Security sites: We're just not secure anymore

The last week or so has seen numerous attacks on security sites - most notably Spywarewarrior.com, Information Systems Security Association (ISSA) and even Ben Edelman, whose legalistic slant on all things spyware has obviously riled certain individuals who would rather he just shut the hell up.

In fact, a little research reveals that the current state of attacks on security sites is on the up, with who knows how many geting whacked in the whirlwind attack on phpbb sites over the weekend. It needs to be recognised that the fact that many security sites operate out of phpbb anyway probably didn't help matters, those that aren't are reporting record highs of DoS attempts on their sites instead (Ben Edelman's hosts reporting the biggest single DoS attack they've ever recorded - some 600MB+/second).

It's becoming increasingly apparent that, unable to deal with a daily deluge of security patches and more secure applications (because despite what you hear on a daily basis, things are - slightly - better than they were), those who would make your online life a misery are instead hoping to silence the voices that will help and advise the end-user in their security implementations.

Imagine if all the security sites you visited on a regular basis all dried up - all the goody two-shoes ones, the technical ones, the supergeeky ones, and the hardcore hacker sites you accidentally stumble across every so often.

Where would you turn for advice? How would you know for sure that the latest patch worked, or didn't cause problems with x, y or z driver / software / whatever?

Most likely, you wouldn't. Even the most advanced user has to plug into a stream of information somewhere, even if to confirm suspicions. But you wouldn't be able to do any of this if those sites suddenly went offline. And when you consider the people behind these attacks range from endless script kiddies to seemingly vast and powerful forces such as the creators of CWS, Transponder variants and other nasties (not forgetting the "respectable" businesses out there that peddle spy/malware on a daily basis) and you have rather a large mountain to climb.

What can security sites do to get round this?

Well, moving some sites off phpbb boards would be a start, as unless the content is specific and unique to that site you tend to end up with endless replication and the potential for exploits on a much wider scale. The psychological effects on security site owners is much greater when hundreds of people you know are getting We 0wn3d Jo0!!1121 on their splash page. If this ins't practical, how about not making the forum section of the site the main focus? Maybe even hosting seperate elements of that site on different servers (though this can be quit costly) - that way, even if one section is knocked out through DoS you still have a final limb ready and willing to bash the attackers over the head with.

Ultimately, it's down to those site owners to ensure their hosts aren't running anything out of date, though this can be amazingly hard to do - despite reassurances, the first you usually hear about your webhost running something they shouldn't be is when the script kiddies give you a nasty surprise at four in the morning...