work!)


http://www.fedcirc.gov - I'm new to this one, but it looks OK at first
glance. From their site: "Effective March 1st, the FedCIRC officially
became part of the Department of Homeland Security's Information Analysis
and Infrastructure Protection (IAIP) Directorate."

How about you? Do you have a favorite site for keeping up to date?