Sites that I have found interesting when trying to learn more about information security and penetration testing:

• PaulDotCom – I never miss an episode of the PaulDotCom.com security weekly podcast.
• Bruce Schneier – Information security legend
• Free Rainbow Tables – A website offering free rainbow tables for download, or to buy shipped on a physical disk. Their rainbow tables are made using distributed computing.
• Hack This Site – A set of webapp hacking tests that I’m currently working my way through.
• Exploit Exercises – A set of application exploit tutorials which I haven’t even started looking at yet.
• PenTesticles – An infosec blog (with an absolutely brilliant title) written by a couple of guys based in the UK (like me).
• Hack Armoury – A site where you can download common pentesting tools via many common protocols (even SAMBA!)
• InfoSecs – Rare posts on infosec and penetration testing
• PenTest-n00b – Blog of another person trying to break into infosec (just like me). Has a nice blog post from 11 Jan 2011 listing sites that are safe to hack. I notice he signs off “Cheers” at the end of his about me page, so it looks like he might be a fellow Brit too.
• Metasploit Unleashed – Free (any donations go to charity) online course for metasploit
• Quakenet PHP Tutorial – When pentesting a webapp written in PHP, it helps a lot to understand the PHP language and the common security mistakes made by developers. This tutorial is pretty good.
• OWASP – The Open Web Application Security Project
• Browser Security Handbook – All about security measures in web brosers.

Feel free to let me know of any others that you think I may find interesting.