Security Basics mailing list archives

Re: Vulnerability Data

From: lonervamp () gmail com
Date: Fri, 11 Feb 2011 12:52:01 -0700

Great question!

There is Zone-H.org (http://www.zone-h.org) which usually focuses on web defacements. Likewise the Vulnerabl Sites
Database (http://www.vs-db.info).

There is the datalossdb.org (http://datalossdb.org) which tends to focus on # of records lost and by whom, via public
records, but does also track the general breach types. I'm sure this gets interesting once an attack uses more than 1
weakness and it sometimes doesn't satisfy the questions that security persons have about specific incidents.

There is the sanitized annual Verizon DBIR paper
(http://securityblog.verizonbusiness.com/2010/07/28/2010-dbir-released/) which contains stats on distilled incident
details.

But I'm not sure there is something specifically that will document, on an ongoing basis, various attacks mapped to
discussions on how those attacks were performed/successful. Maybe not always in painful, recreation-type details, but
enough to make it clear where the biggest problems lie (SQLi, lack of laptop disk encryption, social eng, weak
passwords, LOIC/DDoS...) and that will include such hits as Gawker, HBGary Federal, Mozilla and Apple/AT&T last
year... Some attacks are interesting while others border on the inane (guessed security questions).

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Vulnerability Data Maverick (Feb 11)
- Re: Vulnerability Data Richard Thomas (Feb 11)
- Re: Vulnerability Data Brad Bemis (Feb 15)
- Re: Vulnerability Data Saif El Sherei (Feb 15)
- Re: Vulnerability Data Jeffrey Walton (Feb 15)
- Re: Vulnerability Data Jeffrey Walton (Feb 15)
- <Possible follow-ups>
- Re: Vulnerability Data lonervamp (Feb 11)
  - RE: Vulnerability Data Mikhail A. Utin (Feb 15)
  - Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 15)
    - Re: Firewall question - how easy is it to get thru - Proof Francois Yang (Feb 15)
    - RE: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 17)
    - RE: Firewall question - how easy is it to get thru - Proof Mark Brunner (Feb 18)
    - Re: Firewall question - how easy is it to get thru - Proof Todd Haverkos (Feb 15)
    - Re: Firewall question - how easy is it to get thru - Proof Jan Muenther (Feb 15)
    - Re: Firewall question - how easy is it to get thru - Proof Max Chow (Feb 17)
    - Re: Firewall question - how easy is it to get thru - Proof Gichuki John Chuksjonia (Feb 18)
    - Re: Firewall question - how easy is it to get thru - Proof Robson de Oliveira Albuquerque (Feb 17)

(Thread continues...)