There are lots of security lists to monitor if you want to keep up with the latest news and trends in information security. I've discovered more than 150 lists of interest (in English) with only a casual amount of research. Most of them are listed here for your convenience:
Bugtraq
BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them.
firewall-wizards
A very high quality information security mailing list moderated by Paul Robertson.
Full-Disclosure
A contraversial list that includes unmoderated messages about software vulnerabilities.
VulnWatch
The list named VulnWatch is an all announcement vulnerability disclosure list. VulnDiscuss is a vulnerability discusion list.
Send mail to: vulnwatch-subscribe@vulnwatch.org
VulnDiscuss
VulnDiscuss is a vulnerability discusion list.
Send mail to vulndiscuss-subscribe@vulnwatch.org
Security Focus Newsletter
SecurityFocus.com (owner by Symantec) has a high quality mailing list that provides a weekly summary of major news events.
Microsoft Security News
A SecurityFocus publication focused on Microsoft related news items.
Linux Security News
A SecurityFocus publication focused on Linux related news items.
ARIS Users
The ARIS-USERS mailing list facilitates discussion among users who utilize the ARIS analyzer incident management console. The list provides a forum for the discussion of the concepts behind ARIS analyzer, problems, product features, recommendations.
Firewalls
Firewalls is a moderated mailing list for *detailed* technical discussion of the how-tos and why-tos relating to all aspects of firewall systems: configuration, auditing, securing and performance, etc.
Focus-BSD
This list is for the discussion of security issues under BSD derived operating systems
Focus-IDS
Focus-IDS is a moderated mailing list for the discussion of intrusion detection and related technologies. This includes both host and network based Intrusion Detection Systems (NIDS/HIDS), Intrusion Prevention Systems (IPS), as well as other related and upcoming technologies.
Focus-IH
Focus-IH is a forum centered on the discussion of handling of computer security related incidents. It is not to be confused with the 'Incidents' mailing list which deals with the reporting of real-time incidents, technical discussion of trojans, backdoors, worms, etc. Incidents is for the timely discussion of security incidents. FOCUS-IH concentrates on secondary analysis of these and the assessment of how they should be better handled and responded to. This also includes how to protect against them in future, the "best security practices" of active security.
Focus-Linux
Focus-Linux is meant to be a resource for Linux users and administrators, looking for that extra little bit of help in securing Linux, using Linux in security roles, and getting additional information about the latest in Linux vulnerabilities. Interested in the latest kernel modifications, and want to know what people think of them? Needs tips on configuring IPFW? How to defend against the latest security problems affecting Linux? Questions like these are all expected and encouraged. The Focus-Linux list is meant to address those questions which are inappropriate or off topic for Bugtraq. In addition, important announcements related to breaking vulnerabilities will be posted, with the details needed to ensure that you have the up to the minute information you need to keep your Linux machines secure.
Focus-MS
The Focus-MS mailing list begins where Bugtraq leaves off. This list discusses the how-to's and why's of the various security mechanisms available to help assess, secure, and patch Microsoft technologies. This list is meant as an aid to network and systems administrators and security professionals who are responsible for implementing, reviewing and ensuring the security of their Microsoft hosts and applications.
Focus-UNIX-other
This list is for the discussion of security issues non-Linux, -Sun, or -BSD UNIX related operating systems.
Focus-SUN
Focus-Sun is meant to be a resource for Sun users and administrators, looking for that extra little bit of help in securing Sun products, using Sun products in security roles, and getting additional information about the latest in Sun vulnerabilities. Unsure how secure NIS is? Curious as to how to properly use ACL's? Does the latest and greatest Sun RPC bug affect you? Questions like these are all expected and encouraged. The Focus-Sun list is meant to address those questions which are inappropriate or off topic for Bugtraq. In addition, important announcements related to breaking vulnerabilities will be posted, with the details needed to ensure that you have the up to the minute information you need to keep your Sun's secure.
Focus-Virus
This list discusses the how-to's and why's of the various products, tools and techniques available to help secure the common user from virus threats. This list is meant as an aid to network and systems administrators and security professionals as well as casual users who are interested in the latest developments in virus and anti-virus technologies.
