Security Reporting and Tracking
Advisory Mailing List Archives
Please see our
Alerts section for a complete
security mailing list archive.
Attack Registry Intelligence Service Analyzer by SecurityFocus.
Securepoint BugTraq Mailing List Archive.
SecurityFocus BugTraq Mailing List Archive.
Computer Crime and Intellectual Property Section provides a summary of
recently prosecuted computer cases.
CERT Coordination Center
See also US CERT
The CERT Coordination Center (CERT/CC) is a center of Internet security
expertise, at the Software Engineering Institute, a federally funded
research and development center operated by Carnegie Mellon University. We
study Internet security vulnerabilities, handle computer security incidents,
publish security alerts, research long-term changes in networked systems,
and develop information and training to help you improve security at your
Recovering from an Incident - If you believe that your site may have
suffered a break-in or other type of incident, the CERT/CC has some
documents that can help you. Cert publishes annual
statistics since 1988.
Computer Incident Handling and Response Information:
CERT CSIRT Handbook
PDF | CSIRT
Root Compromise |
DOC Links |
Handling Steps |
NIST SP 800-61
Incident Handling |
Step by Step
OPERATIONS MANUAL Information Protection Center. Although dated, these
documents provide good insight for incident handling. IPC Overview
SUN Microsystems Blueprints Online - PDF Files
Responding to Customer's Security Incidents:
Part 1: Establishing Teams and a Policy |
Part 2: Executing a Policy
Part 3: Following Up After an Incident |
Part 4: Processing Incident Data
DShield.org was officially launched end of November 2000. Since then, it has
grown to be a dominating attack correlation engine with worldwide coverage.
While initially run as a volunteer effort, DShield.org has recently received
support from the SANS Institute.
This coalition, the Forum of Incident Response and Security Teams (FIRST),
brings together a variety of computer security incident response teams from
government, commercial, and academic organizations. FIRST aims to foster
cooperation and coordination in incident prevention, to prompt rapid
reaction to incidents, and to promote information sharing among members and
the community at large. Currently FIRST has more than 100 members.
Generally Accepted System Security Principles (GASSP).
The International Information Security Foundation (I2SF) - Sponsored
Committee to Develop and Promulgate Generally Accepted System Security
HERT Hacker Responce Team
HERT is a think pool of computer engineers and scientists specialized in
security and reverse engineering.
The High-Tech Crime Network presently consists of law enforcement agencies
and corporate security professionals from 15 countries. It is a network
operated by former law enforcement officers for law enforcement officers and
limited members of the private sector. The High-Tech Crime Network is not
affiliated with or operated by any law enforcement agency.
The Internet Fraud Complaint Center (IFCC) is a partnership between the
Federal Bureau of Investigation (FBI) and the National White Collar Crime
Center (NW3C). IFCC's mission is to address fraud committed over the
Internet. For victims of Internet fraud, IFCC provides a convenient and
easy-to-use reporting mechanism that alerts authorities of a suspected
criminal or civil violation. For law enforcement and regulatory agencies at
all levels, IFCC offers a central repository for complaints related to
Internet fraud, works to quantify fraud patterns, and provides timely
statistical data of current fraud trends.
INFOCON (Information Condition) Threat Centre, a major IWS research project,
was launched on the 1st of January 2001. The IWS INFOCON has affiliated with
InfoSec companies and hackers to provide its own news feed and cyberthreat
Any hacker will tell you that the latest news and exploits are not found on
any website -- not even Insecure.Org. No, the cutting edge in security
research is and will continue to be the full disclosure mailing lists such
as Bugtraq. Insecure.org provides web archives, updated in real-time, for
many of their favorite lists.
The Internet Routing Registry (IRR) is a next-generation database
development effort with participants from many international networking
organizations. Data from the Internet Routing Registry may be used by anyone
worldwide to help debug, configure, and engineer Internet routing and
addressing. Currently, the IRR provides the only mechanism for validating
the contents of a BGP session or mapping an AS number to a list of networks.
