News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • What Security Sites Do You Peruse?

    Home Forums Code Red – Security/Privacy advisories What Security Sites Do You Peruse?

    • This topic has 9 replies, 7 voices, and was last updated 1 month ago.
    Viewing 6 reply threads
    • Author
      Posts
      • #2364637

        “I ask a simple question, the truth I only wish;Are all fishermen (Security Sites/Alerts) liars, or do only liars fish (Security Sites/Security Alerts)?”

        It’s a silly twist on an old epigram, but lately I have been trying to dilute the wheat from the chaff, and the click-bait from the real stuff we should be concerned about.

        Now, I hope this is the right forum for this, if it is not, please guide me over.

        My simple question is this:

        “How do you decide if the security article/alert alarm-bell is click bait or a real and present danger?”

        A perusal of my daily security reads takes up a LOT of time. Too much, in fact. I look at:

        1. Code Red (here)

        2. Bleeping Computer

        3. Born’s Windows World

        4. Krebs on Security

        5. The Register

        (These are not in their order of reliability, IMHO.)

        Personally, I think Krebs is pretty good. The tips you get here are good. Born’s is good, Bleeping can be a bit flaky at times, and The Register can get sensationalist and downright silly.

        Now come the mental filters:

        1. Is it a vulnerability, or a threat exploited in the wild?

        2. Does it require physical access to my machine, or can I be hit over the Web and/or email?

        3. Have any measures/patches already been implemented?

        4. How many machines/OS’s are affected?

        I write this because I am sick to death of getting sucked into some click bait security breach headline, delving deeply into the article, only to find that it’s:

        A) Rare as Platinum

        B) Already been patched weeks ago

        C) Has not been exploited in the wild

        D) Has to have someone stand with a gun to your head while you’re at your machine in order to exploit it

        E) Is only “Proof of Concept”

        F) Is only “Chicken Little”

        …and one finds out only _at the end of the article_. (“Ha-ha, got ya to read it all!”) I’d like to know what everyone here thinks are reliable sources, and how their “mental filters” work through all the mountains of published daily on-line security dreck to find the gold nuggets.

        (For a good chuckle, try this: “Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine” (https://www.theregister.com/2021/05/11/turing_machine_0day_no_patch_available/)

        Thanks to all in advance!

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
        --
        "Civilization is fun! Anyway, it sure keeps me busy["

        -Zippy

        1 user thanked author for this post.
      • #2364643
        Alex5723
        AskWoody Plus

        I will add https://www.zone-h.org/?hz=1 (https://www.zone-h.org/archive/special=1) which has updated list of all hacked servers/sites including hackers group, type of the hack, running OS…

        1 user thanked author for this post.
      • #2364728
        Microfix
        AskWoody MVP

        I prefer ncas and Sans Internet Storm Centre for no nonsense warnings.

        | Quality over Quantity |
        2 users thanked author for this post.
      • #2364756
        bbearren
        AskWoody MVP

        I don’t peruse any Security sites.  I rely on Microsoft (formerly Windows) Defender and Malwarebytes Premium for system security and the hardware firewall in my modem/router for my network security.

        The last infection I got was in the late ’90’s, from a floppy disk given to me by an IT pro.  He was quite embarrassed.  I can’t find the time to worry about something that extremely unlikely to occur.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

      • #2364780
        Mele20
        AskWoody Lounger

        I rely on Microsoft (formerly Windows) Defender

        I guess I don’t read enough security sites since I am puzzled by your comment. When did it stop being Windows Defender and become Microsoft Defender?

        • #2364789
          E Pericoloso Sporgersi
          AskWoody Plus

          When did it stop being Windows Defender and become Microsoft Defender?

          Fred Langa mentioned that in a newsletter months ago (I don’t remember how many; could be many!)

          Also, when I type “Windows Defender” in the search box, look what I get:

          defender


        • #2364795
          bbearren
          AskWoody MVP

          bbearren wrote: I rely on Microsoft (formerly Windows) Defender

          I guess I don’t read enough security sites since I am puzzled by your comment. When did it stop being Windows Defender and become Microsoft Defender?

          After rebranding Windows Defender as Microsoft Defender in early 2019, Microsoft is renaming and bringing more products under the Defender brand, the company announced today at its yearly Ignite developer conference.”

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
          "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

        • #2364804
          E Pericoloso Sporgersi
          AskWoody Plus

          When did it stop being Windows Defender and become Microsoft Defender?

          Microsoft Defender Antivirus (known as Windows Defender Antivirus before Windows 10 May 2020 Update or Windows Defender before Windows 10 Creators Update) is an anti-malware component of Microsoft Windows.”


      • #2364785
        JohnW
        AskWoody Plus

        Wilders Security Forums at https://www.wilderssecurity.com/ is a good one, in addition to Bleeping, Born’s, Krebs. and SANS.

        • This reply was modified 1 month ago by JohnW.
        1 user thanked author for this post.
      • #2364788
        JohnW
        AskWoody Plus

        And Malware Tips sometimes has some decent news. But occasionally some are “click-bait” worthy. They are promoting participation by giving out ranks via up-voting comments and giving out badges. So YMMV. Highly opinionated, although moderated.

        https://malwaretips.com/

        1 user thanked author for this post.
    Viewing 6 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: What Security Sites Do You Peruse?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.