Focus-Forensics
FORENSICS is a moderated mailing list for the *detailed* discussion of computer security forensics.
Focus-Honeypots
The Honeypots Maillist is a lightly moderated public maillist dedicated to developing and sharing the understanding of honeypot value, uses, deployment, and research. Its goal is to bring together people and organizations interested in the research, development, or security applications of honeypots and honeypot related technologies.
Focus-Incidents
Traditionally people affected by a security incidents were faced with limited choices for reporting these happenings. Typical choices were possibly reporting to a local incident handling team (if any existed), CERT, law enforcement or random mailing lists which did not specifically deal with incident reporting. Time has shown such choices fail to communicate this important information in a timely fashion to others that may be potentially affected.
Focus - Libnet
The Libnet mailing list is for the discussion of the Libnet packet creation library.
Focus - Penetration Testing
This is a mailing list for the discussion of issues and questions about penetration testing and network auditing.
The penetration testing list is designed to allow people to converse about professional penetration testing and general network auditing. While lists like Vuln-Dev and Bugtraq deal with exploits and flaws in systems there are few interactive forums to discuss actual penetration testing and network auditing. As a result this area has become a difficult topic to learn about outside of print media (books etc.) Given that this is the case, this list hopes to dispel some of the confusion and allow for intelligent discourse on the topic. The list is not OS specific and will cater to discussion on all and any networkable devices people wish to discuss.
Focus-Secprog
SECPROG is a lightly moderated mailing list for the discussion of secure software development methodologies and techniques. The list serves as a medium to flush out and emphasize both existing mechanisms, and new strategies in developing reliable and secure software. Topics are expected to include such items as common programming errors, example source code, and solutions to these errors. The results from this mailing list will be summarized into a secure programming document which will be available in HTML format from the SecurityFocus website.
Focus-SSH
The list is for the discussion of the Secure Shell protocol and related applications.
Focus-Security Basics
This list is intended for the discussion of various security issues, all for the security beginner. It is a place to learn the ropes in a non-intimidating environment, and even a place for people who may be experts in one particular field but are looking to increase their knowledge in other areas of information security.
Focus-Security Events
The charter of this list is the announcement of security events (e.g. conferences, symposiums, etc).
Focus-Security Jobs
SecurityJobs is a mailing list and Forum on SecurityFocus developed to help IT Security Professionals find work in their field. This list is maintained for both Employers looking for headcount and for private individuals seeking employment.
Focus-Security Management
Security-Management is a forum established for the discussion of information security program management as a critical business support process. We as a profession generally tend to define the components of that process under the headings of physical, administrative, and technical security controls leveraged to mitigate risks that are prevalent in the information age. But information security does not exist in a vacuum. Information security is a strategic concern that must be aligned to support an organization's key mission and/or business objectives. This list specifically addresses the business component of risk management and the myriad of information security program management issues that must be dealt with by information security management personnel and others with similar responsibilities and/or interests.
Focus-Security Papers
The charter of this list is the announcement of computer security papers, articles, and books.
Focus-Security Tools
The charter of this mailing list is the announcement of new or updated security tools.
Focus-Vendor Info
Vendor Info is a mailing list that has been set up to provide information about third party vendor products or events. This list is maintained for vendors who want to inform the security community about product offerings or upcoming events.
Focus-VPN
The VPN mailing list is a forum for the discussion of supporting private network connections over public telecommunications infrastructure, such as the Internet. Appropriate postings will relate to all varieties of VPN technology: subscription services, in which an organization outsources the maintenance of the VPN system; in-house systems, including both hardware and software implementations; security policy issues relating to the use of VPNs as a means of remote access; and legal/regulatory concerns, domestic and international.
Focus-Vulnerability Development
There are many forums for reporting security bugs and distributing vulnerability code or examples. A prime example of such a forum is the bugtraq mailing-list. However, nearly all of these forums exist mostly for the dissemination of fully-researched reports, and they leave little room for discussion. In addition, many bugs are spotted not written-up, due to lack of interest, time, or expertise.
