LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: October 24th, 2014  24 October 2014 
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system.
 
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely  24 October 2014 
Source: ThreatPost - Posted by Alex   
Intrusion Detection Maintaining your privacy online, like investing in stocks or looking good naked, has become one of those nagging desires that leaves Americans with a surplus of stress and a deficit of facts. So it’s no surprise that a cottage industry of privacy marketers now wants to sell them the solution in a $50 piece of hardware promising internet “anonymity” or “invisibility.”
 
Disaster as CryptoWall encrypts US firm's entire server installation  24 October 2014 
Source: Network World - Posted by Alex   
Cryptography "Here is a tale of ransomware that will make your blood run cold," announced Stu Sjouwerman of security training firm KnowBe4 in a company newsletter this week and he wasn't exaggerating.
 
Quick PHP patch beats slow research reveal  23 October 2014 
Source: The Register UK - Posted by Alex   
Latest News Patches have been flung out to cover vulnerabilities in PHP that led to remote code execution and buffer overflows.
 
NIST to hypervisor admins: secure your systems  23 October 2014 
Source: The Register UK - Posted by Dave Wreski   
Intrusion Detection US standards body the National Institute of Standards and Technology (NIST) has laid out the basics of hypervisor security in a draft publication released for comment on 20 October.
 
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System  23 October 2014 
Source: Wired - Posted by Dave Wreski   
Privacy Senator Ron Wyden thought he knew what was going on. The Democrat from Oregon, who has served on the Senate Select Committee on Intelligence since 2001, thought he knew the nature of the National Security Agency’s surveillance activities.
 
iPhone Encryption and the Return of the Crypto Wars  22 October 2014 
Source: Schneier on Security - Posted by Dave Wreski   
Cryptography Last week, Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone's encryption only protected a small amount of the data, and Apple had the ability to bypass security on the rest of it.
 
USB is now UEC (use with extreme caution)  22 October 2014 
Source: Network World - Posted by Dave Wreski   
Hacks/Cracks USB is an acronym for Universal Serial Bus; at least that is what it has stood for since 1999 when it was patented. But now it may take on a new meaning and instead stand for Ultimate Security Breakdown.
 
Finding a Video Poker Bug Made These Guys Rich—Then Vegas Made Them Pay  21 October 2014 
Source: Wired - Posted by Dave Wreski   
Intrusion Detection John Kane was on a hell of a winning streak. On July 3, 2009, he walked alone into the high-limit room at the Silverton Casino in Las Vegas and sat down at a video poker machine called the Game King. Six minutes later the purple light on the top of the machine flashed, signaling a $4,300 jackpot.
 
RIPS – Static Source Code Analysis For PHP Vulnerabilities  21 October 2014 
Source: Darknet - Posted by Dave Wreski   
Vendors/Products RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced by a malicious user) during the program flow.
 
Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers  21 October 2014 
Source: InfoSecurity Magazine - Posted by Dave Wreski   
The irony was not lost on Johnny Long. On the silver screen, both hackers and zombies are typically associated with disaster, so the fact that he was at a zombie-themed security conference to speak about hackers making a positive difference in the world seemed satirical.
 
Linux Security Week: October 20th, 2014  20 October 2014 
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.
 
What a hacker can learn about your life from the coffee shop’s Wi-Fi network  20 October 2014 
Source: Quartz - Posted by Alex   
Wireless Security We often shift between a phone signal, private internet connections, and public Wi-Fi networks. You pass by your local Starbucks, for example, and the phone remembers you’ve been there in the past and latches on to its signal—without you thinking too much about it.
 
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says  20 October 2014 
Source: ThreatPost - Posted by Dave Wreski   
Cryptography FBI Director James Comey said Thursday that the recent movement toward default encryption of smartphones and other devices could “lead us to a very, very dark place.” Echoing comments made by law enforcement officials for the last several decades, Comey said that the advanced cryptosystems available today threaten to cripple the ability of intelligence and law enforcement agencies to gather vital information on criminals.
 
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Sponsor:

 

Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.