Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Information Dissemination: The Powers of RSS for Security Weblogging (Blogging) Dana M. Epp Computer Security Software Architect Scorpion Software.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Information Dissemination: The Powers of RSS for Security Weblogging (Blogging) Dana M. Epp Computer Security Software Architect Scorpion Software."— Presentation transcript:

1 Security Information Dissemination: The Powers of RSS for Security Weblogging (Blogging) Dana M. Epp Computer Security Software Architect Scorpion Software Corp.

2 “Security delayed is security denied. There is more information than you can read or absorb. That means you might miss some key points, trends, warnings, or fixes. And the price for missing them can be enormous.” - Scott Granneman Columnist, SecurityFocus

3 Overview  What is RSS and blogging?  History of RSS  RSS and Productivity  Technical Timeout: What RSS Looks Like  How to read RSS – The Aggregator.  Dana’s Top 10 Security RSS Feeds  Questions and Answers

4 What is RSS?  RSS stands for “Really Simple Syndication”  RSS is a dialect of XML that provides web and news content syndication. But it's not just for the web or news. Pretty much anything that can be broken down into discrete items can be syndicated via RSS: the "recent changes" of a vendor software, a changelog of CVS checkins, even the revision history of a book.

5 Quick Blogging Glossary  RSS: Really Simple Syndication  RDF: Resource Description Framework  Blog: Short for Web log  Aggregator: Tool to read RSS feeds

6 History of RSS  Original version developed by NetScape as RSS 0.90 as a format for building portals of headlines to mainstream news sites.  RSS 0.90 found to be overly complex for its goals; a simpler version, 0.91, was proposed and subsequently dropped when Netscape lost interest in the portal-making business.  Dave Winer at UserLand Software picked up 0.91, for use as the basis of its weblogging products and other web-based writing software.  At the same time, a 3 rd group split off using the design goals of 0.90, and based on RDF, calling it RSS 1.0  UserLand Software was not happy with this, and continued to build 0.9x versions (0.91-0.94), until it suddenly jumped to become the RSS 2.0 standard

7 RSS and Productivity 1.RSS is faster to display. Why is this? Well, HTML (er, your web browser) needs to call a Web server. Wait for it to respond. Then wait for it to send its stream of HTML. Then wait for it to display what it gets. On some weblogs that process can take as long as 1.5 minutes!!! * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject

8 RSS and Productivity 2.With RSS I only need to read one out of 10 sites. Why is that? Because with a web browser you need to visit every single site. With RSS you only read the sites that have changed since the last time you've read the feed. * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject

9 RSS and Productivity 3.RSS is faster to read. Why is this? Well, if you visit my weblog in a web browser, how do you know what's new? You need to look at the dates. Now, what about a page like http://msdn.microsoft.com. Quick, tell me what's changed in the past 24 hours. In the past week. In the past month. With RSS I INSTANTLY know what has changed since the last time I visited. http://msdn.microsoft.com * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject

10 RSS and Productivity 4.RSS is more efficient to read. Most RSS feeds only give you the content. Not the advertising. Not the color banners. Not the crappy links. Not the weird fonts. Not the bizarre color background. It gives you what you want… information. * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject

11 RSS and Productivity 5.RSS lets you escape the browser. Maybe the browser isn't where you want to read. Maybe you like Outlook better. Or your PDA. RSS is XML, which lets you programmatically import it and deal with it anywhere you want * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject

12 RSS and Productivity – Practical Example  I used to spend 1 to 2 hours a day surfing to around 30 web sites of interest to keep up to date with industry trends, vulnerabilities and news.  Now I watch over 75 security feeds, 50 news feeds and over 100 personal web logs of interest in less than 15 minutes a day  On numerous occasions I learned of a new security threat via RSS BEFORE I heard about it in mailing lists or on the news.

