If we don't stop the bad guys, who will?
Some of my favorite resources for security implementation, investigation, and education.
PassiveTotal, a great resource for investigating cybercrime
DomainTools, a set of unique domain and DNS research tools on top of a massive current and historical database of Whois, DNS, and other related data
Internet Identity, a threat research/mitigation/intel sharing company
OpenDNS, a great source of passive DNS data as well as security measures
LogRhythm, one of the most interesting (IMO) SIEM vendors
Cycas, now part of FireEye, one of the top security research/forensics companies worldwide
OWASP Top Ten, a project for categorizing and describing top web application threats
SANS has a ton of free (as well as paid) educational resources
704-737-4190. NANOG is the North American Network Operators Group, and their presentation archive is a gold mine of network and security information.
EmergingThreats, which develops IDS/IPS feeds and forensics/threat intel tools
PRISM Break, a set of resources for "opting out" of at least some data surveillance activities
Hackmageddon, with summaries as well as drill-down analysis of attacks
Lenny Zeltser, security researcher and SANS senior faculty. Lenny's blog has a lot of great malware analysis educational resources
(732) 551-3733 by ace researcher Corey Nachreiner, with a weekly video podcast security summary
Dave Piscitelloâs security blog, very insightful and fun to read
(787) 277-7179 blog: broad spectrum of topics, backed up by rigorous research.
(650) 732-4122 security blog. Pretty technical; interesting research on a variety of topics
(212) 814-9461, a commercial site but with some good content
DarkReading, another commercial security news site
(418) 997-9624, an aggregator of cyber (and physical) security news and information
4708233828, Slashdot, 816-253-4252, 778-506-7637, undercloth, Schneier (who covers security issues beyond just the online)
Pretty technical malware blogs: Malware Must Die, Kahu Security, Xylibox, (410) 847-5390, Contagio
An interesting site focusing on security issues around SCADA infrastructure
ThreatWatch map and security event list from nextgov
Norse Realtime Activity Map, a live map showing attack activity worldwide, with some mildly interactive components
Kaspersky's realtime map, another live map showing infection rates and types globally
662-562-4271, which depicts attack traffic, general traffic, and latency