WSM Reference Guide - WatchGuard Technologies

Grey Hat Sites
Insecure.org
Check out the online home of the well-known security researcher Fyodor, who authored nmap,
the best port scanning tool available. From this site you can download nmap and 74 other
security tools from others, many of them excellent. Insecure.org serves as a repository for
numerous other security lists which may not have an archive of their own (such as
FullDisclosure). If you don't want to junk up your Favorites with every security list (BugTraq,
FullDisclosure, Pen Test, etc.) bookmark this one site and you can find them all from here.
Governmentsecurity.org
Despite its name, this site is not sponsored by a government. Like many of the other sites we've
recommended, it archives daily security news. But our favorite feature is the moderated security
forums, where you can discuss relevant topics (ranging from general network security, to how
to compile and run specific exploits) with other network administrators.
Microsoft TechNet
IT professionals running a Windows network look here for the latest Microsoft security bulletins.
Pro: Authoritative source for Microsoft security fixes. Con: Microsoft's alerts minimize the truly
bad implications of some vulnerabilities, sometimes unfairly. Bring a suspicious mind to the
part of each alert that talks about "mitigating factors" that supposedly reduce risk. Net: If you
use Windows, you've got to visit here at least monthly.
CERT.org
This government-funded source of security advisories describes itself as "a center to coordinate
communication among experts during security emergencies and to help prevent future
incidents." Pro: CERT does an excellent job of coordinating information when vulnerabilities are
found in the most commonly-used Internet resources. Con: Because their work is "official" and
because so many vendors can have a say in CERT's advisories, this is often the last entity to issue
a security advisory. Net: Pretty much the final word on anything Internet-related and not
owned by a private vendor. A must for your arsenal of resources.
Grey Hat Sites
We characterize these security researchers as "grey hats" because, unlike white hats, they might not
inform the appropriate manufacturer before publicly revealing their findings and posting exploit code
(often passed off euphemistically as "proof of concept" code). Technically they're not breaking laws or
acting maliciously, like "black hats." But announcing security holes before vendors can fix them is like
giving an army a map of the castle they're attacking, with a big red arrow marking the secret entrance.
Grey hats commonly claim their behavior contributes to overall security by making vendors watch
themselves more diligently. Whether that is true is a battle we'll leave to someone else.
Nonetheless, "grey hat" sites are worth inspecting when you want to understand more about how a particular
vulnerability works. These sites are often the first to reveal new vulnerabilities, much sooner than
you'll get the info from the appropriate vendor. When trying to prioritize how urgently you need to
patch flawed software on your network, flaws where the exploit code is publicly posted should go to the
top of your list. To learn whether exploit code is publicly available, monitor our LiveSecurity alerts, and
check some of the following sites.
Unpatched Internet Explorer Bugs
Researchers have found numerous security flaws in Internet Explorer that Microsoft has not
patched yet. Some holes are serious (for example, one enables a hacker who has lured you to
his malicious Web site to silently install and execute code on your computer). Liu Die Yu's site
86 WatchGuard System Manager