13 RSS and Productivity – Dana’s Weird Uses of RSS  I use RSS to correlate and quickly display new security events going on across different operating systems and network devices within a single RSS feed.  I use RSS to track changes in our automated product builds. Results of new builds are immediately known to me without having to discuss with others.  In February, launching a company blog which includes an RSS feed of product changes and patches… and have integrated the RSS directly into the software.

14 Some title http://www.someurl.com/ Describe Information Content en-us Welcome to blogging http://www.someurl.com/pub/2003/12/04/blog.html Witty description of the content Dana Epp 2003-12-04 The.NET Schema Object Model http://www.xml.com/pub/2002/12/04/som.html Priya Lakshminarayanan describes in detail the use of the.NET Schema Object Model for programmatic manipulation of W3C XML Schemas. Priya Lakshminarayanan 2002-12-04 Technical Timeout: RSS 2.0

15 How to read RSS – The Aggregator  An aggregator is software that periodically reads a set of RSS feeds, in one of several XML-based formats, finds the new bits, and displays them in reverse-chronological order on a single page.

16 Sample List of Aggregators  Bloglines – Online Aggregator http://www.bloglines.com http://www.bloglines.com  SharpReader -.NET Aggregator http://www.sharpreader.net http://www.sharpreader.net  Newsgator – Outlook extension http://www.newsgator.com http://www.newsgator.com  Feed Demon – Windows Aggregator http://www.feeddemon.com http://www.feeddemon.com  Wildgrape NewsDesk http://www.wildgrape.net http://www.wildgrape.net Many, many more great aggregators out there!

17 Dana’s Top 10 Security-related RSS Feeds  SecurityFocus Vulnerabilities (BugTraq) http://www.securityfocus.com/rss/vulnerabilities.xml http://www.securityfocus.com/rss/vulnerabilities.xml  SecurityFocus Top News http://www.securityfocus.com/topnews-rss.html http://www.securityfocus.com/topnews-rss.html  CERT/CC http://www.cert.org/channels/certcc.rdf http://www.cert.org/channels/certcc.rdf  Microsoft MSDN Security http://msdn.microsoft.com/security/rss.xml http://msdn.microsoft.com/security/rss.xml  SANS Internet Storm Center http://isc.incidents.org/rssfeed.xml http://isc.incidents.org/rssfeed.xml  SANS Information Security Reading Room http://www.sans.org/rr/rss/ http://www.sans.org/rr/rss/  Microsoft Hotfix and Security Bulletin Service http://www.opensec.org/feeds/microsoft/latest.xml http://www.opensec.org/feeds/microsoft/latest.xml  Symantec Security Response - Advisories http://xml.newsisfree.com/feeds/56/3156.xml http://xml.newsisfree.com/feeds/56/3156.xml  Network World on Security http://www.nwfusion.com/rss/security.xml http://www.nwfusion.com/rss/security.xml  Dana Epp’s Ramblings at the Sanctuary http://silverstr.ufies.org/blog/index.rss http://silverstr.ufies.org/blog/index.rss

18 How to find your own Security Related RSS feeds  Google “security blogs”  Consider reading more “personal” infosec blogs that are not company focused… but profession focused  Read comments on some feeds… typically you can get a poster’s blog info from there (ie: A link via their email).

19 Dana’s Favorite Personal Security-related RSS Feeds  Dana Epp’s Ramblings at the Sanctuary http://silverstr.ufies.org/blog/index.rss http://silverstr.ufies.org/blog/index.rss  TaoSecurity http://feeds.blogstreet.com/12858.rss http://feeds.blogstreet.com/12858.rss  A Day in the Life Of An Information Security Investigator http://blogs.ittoolbox.com/security/index.rdf http://blogs.ittoolbox.com/security/index.rdf  joatBlog http://www.757.org/~joat/blog/index.rdf http://www.757.org/~joat/blog/index.rdf  Troy Jessup’s Network Security Blog http://www.ndnn.org/blog/index.rdf http://www.ndnn.org/blog/index.rdf  Static in the Ether http://lair.moria.org/blog/?flav=rss Here is a small sample of just a few more personal web logs that relate to security:

20 Any Questions? Dana M. Epp dana@scorpionsoft.com

Download ppt "Security Information Dissemination: The Powers of RSS for Security Weblogging (Blogging) Dana M. Epp Computer Security Software Architect Scorpion Software."

