Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: February 27th, 2015
Linux Security Week: February 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Snowden willing to face trial in US, if it's fair  04 March 2015 
Source: Network World - Posted by Anthony Pell   
Latest News Edward Snowden, the former U.S. National Security Agency contractor who leaked details of the agency’s surveillance programs, is willing to return to the U.S. and face criminal charges, if he’s assured of a fair trial, according to a Russian news report.
New FREAK Attack Threatens Many SSL Clients  04 March 2015 
Source: Wired - Posted by Dave Wreski   
Cryptography For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack.
The Deadly Game of Cyber Mis-Attribution  03 March 2015 
Source: Security Ledger - Posted by Anthony Pell   
Intrusion Detection Despite the demand and market pressure in the cyber security industry to get past “what” and point a finger at “who” is behind sophisticated hacks, the tools and techniques for doing so haven’t changed much in recent years.
Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox  03 March 2015 
Source: ThreatPost - Posted by Anthony Pell   
Vendors/Products Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however.
D-Link Routers Haunted by Remote Command Injection Bug -  03 March 2015 
Source: ThreatPost - Posted by Alex   
Hacks/Cracks Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks.
Bad movie: Hackers can raid networks with burnt Blu-Rays  02 March 2015 
Source: The Register UK - Posted by Alex   
Hacks/Cracks British hacker Stephen Tomkinson has found two Blu-Ray-borne attacks. His first exploit relies on a poor Java implementation in a product called PowerDVD from CyberLink. PowerDVD plays DVDs on PCs and creates menus using Java, but the way Oracle's code has been used allows naughty folk to circumvent Windows security controls.
Why Silicon Valley Hackers Still Won’t Work With the Military, and Vice Versa  02 March 2015 
Source: motherboard - Posted by Dave Wreski   
Security Projects In the fight to defend cyberspace from its enemies, the US military is rushing to hire as many skilled hackers as it can. But no one is really sure how to get the two cultures to coexist.
Linux Advisory Watch: February 27th, 2015  27 February 2015 
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system.
Hackers exploit router flaws in unusual pharming attack  27 February 2015 
Source: IT World - Posted by Anthony Pell   
Hacks/Cracks An email-based attack spotted in Brazil recently employed an unusual but potent technique to spy on a victim’s Web traffic.
Gemalto Confirms It Was Hacked But Insists the NSA Didn’t Get Its Crypto Keys  27 February 2015 
Source: Wired - Posted by Dave Wreski   
Cryptography Gemalto, the Dutch maker of billions of mobile phone SIM cards, confirmed this morning that it was the target of attacks in 2010 and 2011—attacks likely perpetrated by the NSA and British spy agency GCHQ. But even as the the company confirmed the hacks, it downplayed their significance, insisting that the attackers failed to get inside the network where cryptographic keys are stored that protect mobile communications.
DDoS Exploit Targets Open Source Rejetto HFS  27 February 2015 
Source: ThreatPost - Posted by Dave Wreski   
Hacks/Cracks Apparently no vulnerability is too small, no application too obscure, to escape a hacker’s notice. A honeypot run by Trustwave’s SpiderLabs research team recently snared an automated attack targeting users of the open source Rejetto HTTP File Server (Rejetto HFS).
Snowden: Spy Agencies ‘Screwed All of Us’ in Hacking Crypto Keys  26 February 2015 
Source: Wired - Posted by Dave Wreski   
Privacy NSA whistleblower Edward Snowden didn’t mince words during a Reddit Ask Me Anything session on Monday when he said the NSA and the British spy agency GCHQ had “screwed all of us” when it hacked into the Dutch firm Gemalto to steal cryptographic keys used in billions of mobile SIM cards worldwide.
Ramnit Botnet Shut Down  26 February 2015 
Source: ThreatPost - Posted by Dave Wreski   
Latest News The Ramnit botnet, a favorite among thieves dabbling in financial fraud for its frequent updates, has been shut down in a joint effort spearheaded by Europol’s European Cybercrime Centre (EC3).
Update: Superfish is the Real End of SSL  25 February 2015 
Source: Security Ledger - Posted by Dave Wreski   
Privacy In-brief: Outrage over Lenovo’s promotion of privacy busting adware continued to grow amid lawsuits and more spying revelations. The big question: is this the final – final straw for the beleaguered Secure Sockets Layer (SSL) technology? (Updated to add comment from Kevin Bocek of Venafi.)


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition


Yesterday's Edition
New FREAK Attack Threatens Many SSL Clients
Snowden willing to face trial in US, if it's fair
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.