- Online Services List
This list by Forensicsweb.com contains a variety of ISPs and similar information services,
specifically, contacts at the legal departments for service of subpoenas,
court orders, and search warrants.
MARC - Searchable
Mailing List ARChives
MARC is an RDBMS (MySQL, to be exact) driven database of mailing list
messages, viewable and browsable by list, thread, author, or searchable via
a full-text search engine. As of 2003-03-24, the MARC archive has 13 million
emails across almost 1500 mailing lists, from just over a million different
authors. It gets about 350,000 new mails per month, and about 4.5 million
total web-hits per month.
myNetWatchman is a service that automatically aggregates the firewall logs
from a very large number of computers, analyzes these logs for evidence of
hacker or worm attacks, and notifies the ISPs where attacks are coming from.
As such, it provides a vital level of internetwork security.
The North American Network Operators' Group (NANOG) provides a forum for
the exchange of technical information, and promotes discussion of
implementation issues that require community cooperation. Coordination among
network service providers helps ensure the stability of overall service to
network users. Searchable NANOG Mailing List Archives from:
Network Operations Centers:
NOC list compiled by Jared Mauch.
Packet Clearing House Inter-Network Operation Center Dial-by-ASN
Bugtraq is the leading mailing list for IT Professionals who discuss
security exploits and security bugs in Windows NT, Windows 2000, Windows XP,
and related applications.
Open Source Vulnerability
OSVDB is an independent and open source database created by and for the
community. Their goal is to provide accurate, detailed, current, and
unbiased technical information.
Organization for Internet
OIS was formed to make it easier for security researchers and vendors to
work together to fix security vulnerabilities. Today, there are no
agreed-upon processes for handling security vulnerabilities. Every vendor
has different expectations about how security researchers should report
newly discovered vulnerabilities, the amount and type of information they
should provide, and so forth. Likewise, every security researcher has
different expectations about how often a vendor should provide status on
ongoing investigations, give credit to the finder, and so forth. The lack of
any consensus procedures complicates the process of fixing vulnerabilities,
and ultimately increases the risk that all computer users face. OIS was
formed as a unique partnership between leading security researchers and
vendors, for the purpose of proposing such processes.
The Open Web Application Security Project (OWASP) is dedicated to helping
organizations understand and improve the security of their web applications
and web services. This list was created to focus government and industry on
the most serious of these vulnerabilities. Web application security
vulnerabilities are highly exploitable and the consequence of an attack can
be devastating. These vulnerabilities represent an equivalent magnitude of
risk as network security problems, and should be given the same degree of
Postini, Inc. is the industry's leading provider of email security and
management solutions that protect email communications infrastructure by
preventing spam and attacks from reaching the enterprise gateway.
SANS / FBI Top 20 List
This updated SANS/FBI Top Twenty is actually two Top Ten lists: the ten most
commonly exploited vulnerable services in Windows, and the ten most commonly
exploited vulnerable services in Unix.
Incidents.org is a virtual organization of advanced intrusion detection
analysts, forensics experts and incident handlers from across the globe. The
organization's mission is to provide real time "threat-driven" security
intelligence and support to organizations and individuals.
Security Clipper is every security professional's best friend and saves you
hours every day by automating your ongoing search for the security-related
information that's relevant to YOUR needs. Security Clipper performs
real-time, up to the minute, searches of thousands of articles in dozens of
email mailing lists for the IT products or vendors you're interested in, and
puts just those matching messages you want into your personal, private
Security Clipper Inbox.
SecurityStats.Com was founded in April, 2000. The site was created out of a
perceived need for a central repository of interesting computer security
statistics, which could be used in research materials as well as corporate
security expenditure documentation.
Vulnerability Disclosure Publications and Discussion Tracking
A long and vivid debate for and against different vulnerability disclosure
models is still taking place. Sources that collect all these valuable
arguments are scarce. This document acts as a place-holder for related
contributions that we are aware of. Paper, articles and more informal
documents are grouped based on the type of publication. We hope that these
links are useful to anyone familiarising themselves with the scene or
planning further contributions.
Jared's NOC List