Over the past few weeks we have had to deal with the loss of the breach blog.  This was an outstanding site that kept quite a few of us up to date with current data breaches.  Unfortunately, many security pros never really got to take advantage of this excellent blog.  However, there are still many sites that will offer this information.  I have stolen the list of recommended sites from the breach blog and posted them below.

The real question is why is this important? There are two ways to look at this: like a pen tester and like a security analyst.

For the penetration tester we need to keep up to date on these attacks because we ultimately need to emulate them.   It is also important for us to keep up to date on these exploits because we must incorporate these stories into our reports.   While you as a super technical “geek” may think that the risk is high for a particular vulnerability, it is fairly easy for C-O’s to discredit your advices as that of a tech nerd living in his/her mother’s basement.  You can reinforce your findings with examples of other organizations that have been compromised via the same family of vulnerabilities.

For the security analyst it is even more important.  Take a look at the current economic environment.  Security teams need now more than ever to find ways to keep security awareness on the minds of their management.

Please use the links below to raise awareness in your organization and in your own day to day activities:

http://www.pogowasright.org/
http://www.phiprivacy.net/
http://datalossdb.org/
http://www.databreaches.net/

-strandjs

About the author

Leave a Reply