Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: February 27th, 2015
Linux Security Week: February 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Linux Advisory Watch: February 27th, 2015  27 February 2015 
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system.
Hackers exploit router flaws in unusual pharming attack  27 February 2015 
Source: IT World - Posted by Anthony Pell   
Hacks/Cracks An email-based attack spotted in Brazil recently employed an unusual but potent technique to spy on a victim’s Web traffic.
Gemalto Confirms It Was Hacked But Insists the NSA Didn’t Get Its Crypto Keys  27 February 2015 
Source: Wired - Posted by Dave Wreski   
Cryptography Gemalto, the Dutch maker of billions of mobile phone SIM cards, confirmed this morning that it was the target of attacks in 2010 and 2011—attacks likely perpetrated by the NSA and British spy agency GCHQ. But even as the the company confirmed the hacks, it downplayed their significance, insisting that the attackers failed to get inside the network where cryptographic keys are stored that protect mobile communications.
DDoS Exploit Targets Open Source Rejetto HFS  27 February 2015 
Source: ThreatPost - Posted by Dave Wreski   
Hacks/Cracks Apparently no vulnerability is too small, no application too obscure, to escape a hacker’s notice. A honeypot run by Trustwave’s SpiderLabs research team recently snared an automated attack targeting users of the open source Rejetto HTTP File Server (Rejetto HFS).
Snowden: Spy Agencies ‘Screwed All of Us’ in Hacking Crypto Keys  26 February 2015 
Source: Wired - Posted by Dave Wreski   
Privacy NSA whistleblower Edward Snowden didn’t mince words during a Reddit Ask Me Anything session on Monday when he said the NSA and the British spy agency GCHQ had “screwed all of us” when it hacked into the Dutch firm Gemalto to steal cryptographic keys used in billions of mobile SIM cards worldwide.
Ramnit Botnet Shut Down  26 February 2015 
Source: ThreatPost - Posted by Dave Wreski   
Latest News The Ramnit botnet, a favorite among thieves dabbling in financial fraud for its frequent updates, has been shut down in a joint effort spearheaded by Europol’s European Cybercrime Centre (EC3).
Update: Superfish is the Real End of SSL  25 February 2015 
Source: Security Ledger - Posted by Dave Wreski   
Privacy In-brief: Outrage over Lenovo’s promotion of privacy busting adware continued to grow amid lawsuits and more spying revelations. The big question: is this the final – final straw for the beleaguered Secure Sockets Layer (SSL) technology? (Updated to add comment from Kevin Bocek of Venafi.)
Yahoo exec goes mano a mano with NSA director over crypto backdoors  25 February 2015 
Source: arsTechnica - Posted by Dave Wreski   
Cryptography Echoing the concerns many US-based technology companies have about US-led surveillance programs, Yahoo Chief Information Security Officer Alex Stamos asked the director of the National Security Agency some pointed questions concerning proposed or existing backdoors placed in encryption technologies.
More than 1 million WordPress websites imperiled by critical plugin bug  25 February 2015 
Source: arsTechnica - Posted by Dave Wreski   
Hacks/Cracks More than one million websites that run on the WordPress content management application run the risk of being completely hijacked by attackers exploiting critical vulnerability in most versions of a plugin called WP-Slimstat.
Edward Snowden documentary Citizenfour wins Oscar  24 February 2015 
Source: Network World - Posted by Dave Wreski   
Security Projects A documentary on whistleblower Edward Snowden won the Oscar for the best documentary feature, in a shot in the arm for people worldwide protesting against alleged U.S. intrusions into the privacy of people in the country and abroad.
TurboTax’s Anti-Fraud Efforts Under Scrutiny  24 February 2015 
Source: Krebs on Security - Posted by Dave Wreski   
Latest News Two former security employees at Intuit — the makers of the popular tax preparation software and service TurboTax – allege that the company has made millions of dollars knowingly processing state and federal tax refunds filed by cybercriminals.
Linux Security Week: February 23rd, 2015  23 February 2015 
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.
Research: 84 percent more concerned about security and privacy in 2015  23 February 2015 
Source: ZDNet Blogs - Posted by Alex   
Privacy Security and privacy are top concerns for many IT professionals, and it's especially relevant now, after 2014's highly publicized data breaches. Because of the constant concerns about security and privacy, Tech Pro Research, ZDNet's premium content sister site, conducted a new survey on the topic and compared the results back to a previous survey from 2013.
Spin and FUD: Superfish CEO says software presents no security risk  23 February 2015 
Source: CSO Online - Posted by Dave Wreski   
Hacks/Cracks In a statement to Ars Technica, Adi Pinhas, CEO of Superfish Inc. said his company's pre-installed advertising software on Lenovo PCs poses no security risk – despite clear evidence otherwise.


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition


Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.