Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Information security on Twitter

From: John Morrison <john.morrison101 () googlemail com>
Date: Wed, 14 Apr 2010 10:59:32 +0100
Jan,

Personally I treat Tweets as unreliable. If I see something
interesting I will look for more reliable sources.

On 13 April 2010 17:55, Jan G.B. <ro0ot.w00t () googlemail com> wrote:

Hi Andrew,

2010/4/13 andrew.wallace <andrew.wallace () rocketmail com>:

Hi,

As I previously stated on Full-disclosure mailing list last month "We need a proper unbiased unmoderated 
comprehensive
directory of security researcher accounts." http://lists.grok.org.uk/pipermail/full-disclosure/2010-March/073648.html


So - is this a cross post? =)

Sadly, you failed to give a reply to the next posting in the linked
thread, which is this one:
http://lists.grok.org.uk/pipermail/full-disclosure/2010-March/073651.html


We need the government or a security company to come up with a solution, because security researchers are 
increasingly using Twitter to disclose information and are less and less using mailing lists to communicate.


That's totally absurd. An unbiased, unmoderated list moderated by the
(assumption: British?) government. Well... thanks for letting us know
.. errr, yeah.

Please back up the theory of researchers publishing solely on twitter!



We shouldn't be complacent in the use of Twitter and how much information is being post there and which might fall 
into the hands of the bad guys before the white hat security community learn of a threat.

To me its mandatory that a sustainable list of security researcher Twitter accounts are formulated and made 
available for the public to utilize.



It won't help you, because that list would carry thousands of
accounts. The owners of these accounts post stuff like "have to go on
the toilet" and you can then literally dig through it to find
something that's not just a "re-tweet", an echo of old information off
the web etc.. You can't believe it, hu? Here's a random link I just
clicked in the security-twits list: https://twitter.com/mattgiannetto
Here's another random goodie: compare the tweet date with the date of
the linked "new attack":
http://twitter.com/Revoltin1/status/11708088131

It's so pointless to maintain a list of "anything" when you write "If
you want to be added, just send your link here" on top of the list.

Anyway.. I don't think that your ongoing lobbying attempt against
mailing lists and especially against FD will be successful. No sane
security researcher "communicates" via twitter. The people there are
either seeking for attention or they are indeed marketing guys or just
some people who would like to promote their personal
blog/site/whatever (which is all quite the same, eh?).

Maybe it's time to focus on a new topic?

Regards



--- On Mon, 12/4/10, Sheldon Malm <Sheldon_Malm () rapid7 com> wrote:


From: Sheldon Malm <Sheldon_Malm () rapid7 com>
Subject: RE: Information security on Twitter
To: "andrew.wallace" <andrew.wallace () rocketmail com>, "security-basics () securityfocus com" <security-basics () 
securityfocus com>
Date: Monday, 12 April, 2010, 21:38

While no longer managed/updated, the Security Twits list
should probably be covered in its entirety.  This was
initially maintained by Jennifer Leggio (@mediaphyter) and
picked up by Zach Lanier (@quine).  The old site is here:
http://www.security-twits.com/ and the old list is
here: http://security-twits.com/twits.php





In addition to inclusion of this list, I would recommend
following the securitytwits lists on twitter at: https://twitter.com/securitytwits/lists






Sheldon Malm
Senior Director, Business Development & Security
Strategy



Rapid7 Recipient of Highest Ranking in Gartner's 2010
MarketScope for
Vulnerability Assessment http://www.rapid7.com/resources/gartner_marketscope.jsp





http://www.rapid7.com



http://www.metasploit.com




-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of andrew.wallace
Sent: Friday, April 09, 2010 11:08 PM
To: security-basics () securityfocus com
Subject: Information security on Twitter

Dear list,

Someone has made a list of information security Twitter
accounts

http://www.security-faqs.com/infosec-on-twitter




Is there more that need to be added?

Andrew







------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: