Download presentation
Presentation is loading. Please wait.
1
Security Information Dissemination: The Powers of RSS for Security Weblogging (Blogging) Dana M. Epp Computer Security Software Architect Scorpion Software Corp.
2
“Security delayed is security denied. There is more information than you can read or absorb. That means you might miss some key points, trends, warnings, or fixes. And the price for missing them can be enormous.” - Scott Granneman Columnist, SecurityFocus
3
Overview What is RSS and blogging? History of RSS RSS and Productivity Technical Timeout: What RSS Looks Like How to read RSS – The Aggregator. Dana’s Top 10 Security RSS Feeds Questions and Answers
4
What is RSS? RSS stands for “Really Simple Syndication” RSS is a dialect of XML that provides web and news content syndication. But it's not just for the web or news. Pretty much anything that can be broken down into discrete items can be syndicated via RSS: the "recent changes" of a vendor software, a changelog of CVS checkins, even the revision history of a book.
5
Quick Blogging Glossary RSS: Really Simple Syndication RDF: Resource Description Framework Blog: Short for Web log Aggregator: Tool to read RSS feeds
6
History of RSS Original version developed by NetScape as RSS 0.90 as a format for building portals of headlines to mainstream news sites. RSS 0.90 found to be overly complex for its goals; a simpler version, 0.91, was proposed and subsequently dropped when Netscape lost interest in the portal-making business. Dave Winer at UserLand Software picked up 0.91, for use as the basis of its weblogging products and other web-based writing software. At the same time, a 3 rd group split off using the design goals of 0.90, and based on RDF, calling it RSS 1.0 UserLand Software was not happy with this, and continued to build 0.9x versions (0.91-0.94), until it suddenly jumped to become the RSS 2.0 standard
7
RSS and Productivity 1.RSS is faster to display. Why is this? Well, HTML (er, your web browser) needs to call a Web server. Wait for it to respond. Then wait for it to send its stream of HTML. Then wait for it to display what it gets. On some weblogs that process can take as long as 1.5 minutes!!! * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject
8
RSS and Productivity 2.With RSS I only need to read one out of 10 sites. Why is that? Because with a web browser you need to visit every single site. With RSS you only read the sites that have changed since the last time you've read the feed. * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject
9
RSS and Productivity 3.RSS is faster to read. Why is this? Well, if you visit my weblog in a web browser, how do you know what's new? You need to look at the dates. Now, what about a page like http://msdn.microsoft.com. Quick, tell me what's changed in the past 24 hours. In the past week. In the past month. With RSS I INSTANTLY know what has changed since the last time I visited. http://msdn.microsoft.com * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject
10
RSS and Productivity 4.RSS is more efficient to read. Most RSS feeds only give you the content. Not the advertising. Not the color banners. Not the crappy links. Not the weird fonts. Not the bizarre color background. It gives you what you want… information. * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject
11
RSS and Productivity 5.RSS lets you escape the browser. Maybe the browser isn't where you want to read. Maybe you like Outlook better. Or your PDA. RSS is XML, which lets you programmatically import it and deal with it anywhere you want * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject
12
RSS and Productivity – Practical Example I used to spend 1 to 2 hours a day surfing to around 30 web sites of interest to keep up to date with industry trends, vulnerabilities and news. Now I watch over 75 security feeds, 50 news feeds and over 100 personal web logs of interest in less than 15 minutes a day On numerous occasions I learned of a new security threat via RSS BEFORE I heard about it in mailing lists or on the news.
13
RSS and Productivity – Dana’s Weird Uses of RSS I use RSS to correlate and quickly display new security events going on across different operating systems and network devices within a single RSS feed. I use RSS to track changes in our automated product builds. Results of new builds are immediately known to me without having to discuss with others. In February, launching a company blog which includes an RSS feed of product changes and patches… and have integrated the RSS directly into the software.
14
Some title http://www.someurl.com/ Describe Information Content en-us Welcome to blogging http://www.someurl.com/pub/2003/12/04/blog.html Witty description of the content Dana Epp 2003-12-04 The.NET Schema Object Model http://www.xml.com/pub/2002/12/04/som.html Priya Lakshminarayanan describes in detail the use of the.NET Schema Object Model for programmatic manipulation of W3C XML Schemas. Priya Lakshminarayanan 2002-12-04 Technical Timeout: RSS 2.0
15
How to read RSS – The Aggregator An aggregator is software that periodically reads a set of RSS feeds, in one of several XML-based formats, finds the new bits, and displays them in reverse-chronological order on a single page.
16
Sample List of Aggregators Bloglines – Online Aggregator http://www.bloglines.com http://www.bloglines.com SharpReader -.NET Aggregator http://www.sharpreader.net http://www.sharpreader.net Newsgator – Outlook extension http://www.newsgator.com http://www.newsgator.com Feed Demon – Windows Aggregator http://www.feeddemon.com http://www.feeddemon.com Wildgrape NewsDesk http://www.wildgrape.net http://www.wildgrape.net Many, many more great aggregators out there!
17
Dana’s Top 10 Security-related RSS Feeds SecurityFocus Vulnerabilities (BugTraq) http://www.securityfocus.com/rss/vulnerabilities.xml http://www.securityfocus.com/rss/vulnerabilities.xml SecurityFocus Top News http://www.securityfocus.com/topnews-rss.html http://www.securityfocus.com/topnews-rss.html CERT/CC http://www.cert.org/channels/certcc.rdf http://www.cert.org/channels/certcc.rdf Microsoft MSDN Security http://msdn.microsoft.com/security/rss.xml http://msdn.microsoft.com/security/rss.xml SANS Internet Storm Center http://isc.incidents.org/rssfeed.xml http://isc.incidents.org/rssfeed.xml SANS Information Security Reading Room http://www.sans.org/rr/rss/ http://www.sans.org/rr/rss/ Microsoft Hotfix and Security Bulletin Service http://www.opensec.org/feeds/microsoft/latest.xml http://www.opensec.org/feeds/microsoft/latest.xml Symantec Security Response - Advisories http://xml.newsisfree.com/feeds/56/3156.xml http://xml.newsisfree.com/feeds/56/3156.xml Network World on Security http://www.nwfusion.com/rss/security.xml http://www.nwfusion.com/rss/security.xml Dana Epp’s Ramblings at the Sanctuary http://silverstr.ufies.org/blog/index.rss http://silverstr.ufies.org/blog/index.rss
18
How to find your own Security Related RSS feeds Google “security blogs” Consider reading more “personal” infosec blogs that are not company focused… but profession focused Read comments on some feeds… typically you can get a poster’s blog info from there (ie: A link via their email).
19
Dana’s Favorite Personal Security-related RSS Feeds Dana Epp’s Ramblings at the Sanctuary http://silverstr.ufies.org/blog/index.rss http://silverstr.ufies.org/blog/index.rss TaoSecurity http://feeds.blogstreet.com/12858.rss http://feeds.blogstreet.com/12858.rss A Day in the Life Of An Information Security Investigator http://blogs.ittoolbox.com/security/index.rdf http://blogs.ittoolbox.com/security/index.rdf joatBlog http://www.757.org/~joat/blog/index.rdf http://www.757.org/~joat/blog/index.rdf Troy Jessup’s Network Security Blog http://www.ndnn.org/blog/index.rdf http://www.ndnn.org/blog/index.rdf Static in the Ether http://lair.moria.org/blog/?flav=rss Here is a small sample of just a few more personal web logs that relate to security:
20
Any Questions? Dana M. Epp dana@scorpionsoft.com
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.