Security Basics mailing list archives
Re: Information security on Twitter
From: "Jan G.B." <ro0ot.w00t () googlemail com>
Date: Tue, 13 Apr 2010 18:55:17 +0200
Hi Andrew, 2010/4/13 andrew.wallace <andrew.wallace () rocketmail com>:
Hi, As I previously stated on Full-disclosure mailing list last month "We need a proper unbiased unmoderated comprehensive directory of security researcher accounts." http://lists.grok.org.uk/pipermail/full-disclosure/2010-March/073648.html
So - is this a cross post? =) Sadly, you failed to give a reply to the next posting in the linked thread, which is this one: http://lists.grok.org.uk/pipermail/full-disclosure/2010-March/073651.html
We need the government or a security company to come up with a solution, because security researchers are increasingly using Twitter to disclose information and are less and less using mailing lists to communicate.
That's totally absurd. An unbiased, unmoderated list moderated by the (assumption: British?) government. Well... thanks for letting us know .. errr, yeah. Please back up the theory of researchers publishing solely on twitter!
We shouldn't be complacent in the use of Twitter and how much information is being post there and which might fall into the hands of the bad guys before the white hat security community learn of a threat. To me its mandatory that a sustainable list of security researcher Twitter accounts are formulated and made available for the public to utilize.
It won't help you, because that list would carry thousands of accounts. The owners of these accounts post stuff like "have to go on the toilet" and you can then literally dig through it to find something that's not just a "re-tweet", an echo of old information off the web etc.. You can't believe it, hu? Here's a random link I just clicked in the security-twits list: https://twitter.com/mattgiannetto Here's another random goodie: compare the tweet date with the date of the linked "new attack": http://twitter.com/Revoltin1/status/11708088131 It's so pointless to maintain a list of "anything" when you write "If you want to be added, just send your link here" on top of the list. Anyway.. I don't think that your ongoing lobbying attempt against mailing lists and especially against FD will be successful. No sane security researcher "communicates" via twitter. The people there are either seeking for attention or they are indeed marketing guys or just some people who would like to promote their personal blog/site/whatever (which is all quite the same, eh?). Maybe it's time to focus on a new topic? Regards
--- On Mon, 12/4/10, Sheldon Malm <Sheldon_Malm () rapid7 com> wrote:From: Sheldon Malm <Sheldon_Malm () rapid7 com> Subject: RE: Information security on Twitter To: "andrew.wallace" <andrew.wallace () rocketmail com>, "security-basics () securityfocus com" <security-basics () securityfocus com> Date: Monday, 12 April, 2010, 21:38 While no longer managed/updated, the Security Twits list should probably be covered in its entirety. This was initially maintained by Jennifer Leggio (@mediaphyter) and picked up by Zach Lanier (@quine). The old site is here: http://www.security-twits.com/ and the old list is here: http://security-twits.com/twits.phpIn addition to inclusion of this list, I would recommend following the securitytwits lists on twitter at: https://twitter.com/securitytwits/listsSheldon Malm Senior Director, Business Development & Security Strategy Rapid7 Recipient of Highest Ranking in Gartner's 2010 MarketScope for Vulnerability Assessment http://www.rapid7.com/resources/gartner_marketscope.jsphttp://www.rapid7.comhttp://www.metasploit.com-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of andrew.wallace Sent: Friday, April 09, 2010 11:08 PM To: security-basics () securityfocus com Subject: Information security on Twitter Dear list, Someone has made a list of information security Twitter accounts http://www.security-faqs.com/infosec-on-twitterIs there more that need to be added? Andrew
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Information security on Twitter andrew.wallace (Apr 12)
- RE: Information security on Twitter Sheldon Malm (Apr 12)
- RE: Information security on Twitter andrew.wallace (Apr 13)
- Re: Information security on Twitter Jan G.B. (Apr 13)
- Re: Information security on Twitter John Morrison (Apr 14)
- Re: Information security on Twitter David Kovar (Apr 15)
- Re: Information security on Twitter Jan G.B. (Apr 15)
- Re: Information security on Twitter Yousef Syed (Apr 16)
- RE: Information security on Twitter andrew.wallace (Apr 13)
- RE: Information security on Twitter Sheldon Malm (Apr 12)
- Re: Information security on Twitter Eric White (Apr 13)
- Re: Information security on Twitter Todd Haverkos (Apr 13)
- <Possible follow-ups>
- Re: RE: Information security on Twitter b4v3ks37gg (Apr 13)
- RE: RE: Information security on Twitter Lauren Twele (Apr 13)