Home page logo

basics logo Security Basics mailing list archives

Re: Information security on Twitter
From: "Jan G.B." <ro0ot.w00t () googlemail com>
Date: Tue, 13 Apr 2010 18:55:17 +0200

Hi Andrew,

2010/4/13 andrew.wallace <andrew.wallace () rocketmail com>:

As I previously stated on Full-disclosure mailing list last month "We need a proper unbiased unmoderated comprehensive
directory of security researcher accounts." http://lists.grok.org.uk/pipermail/full-disclosure/2010-March/073648.html

So - is this a cross post? =)

Sadly, you failed to give a reply to the next posting in the linked
thread, which is this one:

We need the government or a security company to come up with a solution, because security researchers are 
increasingly using Twitter to disclose information and are less and less using mailing lists to communicate.

That's totally absurd. An unbiased, unmoderated list moderated by the
(assumption: British?) government. Well... thanks for letting us know
.. errr, yeah.

Please back up the theory of researchers publishing solely on twitter!

We shouldn't be complacent in the use of Twitter and how much information is being post there and which might fall 
into the hands of the bad guys before the white hat security community learn of a threat.

To me its mandatory that a sustainable list of security researcher Twitter accounts are formulated and made available 
for the public to utilize.

It won't help you, because that list would carry thousands of
accounts. The owners of these accounts post stuff like "have to go on
the toilet" and you can then literally dig through it to find
something that's not just a "re-tweet", an echo of old information off
the web etc.. You can't believe it, hu? Here's a random link I just
clicked in the security-twits list: https://twitter.com/mattgiannetto
Here's another random goodie: compare the tweet date with the date of
the linked "new attack":

It's so pointless to maintain a list of "anything" when you write "If
you want to be added, just send your link here" on top of the list.

Anyway.. I don't think that your ongoing lobbying attempt against
mailing lists and especially against FD will be successful. No sane
security researcher "communicates" via twitter. The people there are
either seeking for attention or they are indeed marketing guys or just
some people who would like to promote their personal
blog/site/whatever (which is all quite the same, eh?).

Maybe it's time to focus on a new topic?


--- On Mon, 12/4/10, Sheldon Malm <Sheldon_Malm () rapid7 com> wrote:

From: Sheldon Malm <Sheldon_Malm () rapid7 com>
Subject: RE: Information security on Twitter
To: "andrew.wallace" <andrew.wallace () rocketmail com>, "security-basics () securityfocus com" <security-basics () 
securityfocus com>
Date: Monday, 12 April, 2010, 21:38

While no longer managed/updated, the Security Twits list
should probably be covered in its entirety.  This was
initially maintained by Jennifer Leggio (@mediaphyter) and
picked up by Zach Lanier (@quine).  The old site is here:
http://www.security-twits.com/ and the old list is
here: http://security-twits.com/twits.php

In addition to inclusion of this list, I would recommend
following the securitytwits lists on twitter at: https://twitter.com/securitytwits/lists

Sheldon Malm
Senior Director, Business Development & Security

Rapid7 Recipient of Highest Ranking in Gartner's 2010
MarketScope for
Vulnerability Assessment http://www.rapid7.com/resources/gartner_marketscope.jsp



-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of andrew.wallace
Sent: Friday, April 09, 2010 11:08 PM
To: security-basics () securityfocus com
Subject: Information security on Twitter

Dear list,

Someone has made a list of information security Twitter


Is there more that need to be added?


Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]