SecLists.Org Security Mailing List Archive
From the webpage:
Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:
Subject to my proclivity for sorting, ;-), the following list archives appear at SecList.Org.
Insecure.Org Lists
Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. It higher traffic than other lists, but the relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.
Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.
Other Excellent Security Lists
Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.
Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can’t really fault Dave for being self-promotional on a list named DailyDave.
Educause Security Discussion — Securing networks and computers in an academic environment.
Firewall Wizards — Tips and tricks for firewall administrators
Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community.
Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.
IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list.
Info Security News — Carries news items (generally from mainstream sources) that relate to security.
Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading “mitigating factors” section.
Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community
PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.
Penetration Testing — While this list is intended for “professionals”, participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.
Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.
Security Basics — A high-volume list which permits people to ask “stupid questions” without being derided as “n00bs”. I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.
Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.
Internet Issues and Infrastructure
Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.
Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating
NANOG — The North American Network Operators’ Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.
The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.
Open Source Tool Development
Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool
Snort — Everyone’s favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.
Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.
More Lists
BTW, a fascinating source of materials for indexing/mapping security issues.