Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

CloudFlare Rolls Out Free SSL  30 September 2014 
Source: ThreatPost - Posted by Dave Wreski   
Server Security In a move that will essentially double the number of SSL-protected sites on the Web in the space of 24 hours, CloudFlare on Monday said that it was enabling SSL for all of its more than two million customers for free.
Honeypot Snares Two Bots Exploiting Bash Vulnerability  30 September 2014 
Source: ThreatPost - Posted by Dave Wreski   
Intrusion Detection A honeypot run by researchers at AlienVault Labs has snared two separate pieces of malware attempting to exploit the Bash vulnerability.
Hacker Group Lizard Squad Takes Down Destiny, Call of Duty, FIFA And More  29 September 2014 
Source: Forbes - Posted by Dave Wreski   
Hacks/Cracks It’s been over a full month since hacker collective ‘Lizard Squad’ rose to notoriety for taking down Sony's PlayStation Network, Xbox Live and other gaming servers, but above all else attracting the FBI’s attention for tweeting out a bomb threat to a Sony executive’s American Airlines flight, which grounded the plane and launched a nationwide hunt for the group.
Shellshock makes Heartbleed look insignificant  29 September 2014 
Source: ZDNet Blogs - Posted by Dave Wreski   
Hacks/Cracks Somehow there always seems to be another Internet security disaster around the corner. A few months ago everyone was in a panic about Heartbleed. Now the bug called Shellshock (officially CVE-2014-6271), a far more serious vulnerability, is running uncontrolled over the Internet.
Linux Advisory Watch: September 26th, 2014  26 September 2014 
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system.
Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks  26 September 2014 
Source: Wired - Posted by Dave Wreski   
Hacks/Cracks With a bug as dangerous as the “shellshock” security vulnerability discovered yesterday, it takes less than 24 hours to go from proof-of-concept to pandemic. As of Thursday, multiple attacks were already taking advantage of that vulnerability, a long-standing but undiscovered bug in the Linux and Mac tool Bash that makes it possible for hackers to trick Web servers into running any commands that follow a carefully crafted series of characters in an HTTP request.
The Rise of the Hacker Bounty Hunter  25 September 2014 
Source: NY Times - Posted by Dave Wreski   
Latest News One night earlier this year, while playing around with a new anonymous-sharing app called Secret, Benjamin Caudill was gripped by a familiar sensation: This thing is not secure.
Kevin Mitnick, Once the World’s Most Wanted Hacker, Is Now Selling Zero-Day Exploits  25 September 2014 
Source: Wired - Posted by Dave Wreski   
Hacks/Cracks As a young man, Kevin Mitnick became the world’s most notorious black hat hacker, breaking into the networks of companies like IBM, Nokia, Motorola, and other targets. After a stint in prison, he reinvented himself as a white hat hacker, selling his skills as a penetration tester and security consultant.
Europe's watchdogs give Google a shopping list of how to sort out privacy  25 September 2014 
Source: ZDNet Blogs - Posted by Dave Wreski   
Privacy After a series of clashes with Google, Europe's data privacy watchdogs have drawn up a list of measures they'd like to see the search giant implement.
Unix/Linux Bash: Critical security hole uncovered  24 September 2014 
Source: ZDNet Blogs - Posted by Dave Wreski   
Hacks/Cracks The flaw involves how Bash evaluates environment variables. With specifically crafted variables, a hacker could use this hole to execute shell commands. This, in turn, could render a server vulnerable to ever greater assaults.
Performance and security in Red Hat Enterprise Linux 7  24 September 2014 
Source: ZDNet Blogs - Posted by Dave Wreski   
Server Security Modern datacenters and next-generation IT requirements depend on capable platforms, with open source solutions offering a strong foundation for open hybrid cloud and enterprise workloads. A powerful, unified platform enables enterprises to use a solid foundation to balance demand while utilizing new trends and technologies such as virtual machines and the open hybrid cloud.
How to choose the right Linux distro  24 September 2014 
Source: Network World - Posted by Dave Wreski   
Vendors/Products Unlike most other desktop and server operating systems, Linux comes in a wide variety of flavors, each based on a common core of the Linux kernel and various GNU user space utilities. If you're running Linux servers -- or Linux desktops, for that matter -- you should understand the important differences and be discerning about which flavor of Linux is best suited to any given situation. This article will help you do just that.
Nude-Photo Hackers Are Sad Apple Ruined Their Fun  24 September 2014 
Source: Wired - Posted by Dave Wreski   
Hacks/Cracks The fixes Apple bolted on to iCloud’s security following its epic spill of stolen celebrity nudes may be far from perfect. But give Apple credit: It made a lot of sex-starved hackers very unhappy.
5 reasons why hackers own your organization  23 September 2014 
Source: InfoWorld - Posted by Dave Wreski   
Hacks/Cracks The Target and Home Depot breaches should've been wake-up calls. Instead, the bad guys remain free to wreak havoc everywhere. Last week I noted that most companies are either already hacked or could easily be hacked -- and, when they have anything worth stealing, are probably already owned by multiple APT (advanced persistent threat) groups.


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition


Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.