LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: February 27th, 2015
Linux Security Week: February 23rd, 2015
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Domain keywords used to spot phishing sites  06 March 2015 
Source: CSO Online - Posted by Dave Wreski   
Network Security Criminals setting up fake domains for phishing are prone to use the same words over and over and spotting those words can help identify malicious sites, according to a new threat detection model from OpenDNS.
 
EFF, ACLU, Other NGOs Urging U.N. to Create Privacy Watchdog  06 March 2015 
Source: ThreatPost - Posted by Dave Wreski   
Privacy A coalition of 63 non-governmental organizations (NGOs) from around the world are calling on national governments to support the establishment of a special rapporteur on the right to privacy within the United Nations.
 
PATCH FREAK NOW: Cloud providers faulted for slow response  05 March 2015 
Source: The Register UK - Posted by Dave Wreski   
Intrusion Detection Hundreds of cloud providers are still vulnerable to the serious FREAK cryptographic vulnerability. Skyhigh Networks found that 766 cloud services are still at risk 24 hours after FREAK was made public, based on an analysis of more than 10,000 different services.
 
CSI: Cyber: We Watched So You Didn’t Have To  05 March 2015 
Source: ThreatPost - Posted by Dave Wreski   
Latest News From the time the first commercials aired during the American pro football championship game last month, CSI: Cyber has been one of the more talked-about and least-anticipated shows in recent memory. At least in tech circles. For normal viewers, it’s one of those shows that you wake up in the middle of at 10:27 after nodding off during Criminal Minds or CSI: Pet Detectives.
 
Snowden willing to face trial in US, if it's fair  04 March 2015 
Source: Network World - Posted by Anthony Pell   
Latest News Edward Snowden, the former U.S. National Security Agency contractor who leaked details of the agency’s surveillance programs, is willing to return to the U.S. and face criminal charges, if he’s assured of a fair trial, according to a Russian news report.
 
New FREAK Attack Threatens Many SSL Clients  04 March 2015 
Source: Wired - Posted by Dave Wreski   
Cryptography For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack.
 
The Deadly Game of Cyber Mis-Attribution  03 March 2015 
Source: Security Ledger - Posted by Anthony Pell   
Intrusion Detection Despite the demand and market pressure in the cyber security industry to get past “what” and point a finger at “who” is behind sophisticated hacks, the tools and techniques for doing so haven’t changed much in recent years.
 
Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox  03 March 2015 
Source: ThreatPost - Posted by Anthony Pell   
Vendors/Products Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however.
 
D-Link Routers Haunted by Remote Command Injection Bug -  03 March 2015 
Source: ThreatPost - Posted by Alex   
Hacks/Cracks Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks.
 
Bad movie: Hackers can raid networks with burnt Blu-Rays  02 March 2015 
Source: The Register UK - Posted by Alex   
Hacks/Cracks British hacker Stephen Tomkinson has found two Blu-Ray-borne attacks. His first exploit relies on a poor Java implementation in a product called PowerDVD from CyberLink. PowerDVD plays DVDs on PCs and creates menus using Java, but the way Oracle's code has been used allows naughty folk to circumvent Windows security controls.
 
Why Silicon Valley Hackers Still Won’t Work With the Military, and Vice Versa  02 March 2015 
Source: motherboard - Posted by Dave Wreski   
Security Projects In the fight to defend cyberspace from its enemies, the US military is rushing to hire as many skilled hackers as it can. But no one is really sure how to get the two cultures to coexist.
 
Linux Advisory Watch: February 27th, 2015  27 February 2015 
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system.
 
Hackers exploit router flaws in unusual pharming attack  27 February 2015 
Source: IT World - Posted by Anthony Pell   
Hacks/Cracks An email-based attack spotted in Brazil recently employed an unusual but potent technique to spy on a victim’s Web traffic.
 
Gemalto Confirms It Was Hacked But Insists the NSA Didn’t Get Its Crypto Keys  27 February 2015 
Source: Wired - Posted by Dave Wreski   
Cryptography Gemalto, the Dutch maker of billions of mobile phone SIM cards, confirmed this morning that it was the target of attacks in 2010 and 2011—attacks likely perpetrated by the NSA and British spy agency GCHQ. But even as the the company confirmed the hacks, it downplayed their significance, insisting that the attackers failed to get inside the network where cryptographic keys are stored that protect mobile communications.
 
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Sponsor:

 

Yesterday's Edition
CSI: Cyber: We Watched So You Didn’t Have To
PATCH FREAK NOW: Cloud providers faulted for slow response
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.