Security Information Dissemination: The Powers of RSS for Security Weblogging (Blogging) Dana M. Epp Computer Security Software Architect Scorpion Software Corp. “Security delayed is security denied. There is more information than you can read or absorb. That means you might miss some key points, trends, warnings, or fixes. And the price for missing them can be enormous.” - Scott Granneman Columnist, SecurityFocus Overview What is RSS and blogging? History of RSS RSS and Productivity Technical Timeout: What RSS Looks Like How to read RSS – The Aggregator. Dana’s Top 10 Security RSS Feeds Questions and Answers What is RSS? RSS stands for “Really Simple Syndication” RSS is a dialect of XML that provides web and news content syndication. But it's not just for the web or news. Pretty much anything that can be broken down into discrete items can be syndicated via RSS: the "recent changes" of a vendor software, a changelog of CVS checkins, even the revision history of a book. Quick Blogging Glossary RSS: Really Simple Syndication RDF: Resource Description Framework Blog: Short for Web log Aggregator: Tool to read RSS feeds History of RSS Original version developed by NetScape as RSS 0.90 as a format for building portals of headlines to mainstream news sites. RSS 0.90 found to be overly complex for its goals; a simpler version, 0.91, was proposed and subsequently dropped when Netscape lost interest in the portal-making business. Dave Winer at UserLand Software picked up 0.91, for use as the basis of its weblogging products and other web-based writing software. At the same time, a 3rd group split off using the design goals of 0.90, and based on RDF, calling it RSS 1.0 UserLand Software was not happy with this, and continued to build 0.9x versions (0.91-0.94), until it suddenly jumped to become the RSS 2.0 standard RSS and Productivity 1. RSS is faster to display. Why is this? Well, HTML (er, your web browser) needs to call a Web server. Wait for it to respond. Then wait for it to send its stream of HTML. Then wait for it to display what it gets. On some weblogs that process can take as long as 1.5 minutes!!! * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject RSS and Productivity 2. With RSS I only need to read one out of 10 sites. Why is that? Because with a web browser you need to visit every single site. With RSS you only read the sites that have changed since the last time you've read the feed. * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject RSS and Productivity 3. RSS is faster to read. Why is this? Well, if you visit my weblog in a web browser, how do you know what's new? You need to look at the dates. Now, what about a page like http://msdn.microsoft.com. Quick, tell me what's changed in the past 24 hours. In the past week. In the past month. With RSS I INSTANTLY know what has changed since the last time I visited. * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject RSS and Productivity 4. RSS is more efficient to read. Most RSS feeds only give you the content. Not the advertising. Not the color banners. Not the crappy links. Not the weird fonts. Not the bizarre color background. It gives you what you want… information. * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject RSS and Productivity 5. RSS lets you escape the browser. Maybe the browser isn't where you want to read. Maybe you like Outlook better. Or your PDA. RSS is XML, which lets you programmatically import it and deal with it anywhere you want * Adapted from Robert Scoble’s RSS vs. HTML blog post on the subject RSS and Productivity – Practical Example I used to spend 1 to 2 hours a day surfing to around 30 web sites of interest to keep up to date with industry trends, vulnerabilities and news. Now I watch over 75 security feeds, 50 news feeds and over 100 personal web logs of interest in less than 15 minutes a day On numerous occasions I learned of a new security threat via RSS BEFORE I heard about it in mailing lists or on the news. RSS and Productivity – Dana’s Weird Uses of RSS I use RSS to correlate and quickly display new security events going on across different operating systems and network devices within a single RSS feed. I use RSS to track changes in our automated product builds. Results of new builds are immediately known to me without having to discuss with others. In February, launching a company blog which includes an RSS feed of product changes and patches… and have integrated the RSS directly into the software. Technical Timeout: RSS 2.0 <rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/"> <channel> <title>Some title</title> <link>http://www.someurl.com/</link> <description>Describe Information Content</description> <language>en-us</language> <item> <title>Welcome to blogging</title> <link>http://www.someurl.com/pub/2003/12/04/blog.html</link> <description>Witty description of the content</description> <dc:creator>Dana Epp</dc:creator> <dc:date>2003-12-04</dc:date> </item> <item> <title>The .NET Schema Object Model</title> <link>http://www.xml.com/pub/2002/12/04/som.html</link> <description>Priya Lakshminarayanan describes in detail the use of the .NET Schema Object Model for programmatic manipulation of W3C XML Schemas.</description> <dc:creator>Priya Lakshminarayanan</dc:creator> <dc:date>2002-12-04</dc:date> </item> </channel> </rss> How to read RSS – The Aggregator An aggregator is software that periodically reads a set of RSS feeds, in one of several XML-based formats, finds the new bits, and displays them in reverse-chronological order on a single page. Sample List of Aggregators Bloglines – Online Aggregator http://www.bloglines.com SharpReader - .NET Aggregator http://www.sharpreader.net Newsgator – Outlook extension http://www.newsgator.com Feed Demon – Windows Aggregator http://www.feeddemon.com Wildgrape NewsDesk http://www.wildgrape.net Many, many more great aggregators out there! Dana’s Top 10 Security-related RSS Feeds SecurityFocus Vulnerabilities (BugTraq) http://www.securityfocus.com/rss/vulnerabilities.xml SecurityFocus Top News http://www.securityfocus.com/topnews-rss.html CERT/CC http://www.cert.org/channels/certcc.rdf Microsoft MSDN Security http://msdn.microsoft.com/security/rss.xml SANS Internet Storm Center http://isc.incidents.org/rssfeed.xml SANS Information Security Reading Room http://www.sans.org/rr/rss/ Microsoft Hotfix and Security Bulletin Service http://www.opensec.org/feeds/microsoft/latest.xml Symantec Security Response - Advisories http://xml.newsisfree.com/feeds/56/3156.xml Network World on Security http://www.nwfusion.com/rss/security.xml Dana Epp’s Ramblings at the Sanctuary http://silverstr.ufies.org/blog/index.rss How to find your own Security Related RSS feeds Google “security blogs” Consider reading more “personal” infosec blogs that are not company focused… but profession focused Read comments on some feeds… typically you can get a poster’s blog info from there (ie: A link via their email). Dana’s Favorite Personal Security-related RSS Feeds Here is a small sample of just a few more personal web logs that relate to security: Dana Epp’s Ramblings at the Sanctuary http://silverstr.ufies.org/blog/index.rss TaoSecurity http://feeds.blogstreet.com/12858.rss A Day in the Life Of An Information Security Investigator http://blogs.ittoolbox.com/security/index.rdf joatBlog http://www.757.org/~joat/blog/index.rdf Troy Jessup’s Network Security Blog http://www.ndnn.org/blog/index.rdf Static in the Ether http://lair.moria.org/blog/?flav=rss Any Questions? Dana M. Epp dana@scorpionsoft.com