Focus-Web Application Security
Web application security discussions.
nmap hackers
Nmap-hackers is a low-traffic moderated list intended to spotlight new
versions of Nmap and related projects. Announcements and news
relating to port scanning, Insecure.Org, or Fyodor (Nmap author) may
also be posted. Light discussion is permitted where particularly
insightful, relevent, and interesting.
Nmap-hackers subscription instructions:
Send a blank email to nmap-hackers-subscribe@insecure.org
Unsubscription instructions:
Send a blank email to nmap-hackers-unsubscribe@insecure.org
nmap development
nmap-dev is a mailing list intended to facilitate the development of
the free Nmap Security Scanner. It provides an unmoderated forum for
people to contribute ideas, patches, suggestions, etc. We also
discuss the pros and cons of proposed changes to Nmap. Thus this
list also serves as a sort of developmental "steering committee".
New (test/beta) versions of Nmap may sometimes be released here
prior to general availability for quality assurance purposes.
To subscribe to the list, send a message to:
nmap-dev-subscribe@insecure.org
To remove your address from the list, just send a message to
the address in the ``List-Unsubscribe'' header of any list
message. If you haven't changed addresses since subscribing,
you can also send a message to:
nmap-dev-unsubscribe@insecure.org
Risks Digest
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Alternatively, via majordomo,
send e-mail requests to
subscribe [OR unsubscribe]
which requires your ANSWERing confirmation to majordomo_at_CSL.sri.com .
If Majordomo balks when you send your accept, please forward to risks.
[If E-mail address differs from FROM: subscribe "other-address
this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
Lower-case only in address may get around a confirmation match glitch.
Cyber Security Alerts
Cyber Security Alerts provide real-time information about current security issues, vulnerabilities, and exploits. Cyber Security Alerts are released in conjunction with Technical Cyber Security Alerts when there is an issue that affects the general public. Cyber Security Alerts outline the steps and actions that non-technical home and corporate computer users can take to protect themselves from attack.
Send an email to majordomo@us-cert.gov. In the body of the message, type:
subscribe alerts
Cyber Security Tips
Cyber Security Tips describe common security issues and offer advice for non-technical home and corporate computer users. Although each Cyber Security Tip is restricted to a single topic, complex issues may span multiple tips. Each tip builds upon the knowledge, both terminology and content, of those published prior to it.
Send an email to majordomo@us-cert.gov. In the body of the message, type
subscribe security-tips
American Bar Association - ST-Cyber
No description available.
American Bar Association - ST-ISC
No description available.
Log Analysis
The Log Analysis mailing list is a forum for system administrators who are building and using a centralized logging infrastructure in their networks. Most of the discussion will focus on the care and feeding of syslog -- central loghosts, how to configure the devices in your network, how to secure your log infrastructure. We also talk about how to manage and process your log data.
Secunia Security Advisories
The Secunia Security Advisories list is a high volume list with an average of 10 messages a day. The list covers all the latest security vulnerabilities and security updates.
Win2k Security Advice
Email listservlistserv.ntsecurity.net with body of:
subscribe WIN2KSecAdvice anonymous
SANS Audit Bits
No description available.
SANS NewsBites
No description available.
SANS NetworkBits
No description available.
@RISK: The Consensus Security Alert
No description available.
NFR Security newsletter
New product releases and company information.
Counterpane cryptogram
Crypto-Gram is a free monthly e-mail newsletter on computer security and cryptography from Bruce Schneier (author of Secrets and Lies and Applied Cryptography, inventor of Blowfish and Twofish, CTO and founder of Counterpane Internet Security, Inc., general crypto pundit and occasional crypto curmudgeon).
MITRE CVE Announce List
CVE-Announce is for those interested in general news about CVE, such as new versions, upcoming conferences, new Web site features, etc. Messages are sent infrequently, once a week or less.
MITRE CVE Data Update List
CVE-Data-Update provides subscribers with reports of new CVE entries and/or candidates, and other detailed technical information regarding CVE. This list is intended for heavy technical users of CVE, such as vulnerability database maintainers, or those who require timely notification of new candidates. Messages are sent when new CVE data is available, which is approximately once per week.
Microsoft Security Bulletins
Geared toward home users and small businesses, the Microsoft® Security Update explains the situation in nontechnical terms, lists which products are affected, and provides a link to the full announcement on the Security and Privacy website.
