Security Information
Dissemination: The
Powers of
RSS for Security
Weblogging (Blogging)
Dana M. Epp
Computer Security Software Architect
Scorpion Software Corp.
“Security delayed is security
denied. There is more information
than you can read or absorb. That
means you might miss some key
points, trends, warnings, or fixes.
And the price for missing them can
be enormous.”
- Scott Granneman
Columnist, SecurityFocus
Overview
 What is RSS and blogging?
 History of RSS
 RSS and Productivity
 Technical Timeout: What RSS Looks Like
 How to read RSS – The Aggregator.
 Dana’s Top 10 Security RSS Feeds
 Questions and Answers
What is RSS?
 RSS stands for “Really Simple Syndication”
 RSS is a dialect of XML that provides web and
news content syndication. But it's not just for the
web or news. Pretty much anything that can be
broken down into discrete items can be
syndicated via RSS: the "recent changes" of a
vendor software, a changelog of CVS checkins,
even the revision history of a book.
Quick Blogging Glossary
 RSS: Really Simple Syndication
 RDF: Resource Description Framework
 Blog: Short for Web log
 Aggregator: Tool to read RSS feeds
History of RSS
 Original version developed by NetScape as RSS 0.90 as a format for
building portals of headlines to mainstream news sites.
 RSS 0.90 found to be overly complex for its goals; a simpler version,
0.91, was proposed and subsequently dropped when Netscape lost
interest in the portal-making business.
 Dave Winer at UserLand Software picked up 0.91, for use as the
basis of its weblogging products and other web-based writing
software.
 At the same time, a 3rd group split off using the design goals of 0.90,
and based on RDF, calling it RSS 1.0
 UserLand Software was not happy with this, and continued to build
0.9x versions (0.91-0.94), until it suddenly jumped to become the
RSS 2.0 standard
RSS and Productivity
1. RSS is faster to display. Why is this?
Well, HTML (er, your web browser)
needs to call a Web server. Wait for it to
respond. Then wait for it to send its
stream of HTML. Then wait for it to
display what it gets. On some weblogs
that process can take as long as 1.5
minutes!!!
* Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject
RSS and Productivity
2. With RSS I only need to read one out
of 10 sites. Why is that? Because with a
web browser you need to visit every
single site. With RSS you only read the
sites that have changed since the last time
you've read the feed.
* Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject
RSS and Productivity
3. RSS is faster to read. Why is this? Well, if you
visit my weblog in a web browser, how do you
know what's new? You need to look at the
dates. Now, what about a page like
http://msdn.microsoft.com. Quick, tell me
what's changed in the past 24 hours. In the past
week. In the past month. With RSS I
INSTANTLY know what has changed since the
last time I visited.
* Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject
RSS and Productivity
4. RSS is more efficient to read. Most RSS
feeds only give you the content. Not the
advertising. Not the color banners. Not
the crappy links. Not the weird fonts. Not
the bizarre color background.
It gives you what you want… information.
* Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject
RSS and Productivity
5. RSS lets you escape the browser.
Maybe the browser isn't where you want
to read. Maybe you like Outlook better.
Or your PDA. RSS is XML, which lets
you programmatically import it and deal
with it anywhere you want
* Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject
RSS and Productivity –
Practical Example
 I used to spend 1 to 2 hours a day surfing to
around 30 web sites of interest to keep up to date
with industry trends, vulnerabilities and news.
 Now I watch over 75 security feeds, 50 news
feeds and over 100 personal web logs of interest
in less than 15 minutes a day
 On numerous occasions I learned of a new
security threat via RSS BEFORE I heard about it
in mailing lists or on the news.
RSS and Productivity –
Dana’s Weird Uses of RSS
 I use RSS to correlate and quickly display new
security events going on across different
operating systems and network devices within a
single RSS feed.
 I use RSS to track changes in our automated
product builds. Results of new builds are
immediately known to me without having to
discuss with others.
 In February, launching a company blog which
includes an RSS feed of product changes and
patches… and have integrated the RSS directly
into the software.
Technical Timeout: RSS 2.0
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
<title>Some title</title>
<link>http://www.someurl.com/</link>
<description>Describe Information Content</description>
<language>en-us</language>
<item>
<title>Welcome to blogging</title>
<link>http://www.someurl.com/pub/2003/12/04/blog.html</link>
<description>Witty description of the content</description>
<dc:creator>Dana Epp</dc:creator>
<dc:date>2003-12-04</dc:date>
</item>
<item>
<title>The .NET Schema Object Model</title>
<link>http://www.xml.com/pub/2002/12/04/som.html</link>
<description>Priya Lakshminarayanan describes in detail the
use of the .NET Schema Object Model for programmatic manipulation
of W3C XML Schemas.</description>
<dc:creator>Priya Lakshminarayanan</dc:creator>
<dc:date>2002-12-04</dc:date>
</item>
</channel>
</rss>
How to read RSS – The
Aggregator
 An aggregator is software that periodically
reads a set of RSS feeds, in one of several
XML-based formats, finds the new bits,
and displays them in reverse-chronological
order on a single page.
Sample List of Aggregators
 Bloglines – Online Aggregator
http://www.bloglines.com
 SharpReader - .NET Aggregator
http://www.sharpreader.net
 Newsgator – Outlook extension
http://www.newsgator.com
 Feed Demon – Windows Aggregator
http://www.feeddemon.com
 Wildgrape NewsDesk
http://www.wildgrape.net
Many, many more great aggregators out there!
Dana’s Top 10 Security-related RSS Feeds
 SecurityFocus Vulnerabilities (BugTraq)
http://www.securityfocus.com/rss/vulnerabilities.xml
 SecurityFocus Top News
http://www.securityfocus.com/topnews-rss.html
 CERT/CC
http://www.cert.org/channels/certcc.rdf
 Microsoft MSDN Security
http://msdn.microsoft.com/security/rss.xml
 SANS Internet Storm Center
http://isc.incidents.org/rssfeed.xml
 SANS Information Security Reading Room
http://www.sans.org/rr/rss/
 Microsoft Hotfix and Security Bulletin Service
http://www.opensec.org/feeds/microsoft/latest.xml
 Symantec Security Response - Advisories
http://xml.newsisfree.com/feeds/56/3156.xml
 Network World on Security
http://www.nwfusion.com/rss/security.xml
 Dana Epp’s Ramblings at the Sanctuary
http://silverstr.ufies.org/blog/index.rss
How to find your own Security
Related RSS feeds
 Google “security blogs”
 Consider reading more “personal” infosec
blogs that are not company focused… but
profession focused
 Read comments on some feeds… typically
you can get a poster’s blog info from there
(ie: A link via their email).
Dana’s Favorite Personal Security-related
RSS Feeds
Here is a small sample of just a few more personal web logs
that relate to security:
 Dana Epp’s Ramblings at the Sanctuary
http://silverstr.ufies.org/blog/index.rss
 TaoSecurity
http://feeds.blogstreet.com/12858.rss
 A Day in the Life Of An Information Security Investigator
http://blogs.ittoolbox.com/security/index.rdf
 joatBlog
http://www.757.org/~joat/blog/index.rdf
 Troy Jessup’s Network Security Blog
http://www.ndnn.org/blog/index.rdf
 Static in the Ether
http://lair.moria.org/blog/?flav=rss
Any
Questions?
Dana M. Epp
dana@scorpionsoft.com