RSS and Computer Security Intellegence Gathering

A short time ago, I created an OPML of computer security related RSS feeds. I hand this file out to all of my students and show them how to use google reader as an intelligence aggregation and threat response tool.

Simply put: using this OPML file (included below) and the search function within google reader (or any RSS aggregator) you can gather everything from current exploits, blog punditry, snort rules, and academic research on any computer security topic.

Try it out. Load the OPML (linked below) and the search for "Internet Explorer" (our favorite browser) and see what turns up. You won't be disappointed.

I've included a listing of sites below, and would appreciate it if you left a comment with links that I missed. Feel free to link against the OPML file, I'll keep the URL static for as long as I have this domain.

Computer Security OPML File

Here's an expanded list of the current Computer Security OPML File:

• Law and Privacy
  • EFF.org Updates
  • Groklaw
  • International Free and Open Source Software Law Review: Announcements
  • Slashdot: Your Rights Online
  • Threat Level
• Audio and Video
  • 2600: The Hacker Quarterly
  • An Information Security Place
  • CERIAS Security Seminar Podcast
  • Crypto-Gram Security Podcast
  • Hak5 – Technolust since 2005
  • OWASP Security Podcast
  • SANS Institute - ALL Upcoming Webcasts
  • Security Now!
  • Security Wire Weekly
  • SecurityTube.Net
  • Speaking of Security, the RSA Blog and Podcast
  • Threat Monitor
• Blogs
  • ADD / XOR / ROL
  • BackTrack Information Security Distribution
  • Blog - Schneier on Security
  • CiscoZine
  • DarkReading - All Stories
  • Delicious/tag/Security computer
  • Emergent Chaos
  • Google Online Security Blog
  • Hacking Exposed Computer Forensics Blog
  • Kaspersky Lab Weblog
  • Matt Blaze's Exhaustive Search
  • McAfee Avert Labs
  • Microsoft Malware Protection Center
  • Mike Rothman's blog
  • Moderated AppSec Feed - OWASP Foundation's shared items
  • my 20%
  • SANS Internet Storm Center, InfoCON: green
  • SecuriTeam Blogs
  • Security Blog by Nagareshwar
  • Security Watch
  • Securosis Blog
  • Selil Blog
  • SMBlog -- Steve Bellovin's Blog
  • StillSecure, After All These Years
  • Symantec Connect - Security - Blog Entries
  • TaoSecurity
  • The Security Development Lifecycle
  • TrendLabs | Malware Blog - by Trend Micro
  • tssci security
  • Zero Day
• Research
  • cs.CR updates on arXiv.org
  • EURASIP Journal on Information Security
  • Uninformed Journal
• News
  • .:[ packet storm ]:. - http://packetstormsecurity.org/
  • SecurityFocus News
  • The Ethical Hacker Network RSS News Feed
  • The Register - Security
  • The RISKS Digest
• Vulnerabilities
  • Collaborative RCE Tool Library - RCE Tools (including sub-categories)
  • Educational Security Incidents (ESI) - Sometimes the free flow of information is unintentional
  • Emerging Threats Wiki
  • Microsoft Security Bulletins
  • milw0rm.com
  • National Vulnerability Database
  • OpenPacket.org Capture Repo
  • OSF Data Loss - Latest Incidents
  • SecurityFocus Vulnerabilities
  • US-CERT Cyber Security Bulletins
  • VRT