Similar presentations

RSS: A Primer for Advocates and Managers

RSS: A Primer for Advocates and Managers
Blogs & RSS: What they can mean to your library Michael Sauers, Internet Trainer, BCR CO SLA, 3 rd November 2004.

Blogs & RSS: What they can mean to your library Michael Sauers, Internet Trainer, BCR CO SLA, 3 rd November 2004.
UKOLN is supported by: Using Blogs, Micro-blogs and Social Networks Effectively Within Your Library: Introduction Brian Kelly / Marieke Guy UKOLN University.

UKOLN is supported by: Using Blogs, Micro-blogs and Social Networks Effectively Within Your Library: Introduction Brian Kelly / Marieke Guy UKOLN University.
Social Bookmarking & RSS feeds

Social Bookmarking & RSS feeds
RSS 2.0: Experience with implementation in a closed Intranet Presented by Mr Ajith Balan Scientific Officer Scientific Information Resource Division Bhabha.

RSS 2.0: Experience with implementation in a closed Intranet Presented by Mr Ajith Balan Scientific Officer Scientific Information Resource Division Bhabha.
IDK0040 Võrgurakendused I RSS 2.0 Deniss Kumlander.

IDK0040 Võrgurakendused I RSS 2.0 Deniss Kumlander.
RSS and XML Seoul Computer Club 10 December 2005 Stephen D. Carroll

RSS and XML Seoul Computer Club 10 December 2005 Stephen D. Carroll
Blogs Return on Marketing Investment MARK 430 Week 2 Lab.

Blogs Return on Marketing Investment MARK 430 Week 2 Lab.
Creating and Managing RSS Feeds Kate Pitcher SUNY Geneseo © 2005

Creating and Managing RSS Feeds Kate Pitcher SUNY Geneseo © 2005
What is RSS? Kate Pitcher © 2005-2006

What is RSS? Kate Pitcher ©
Mark Frydenberg Computer Information Systems Department.

Mark Frydenberg Computer Information Systems Department.
RSS Jonathan Adams Doug Bair Colleen Flayler Heather Haynes Jonathan Adams Doug Bair Colleen Flayler Heather Haynes.

RSS Jonathan Adams Doug Bair Colleen Flayler Heather Haynes Jonathan Adams Doug Bair Colleen Flayler Heather Haynes.
1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
CSC 101 Slide Show Ashley Carroll. Podcast What is Podcasting? Podcasting is the distribution of audio or video files, such as radio programs or music.

CSC 101 Slide Show Ashley Carroll. Podcast What is Podcasting? Podcasting is the distribution of audio or video files, such as radio programs or music.
Mark Frydenberg Computer Information Systems Department.

Mark Frydenberg Computer Information Systems Department.
By: Wordpress.org Present by: Bora Hong Introduction to Blogging.

By: Wordpress.org Present by: Bora Hong Introduction to Blogging.
RSS RSS is a method that uses XML to distribute web content on one web site, to many other web sites. RSS allows fast browsing for news and updates.

RSS RSS is a method that uses XML to distribute web content on one web site, to many other web sites. RSS allows fast browsing for news and updates.
RSS Part One ACE 2004 June 21, 2004. What if you...? Offered direct, immediate delivery of fresh content straight to the desktop Provided automatic information.

RSS Part One ACE 2004 June 21, What if you...? Offered direct, immediate delivery of fresh content straight to the desktop Provided automatic information.
What is it that we do here? What are we paying you for?

What is it that we do here? What are we paying you for?
Don Westover Director of Instructional Design Mount Wachusett Community College.

Don Westover Director of Instructional Design Mount Wachusett Community College.

Similar presentations

Ads by Google