|
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas
|
Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system. |
|
|
Source: Network World - Posted by Alex
|
Encryption keys on smartphones can be stolen via a technique using radio waves, says one of the world's foremost crypto experts, Paul Kocher, whose firm Cryptography Research will demonstrate the hacking stunt with several types of smartphones at the upcoming RSA Conference in San Francisco next month. |
|
|
Source: The Register UK - Posted by Anthony Pell
|
Senior judges have set a timetable to speed up resolution in the long-running Gary McKinnon extradition case, effectively setting a deadline for the Home Office to respond to evidence that McKinnon is too infirm to withstand the stress of a US trial and likely imprisonment over alleged Pentagon hacking offences. |
|
|
Source: H Security - Posted by Anthony Pell
|
Just over fourteen months since its first release as an Apache top-level project, the Apache Shiro developers have released version 1.2.0, the first major update to the Shiro application security framework. |
|
|
Source: Infosecurity US - Posted by Dave Wreski
|
Hackers have increased their firepower by 30% when they go after websites, according to Imperva’s second Web Application Attack Report (WAAR). |
|
|
Source: WebPro News - Posted by Dave Wreski
|
Hacker attacks are increasing and Web sites need new defenses to protect their data. That’s where Mykonos comes in, a security company that protects Web sites from attacks by wasting a hacker’s time instead of using an easily breakable wall. |
|
|
Source: Dark Reading - Posted by Anthony Pell
|
The hazards of early DNSSEC adoption: A misconfiguration in NASA’s Domain Name System Security Extensions (DNSSEC) implementation on its website caused Comcast’s network to block users from the site last week.
|
|
|
Source: Dark Reading - Posted by Alex
|
Hacktivists have added a new tactic to their arsenal: redirecting all of the traffic from a target company's website. |
|
|
Source: Network World - Posted by Dave Wreski
|
Google has whipped up a privacy brouhaha with a blog post announcing that the company is rewriting its privacy policy , consolidating user information across its services. |
|
|
Source: Tech World - Posted by Dave Wreski
|
Teleconferencing vendors say they're trying to strike the right balance between security and usability after security researchers found they could dial in to the conference lines of major companies and manipulate video cameras to spy on boardrooms. |
|
|
Source: Wired - Posted by Alex
|
Hackers attacked computers at an an unidentified railway company, disrupting railway signals for two days in December, according to a government memo obtained by Nextgov. |
|
|
Source: Network World - Posted by Alex
|
Google will be able to combine data from several Google services when a Google Accounts user is signed in, as part of a rewritten set of privacy policies that the company announced on Tuesday.
|
|
|
Source: H Security - Posted by Dave Wreski
|
An O2 user, Lewis Peckover, found that the mobile phone company has been adding the phone number of any subscriber using its mobile network to the HTTP headers of web requests. The header, x-up-calling-line-id, appears to be inserted by the transparent proxies that O2 uses so it can downgrade images and insert JavaScript into the returned HTML. |
|
|
Source: PC Advisor - Posted by Dave Wreski
|
Linux vendors are rushing to patch a privilege escalation vulnerability in the Linux kernel that can be exploited by local attackers to gain root access on the system. |
|