skip to main content

TAMU Webmaster's Blog

Information and insight from the A&M Webmasters

Using the Bad Guys’ Tools to Keep You Informed and Secure!

December 10th, 2008 by tamuwebmaster

My background did not start out in web development but in network administration and security. As such, I monitor the IT security industry in addition to all the web development blogs and sites I frequent. One of the things I’ve learned in IT security is that typically the bad guys are faster than the good guys. A good way to stay on top of things is to watch the resources the bad guys use to keep your good guys up to speed.

One of the sites I watch is milw0rm, an exploit archive and notification site. I use an RSS reader to watch everything that comes from them. Yesterday (12/8/08) I saw an item regarding XSRF in phpMyAdmin 3.1.0, which is the latest version (as of this writing). Since we use phpMyAdmin sometimes, I notified those responsible for it’s upkeep and made sure we didn’t use it when visiting other sites until a patch is available.

Today (12/9/08), I got a notification from the phpMyAdmin Security Feed site about the vulnerability. My point is that by monitoring what the bad guys are doing, we were able to move faster to protect ourselves than the company who writes the software. In fact, the Security notification links back to milw0rm as well.

I wrote earlier about monitoring RSS feeds from product vendors, and this is just another way for you to stay informed and avoid bad PR from a security incident.

Some of the security related RSS feeds I watch are:

Tags: ,

Wednesday, December 10th, 2008 Web Security
Share this article

No comments yet.

Leave a comment