Rack of Ethernet switches.

Security-Related Bulletins

Cybersecurity Bulletins

Get on some infosec mailing lists — current events and trends, advisory bulletins, etc. I have listed them in what think is an appropriate order for people getting into this area. Start with the ones at the beginning of the list and work your way down.

Start with Bruce Schneier's Crypto-Gram monthly newsletter. The Crypto-Gram contains a great overview of security philosophy that should be accessible to anyone, plus some technical details and pointers to the deep details. Schneier provides some fantastic guidance on detecting snake oil.

InfoSec News brings you 4 to 8 news items per day. Most are from newspapers and magazines, news with an information security angle. The message summarizes the story, often that's all you want right there. But it includes a URL to the full story, and the pages to which it links.

Dark Reading daily newsletters dig much deeper and contain far more technical content.

Ars Technica is a great source of information, although they don't have a mailing list of their own. But if you're on useful mailing lists, their articles will be pointed out.

Wired magazine has good cybersecurity information, especially in their Threat Level section.

Forbes magazine has a good online Tech/Security section.

James Fallows writes interesting things about cybersecurity from time to time in The Atlantic.

US-CERT issues Security Alerts and Security Tips for non-technical users, and Technical Security Alerts and Security Bulletins for more technical users. CERT mailings are very high level, even the more technical ones, and they don't (usually) appear until a fix is known. CERT advisories are nice reminders, but they should not be the way your technical staff first learns about a problem!
http://www.us-cert.gov

Help Net Security has their own news, and a weekly newsletter summarizing many other lists.

Bugtraq contains at least as many technical details about new exploits and defenses as most people want.

Full Disclosure has even more detailed information than Bugtraq.

The U.S. D.O.E. Cyber Incident Response Capability has technical bulletins about vulnerabilities and patches or remediation.

The RISKS-Forum Digest bi-weekly newsletter reports on all risky matters related to technology.

Cipher is a bi-monthly newsletter from the IEEE's Technical Committee on Security and Privacy.

Legal Aspects of Computer Crime may still be active.

Back to the main Security Page