On Wed, 13 Aug 2003, Ken Schaefer wrote: > Recognised as a "security authority" by who? Certainly no one in the actual > security industry. Just go hang out on *any* of the major security forums. > Steve's not present, and the people/companies that are there are pretty > dismissive of his talents (except his self-marketing ability). Agreed. Gibson catches a lot of flack (and deservedly so, IMHO) for over-hyping issues just to generate traffic to his site. He has a real penchant for making mountains out of molehills. So when an actual mountain comes along, he can *really* get out of hand. That's not to say that the information on his site might not be useful, but you have to take some of it with a grain of salt. > Better places to get security news: > www.securityFocus.com (they run the Bugtraq list amongst others) > www.cert.org Some more good security alert bookarks: http://www.ciac.org/ciac/ http://www.trusecure.com/knowledge/hypeorhot/ http://xforce.iss.net/ Anybody serious about maintaining security on their systems should be subscribed to the BugTraq mailing list, at the very least. And subscribing to system-specific lists like NTBugTraq, Focus-Linux, and Focus-MS, is a good idea, too. And the Vuln-Dev list can be very informative. -- Ernest MacDougal Campbell III, MCP+I, MCSE <dougal at gunters.org> http://dougal.gunters.org/ http://spam.gunters.org/ Web Design & Development: http://www.mentalcollective.com/ This message is guaranteed to be 100% eror frea!