Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Security Search Engine

from [Murda Mcloud] Network Security [Permanent Link]
Subject: RE: Security Search Engine
Date: Thu, 26 Oct 2006 08:42:27 +1000 
Hi Saqib,
Couple of thoughts came up
1. excellent idea
2. When you say 'exclude vendor specific' I can see this includes open
source sites/tools/communities? Eg snort/wireshark I guess they're not
really vendors but are still 'competing?' 'co-opeting?'(if there is such a
word).

3. Independent info isn't always 'good' info-I'm thinking along the lines of
amazon's 'reviews' and also I remember a site by a guy named 'Black Viper'
who had a comprehensive list of windows services that could be tuned
according to 'some testing' he had done on his sytem. As far as I could tell
lots of people took his advice at face value and not many people checked out
his methods. I suppose the usual disclaimers apply.
4. Is it just coincidence that securityfocus comes up at the top so often;-)
and are they a vendor-associated site(I know, they have plenty of disclosure
about who they're owned by and I use the place every day and place a fair
amount of trust in what I read there.)
5. also, 'news articles' can often be beat ups for products too(not sure if
they're included-will check in a moment)-I'm trying to think of a specific
example but it's too early in the morning.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Kelly Martin
Sent: Thursday, October 26, 2006 4:32 AM
To: Saqib Ali
Cc: security-basics
Subject: Re: Security Search Engine

Saqib,

Looks like you're using the new Google custom search tool. I think it's 
a good idea and useful. One suggestion: maybe you could include a link 
that lists the sites you've included, so people can see what's being 
indexed and suggest others as well? I like the vendor-neutral approach.

Someone's comment about certain vendors like Cisco having all their 
security documents on their website is a good point, but there may be a 
way to limit a search to just those areas (and not include marketing 
material). Although people looking for Cisco info will likely go 
directly to Cisco anyway, so it may not be needed.

We use an open-source search engine on SecurityFocus. Google does a 
great job with search overall, but one thing I noticed is that they 
don't index mailing list content very well. For that reason we also have 
a drop-down box on our search to limit searches to a specific list or 
area, like SEC-BASICS or BUGTRAQ or all 34 mailing lists. It's not 
always the most intuitive but sometimes a fine-grained approach works 
really well when you're looking for something specific.

Sometimes blogs have useful security info too, what are your thoughts on 
including some of those?

Best regards,
Kelly


Saqib Ali wrote:

Hello All,

I am building a Search Engine exclusively for the Security and
eSecurity Community using Google's Coop program.

I would like to NOT include any vendor site but just index sites that
are vendor neutral. Would this is be a good strategy or not?

The URL for the search engine is
http://www.xml-dev.com

Any suggestion, or new URLs are welcome.
Note: I won't include any security vendor website in the index for right 
now.



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Security Search Engine, Saqib Ali
Next by Date:  Re: Sandboxie, Saqib Ali
Previous by Thread:  Re: Security Search Engine, Kelly Martin
Next by Thread:  Re: Security Search Engine, Matt Lye
Indexes:  [Date] [Thread] [Top] [All Lists]