Were you the last person to hear about the recent Apple root access issue? As I sit here writing this, every possible news outlet is talking about it. My feeds are absolutely full of this one story from 9to5mac to Popular Mechanics offering their take. This kind of wide reporting on a security issue is obviously not standard. A quick search on the CVE database shows 992 vulnerabilities cataloged this month. Are all equally important? Obviously not, but I’d bet that some of them affect your assets.
Staying up to date with security is not a passive pursuit. There are an uncountable number of software packages, each with their corresponding bugs and vulnerabilities. If you wait for it to hit your local newspaper, you’ll be reading yesterday’s (or last weeks, more likely) news. If you really want to stay on top of things, you need to spend about 5-6 minutes a day on it. Timely knowledge of ongoing security threats and patching can prevent hours of downtime and headache. I’d say it’s time well invested.
I’m a fairly busy guy, between working at a startup, having three kids, making it to the gym, and everything else life has, it can be hard to have time to stay up to date. My daily ‘security ritual’ is how I make sure I’m up to date. There are countless lists of ‘top 10, 20, 50 security feeds out there. The purpose of this post isn’t to provide you with MORE information; Instead, I’ll focus on the process I use to quickly and efficiently sort through the ocean of information, retweets, and tabloid nonsense. Here’s how I do it.
Know your attack surface
First, important to know what you’re concerned about. Knowing the key services you’re protecting is the first step. Even a simple network service scan would get you on the right track. If you’re managing an enterprise, you should already have this information available. Having an idea on what you’re looking to know about will help filter out the noise and allow you to better target your sources. To keep this post a reasonable length, I’m going to use my home network as an example. The suggestions should apply to larger organizations as well, or your specific area of interest.
As an example, in my home network I have a lot of different devices. My Firewall is pfSense, my network gear is Ubiquiti, and a Synology NAS for data storage. I’ve got a lot of home automation powered by home-assistant and Telldus. There are cameras from Hikvision and D-link, and both Mac and Linux servers, and some Android devices as well. I’ll bet that, if you’ve read this far, you might have a similar mix of devices. The point here is that, even at home, there is a fairly large attack surface with a ton of potential vulnerabilities. And this trend is going to increase dramatically in the coming years. How can you stay up to date without making it a full time job?
Make the relevant information come to you
You can’t rely on timely information to come to you via ‘passive’ sources. I use a number of different methods to get more targeted information delivered. Remember the goal is to spend about 5 minutes a day, so I don’t have time to go hunting.
The first and easiest way is to use something like google alerts with a pretty simple formula of ‘[product] vulnerability’. This isn’t foolproof, sometimes you may want to put in ‘data breach’ or ‘hacked’ or something similar, particularly when looking at cloud based services. Here’s an example:
This should get timely alerts delivered to your email account, and on an average day will use up about one minute of our allotted time. If you prefer to use something other than google, there are several alternatives out there.
Birds on a wire
For real time news on ongoing issues, i’ve found that Twitter is a way to tap into the chatter of the Internet. I recommend setting up an account that just follows security professionals and news outlets. Otherwise you’ll get overwhelmed with the significant background noise, stupid comments, and general idiocy that is inherent in the platform.
There are two ways I recommend using Twitter.
- When you hear about a security issue with a product or service you’re concerned about, just searching for that Apple root vulnerability (make sure to sort by latest), and you can see the overall chatter.
- Since our goal is to make information come to us, I also get email alerts based on twitter keyword searches. I prefer to use a service called IFTTT which has several prebuilt applets for twitter searches. I like the flexibility of IFTTT, some searches go to email, others pop up as alerts on my phone.
Since tweets are so short, I tend to spend a bit more time following links and getting supporting information. This can take 2 minutes at the beginning of the day. Just two minutes left.
Your old friend RSS
It’s safe to say that RSS feeds are a bit old fashioned. However, I have yet to find a better way to roll through 500 news articles in two minutes. I have a group of security feeds that I check every morning, scroll through the headlines, and then add the longer or more interesting articles to pocket, and read them on the train on the way into the office. Even if you only scroll through the headlines, you should get an idea of the most critical and hot threats.
Here are some news feeds that I highly recommend for timely security news and updates. You’ll want to augment this with local language feeds and perhaps application or context specific feeds.
I’ve gathered all these feeds into a single OPML for you to easily import into your own RSS reader. Download the feed here. Scrolling through headlines shouldn’t take more than a few minutes.
I hope that you can make some use of the above methodology. It continues to be an invaluable part of my daily routine. Nobody likes getting blindsided by security issues, particularly in a meeting with customers or colleagues, or worse yet in production. If you have any suggestions for good data sources, or ways in which this could be improved, I’d love to hear from you.
By: James Tucker, Director of System Engineering