Microsoft Security Notification Service
The Microsoft® Security Notification Service is a free e-mail alert service geared toward IT professionals. We use this service to notify subscribers when we release an important security bulletin or virus alert, and also to make them aware that they might need to take action to guard against a circulating threat.
SGI Security Mailing List
Wiretap is a free e-mail newsletter that provides security announcements and SGI advisories to the security community.
Debian security announcements
The security team informs the users about security problems by posting security advisories about Debian packages on this list.
SuSE Security Mailing list
SuSE Linux security discussions (english).
SuSE Security Announcements
Announcements of Linux security issues (english)
Novell Security
Receive security alerts about Novell products when they are issued.
HP Security Bulletins HP-UX
No description available.
HP Security MPE/Ix
No description available.
HP Secure OS Software for linux
No description available.
HP Security Tru64 UNIX
No description available.
HP Security OpenVMS
No description available.
HP Security NonStop
No description available.
HP Security miscellaneous and 3rd party HW
No description available.
HP Security printing and imaging
No description available.
HP Security HP Storage
No description available.
HP Security Management Agents
No description available.
HP Security General Software Products
No description available.
HP Security Virtual Vault
No description available.
ISS Secured Newsletter
No description available.
ISS Secured Bulletins
No description available.
ISS security alert advisories
The ISS Alert list is dedicated to the following:
- New Vulnerabilities found
- New Security Frequently Asked Question files
- New Intruder Techniques and Awareness
- Weekly Alert Summary of newly documented security issues
Computer privacy digest
To join, send e-mail to comp-privacy-request@uwm.edu and, in the text of your message (not the subject line), write:
subscribe cpd
COAST security archive
To join, send e-mail to coast-request@cs.purdue.edu and, in the text of your message (not the subject line), write:
SUBSCRIBE coast
Privacy forum
PRIVACY Forum
To join, send e-mail to privacy-request@vortex.com and, in the text of your message (not the subject line), write:
information privacy
Sun Microsystems security
Send e-mail to security-alert@sun.com
with subject line:
subscribe cws your-email-address
Redhat Enterprise Watch list
This list is for announcements from Red Hat regarding security issues in Red Hat Enterprise Linux products. The only traffic on this list is from Red Hat directly and no third party messages are allowed.
Redhat Stronghold Watch list
This list is for announcements from Red Hat, Inc. regarding critical bug fixes and security issues in the cross platform version of Stronghold. The only traffic on this list is from Red Hat, Inc. directly. No third party messages are allowed.
Technical Cyber Security Alerts
Technical Cyber Security Alerts provide real-time information about current security issues, vulnerabilities, and exploits.
To sign up: majordomo@us-cert.gov, BODY: subscribe technical-alerts; "accept " in body of response message
Cyber Security Bulletins
Cyber Security Bulletins are intended for technical audiences. The bulletins provide bi-weekly summaries of security issues and new vulnerabilities. The bulletins also provide patches, work-arounds, and other actions to help mitigate risk.
To sign up: majordomo@us-cert.gov, BODY: subscribe security-bulletins; accept in body of response message
NTBugtraq
Similar to the bugtraq list, moderated by Russ Cooper of TruSecure. To subscribe send a message with these parameters:
subject:NTBugtraq subscribe request
to:listserv@listserv.ntbugtraq.com
body: subscribe ntbugtraq firstname lastname
ISS Forum
This list contains information of interest related to all of ISS's computer security product line.
iDefense Advisories
iDefense publishes some interesting information related to system vulnerabilities and hacking groups.
Snort - There is no shortage of messages related to the world's most famous open source IDS.
snort-announce
Includes public announcements related to Snort.
snort-users
Information of general interest for snort users.
snort-sigs
The latest discussion on Snort signature releases.
snort-devel
Contains information on development efforts related to snort.
snort-cvsinfo
Changes to the snort CVS.
sguil-users
SGUIL (Snort GUI for Lamers) has an active user group for sharing news on this user interface to Snort.
sguil-devel
Low volume list on development updates to SGUIL.
sguil-cvs
Details changes to the SGUIL CVS.
OS Specific
FreeBSD Security
FreeBSD security issues.