Monday, November 02, 2009

Monthly Blog Round-Up – October 2009

As we all know, blogs are a bit "stateless" and a lot of good content gets lost since many people, sadly, only pay attention to what they see today. These monthly round-ups is my attempt to remind people of useful content from the past month! If you are “too busy to read the blogs,” at least read these.

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics.

  1. Top Log FAIL!” is hot! The post summarizes the most egregious, reckless, painful, negligent, sad, idiotic examples of “Log FAIL.”
  2. Open source SIEM theme continues to drive a lot of traffic – it looks like folks are still desperately googling for it. “Why No Open Source SIEM, EVER?” post takes the spot in Top5 this month again. The older inspiration for this post is “On Open Source in SIEM and Log Management.”
  3. MUST Read on Walmart Intrusion” includes the juicy bits from the full story at Wired. Some amazing examples of “log FAIL” are mentioned there, BTW.
  4. Open Source CLOUD SIEM, Anybody?” post is where I shared some ideas on how to go about building an open source SIEM/SIM/SEM tool using cloud computing. It seems to have attracted a lot of attention. And it should have :-)
  5. Compliance != Security, Does Security = Compliance?” contains some fun analysis of situations where not only “compliance != security”, but also “security != compliance.”  This theme will definitely be explored in the future.

This month I am also starting a new tradition: I am going to thank my top 5 referrers this month (those that are actual humans, that is). So, thanks a lot to the following people whose blogs/resources sent most visitors to my blog:

  1. Dancho Danchev blog
  2. Dmitry Evteev blog
  3. Martin McKeay blog
  4. Kevin Riggins Infosec Ramblings blog
  5. Richard’s TaoSecurity blog

Thanks for all the link-love!

See you in November. Also see my annual “Top Posts” (2007, 2008)

Possibly related posts / past monthly popular blog round-ups:

Obligatory “added everywhere” posts :-)

  • I am not at Qualys anymore and looking for the next big security idea to work on! Meanwhile, I might be available for fun consulting projects related to PCI DSS, log management, SIEM or other fun security things.

Dr Anton Chuvakin