Home page logo
SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

nmap-dev logoNmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

fulldisclosure logoFull Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. It higher traffic than other lists, but the relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Other Excellent Security Lists

bugtraq logoBugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

basics logoSecurity Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

pen-test logoPenetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

isn logoInfo Security News — Carries news items (generally from mainstream sources) that relate to security.

firewall-wizards logoFirewall Wizards — Tips and tricks for firewall administrators

focus-ids logoIDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

webappsec logoWeb App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

dailydave logoDaily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

pauldotcom logoPaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

honeypots logoHoneypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

microsoft logoMicrosoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

funsec logoFunsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

cert logoCERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

oss-sec logoOpen Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

securecoding logoSecure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

educause logoEducause Security Discussion — Securing networks and computers in an academic environment.

Internet Issues and Infrastructure

nanog logoNANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

interesting-people logoInteresting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

risks logoThe RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

dataloss logoData Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.

Open Source Tool Development

metasploit logoMetasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

wireshark logoWireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

snort logoSnort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

More Lists

We also maintain archives for these lists (some are currently inactive):
Declan McCullagh's PolitechTCPDump/LibPCAP DevSecurity Incidents
Vulnerability DevelopmentVulnerability Watch

Related Resources

Read some old-school private security digests such as Zardoz at SecurityDigest.Org

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]