February 26th, 2002, 08:57 PM
I notice earlier that it took CERT something like 15 days after microsoft posted a patch to send out a message warning about a buffer overflow in IE. About 10 years ago, sys admins all subscribed to CERT, because that was the first place to get news. Obviously, the way the internet runs now, 15 days after microsoft, means probably 30 days after the vuln is discovered. In that time, a lot of machines can be compromised.
I was just wondering where everyone went to get there most up to date security news. Is it the vendors sites, like microsoft and redhat? A security site like securityfocus? A maillist like bugtraq? Especially now that AO doesn't have News on the front page
February 26th, 2002, 09:02 PM
As much as I hate to admit it, Microsoft's Technet seem to be faster than CERT these days. There is a subscription feature there and, like I said, they seem to be pretty timely. (a must for a Microsoft shop )
February 26th, 2002, 09:29 PM
Is it the vendors sites, like microsoft and redhat? A security site like securityfocus? A maillist like bugtraq
i never rely on any one site...i visit them all...(that are relevant...we don't run linux here) as well as all of the major AV software vendors...it's amazing how differently they all respond...
just book mark em and make it a rountine with your morning coffee...
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson