Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: July 13th, 2009
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Does Google's OS decrease or increase security risks," "Why Security Pros Should Master Google," and "New Tool Exposes Stealthy Metasploit Hack."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: Googling Security: How Much Does Google Know About You - If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business – and what you can do to protect yourself.
A Secure Nagios Server - Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
Does Google's OS decrease or increase security risks? (Jul 9)
Wednesday's two big technology stories--Google's Chrome-based operating system and cyberattacks against U.S. and South Korean government Web sites are oddly related. The stories are connected because if Google does well at gaining market share for its browser, we could see fewer successful attacks. Or maybe we'll see more attacks.
Search Party: Why Security Pros Should Master Google (Jul 7)
One of the reasons security is fun and interesting is that it requires a constant upgrade of your skills and knowledge. Here is a skill that you may not have realized you need, but you need it: Become a master of Internet search.
I'm talking about understanding how to run very specific searches to find information leaks within your company and outside of it, whether intentional or accidental. Such leaks might come in the form of intentional, outright posting of sensitive information by ex-employees. Or they might be misconfigured or forgotten Web applications that weren't supposed to be publicly accessible.
New Trojan stealing FTP credentials, attacking FTP websites (Jul 7)
Security researchers have discovered a new Trojan that has harvested as many as 80,000 unique FTP server logins and is now beginning to target domains, injecting malicious scripts into compromised FTP sites.
Attackers have used a configuration error in the Xoops content management system to access the main web server of the CentOS project. According to Ralph Angenendt, system administrator at CentOS, no data has been injected into the system or stolen from it. He also stated that the server had not been used to send spam. As a precaution though, all users of the CMS will need to get a new password for the CMS through the Xoops lost password system.
How To Configure SSH Keys Authentication With PuTTY And Linux Server In 5 Quick Steps (Jul 6)
This tutorial explains how you can replace password-based SSH authentication with key-based authentication which is more secure because only the people that own the key can log in. In this example, we're using PuTTY as our SSH client on a Windows system.
PHP Security: Fortifying Your Website- Power Tips, Tools & How to's (Jul 6)
Though many programmers and developers may be implementing PHP in their websites, the issue of PHP security is often overlooked when building a site. Insecure coding is rather common in PHP due to the fact that it's such a forgiving language that will often "work" even when there are a few loose ends in the coding. These "loose ends" are what hackers are looking for, and in PHP, they're not that hard to find. The key is for you to find them first, and to leverage PHP's unique features to minimize your security vulnerability.
Researchers will release an open source tool at Black Hat USA that helps forensics investigators reconstruct attacks that use a popular Metasploit payload to covers its tracks.
