LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
GitHub suffers 'largest DDoS' attack in site's history  30 March 2015 
Source: ZDNet Blogs - Posted by Dave Wreski   
Hacks/Cracks GitHub is suffering a DDoS attack deemed the largest in the website's history and believed to originate from China. The coding website is a popular repository for projects from game engines to security applications and web app frameworks, and is used by programmers and tech firms to develop and share tools.
 
Noose around Internetís TLS system tightens with 2 new decryption attacks  30 March 2015 
Source: arsTechnica - Posted by Dave Wreski   
Cryptography The noose around the neck of the Internet's most widely used encryption scheme got a little tighter this month with the disclosure of two new attacks that can retrieve passwords, credit card numbers and other sensitive data from some transmissions protected by secure sockets layer and transport layer security protocols.
 
Linux Advisory Watch: March 27th, 2015  27 March 2015 
Source: LinuxSecurity Contributors - Posted by Anthony Pell   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system.
 
And the prize for LEAST SECURE BROWSER goes to ... Chrome!  27 March 2015 
Source: The Register UK - Posted by Alex   
Vendors/Products More vulnerabilities were discovered in Google Chrome last year than any other piece of core internet software Ė that's according to research that also found 2014 clocked record numbers of zero-day flaws.
 
FBI Quietly Removes Recommendation To Encrypt Your Phone  27 March 2015 
Source: TechDirt - Posted by Dave Wreski   
Privacy Back in October, we highlighted the contradiction of FBI Director James Comey raging against encryption and demanding backdoors, while at the very same time the FBI's own website was suggesting mobile encryption as a way to stay safe. Sometime after that post went online, all of the information on that page about staying safe magically disappeared, though thankfully I screenshotted it at the time:
 
How Kevin Mitnick hacked the audience at CeBIT 2015  26 March 2015 
Source: PC Pro UK - Posted by Dave Wreski   
CeBIT attendees on Thursday fell victims to a series of well-executed hacks. Thankfully, they werenít malicious in origin; instead, they were live demonstrations by notorious ex-hacker Kevin Mitnick.
 
Google warns of unauthorized TLS certificates trusted by almost all OSes  26 March 2015 
Source: Security Ledger - Posted by Alex   
Latest News Google is warning its users that unauthorized digital certificates have been issued for several of its domains. The certificates, issued by an intermediary certificate authority for the China Internet Network Information Center (CNNIC) may be used to impersonate official Google sites and other, as-yet unnamed Internet destinations.
 
Tech Companies, Privacy Advocates Call for NSA Reform  26 March 2015 
Source: ThreatPost - Posted by Dave Wreski   
Privacy A group of technology companies, non-profits and privacy and human rights organizations have sent a letter to President Barack Obama, the director of national intelligence and a wide range of Congressional leaders, calling for an end to the bulk collection of phone metadata under Section 215 of the USA PATRIOT Act.
 
Threat-sharing cybersecurity bill unveiled  25 March 2015 
Source: ZDNet Blogs - Posted by Dave Wreski   
Government The House of Representatives Intelligence Committee has introduced a bill which will make sharing cybersecurity data easier for companies by removing the prospect of being sued.
 
Study: One-third of top websites vulnerable or hacked  25 March 2015 
Source: CSO Online - Posted by Alex   
Hacks/Cracks According to a new report from Menlo Security, one out of three of the top million websites are either vulnerable to hacking or already hacked. For example, attackers used the Forbes.com website last month for a quick watering hole attack.
 
OpenSSL Mystery Patch is No Heartbleed  25 March 2015 
Source: ThreatPost - Posted by Dave Wreski   
Vendors/Products Hold the logo and the dedicated website; the anticipated high-severity OpenSSL vulnerability is serious, but itís no Heartbleed or POODLE.
 
Researchers map Drupal attack that bypasses poorly tuned Web Application Firewalls  24 March 2015 
Source: CSO Online - Posted by Alex   
Firewalls Late last year, CSO Online reported on a vulnerability in Drupal that could have left thousands of websites compromised. Last week, researchers examined the attack in more detail, measuring the time it would take to compromise a website completely.
 
Stealing Data From Computers Using Heat  24 March 2015 
Source: Wired - Posted by Dave Wreski   
Security Projects Air-gapped systems, which are isolated from the Internet and are not connected to other systems that are connected to the Internet, are used in situations that demand high security because they make siphoning data from them difficult.
 
Linux Security Week: March 23rd, 2015  23 March 2015 
Source: LinuxSecurity Contributors - Posted by Anthony Pell   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.
 
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Sponsor:

 

Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.