Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: July 20th, 2009
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Latest DDoS attacks extremely unsophisticated," "11 Security Companies to Watch," and "Five of the biggest IPv6-based threats facing CIOs."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: Googling Security: How Much Does Google Know About You - If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business – and what you can do to protect yourself.
A Secure Nagios Server - Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
Clever attack exploits fully-patched Linux kernel (Jul 18)
A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews.
Latest DDoS attacks extremely unsophisticated, experts say (Jul 16)
The latest distributed denial-of-service (DDoS) attacks that have wrangled some U.S. and South Korean government websites appear to be the work of a relatively unsophisticated attacker and not the actions of a state sponsored professional, according to experts analyzing the traffic from the botnet behind the attacks.
First Zero-Day Exploit Released For Firefox 3.5 (Jul 16)
The race is on: Mozilla is scrambling to finish a patch for a now-public bug in its Firefox 3.5 browser, while exploit code is circulating and Metasploit has released a new module for the attack.
In spite of the headwinds from a stormy economy, these start-up companies are down the runway and taking off with innovative products and services for IT security. On their radar can be found a focus on botnet and malware detection as well as mobile and virtualization security.
Researchers To Release Tool That Silently Hijacks EV SSL Sessions (Jul 14)
If you think you're safe from man-in-the-middle (MITM) attacks as long as you're visiting an Extended Validation SSL (EV SSL) site, then think again: Researchers will release a new tool at Black Hat USA later this month that lets an attacker hack into a user's session on an EV SSL-secured site.
UK, not North Korea, source of DDOS attacks, researcher says (Jul 14)
Here's another perspective on the attacks against US government institutions. Do you believe it was North Korea, from the UK, or elsewhere? Perhaps not by some organized effort at all?The U.K. was the likely source of a series of attacks last week that took down popular Web sites in the U.S. and South Korea, according to an analysis performed by a Vietnamese computer security analyst.
File this one under "Government Security" -- a nice and succinct article about the recent attacks against US government institutions, and what the US is battling.North Korea celebrated America's Fourth of July by launching a wide-ranging cyber assault on websites in South Korea and the U.S., including that of the Treasury Department and Secret Service. The attack is not only a significant escalation by the DPRK, but a demonstration of how the U.S. remains vulnerable to a covert operation by a rogue state or terrorists that can be as devastating as a WMD attack.
What will Google's Chrome OS watch you do? (Jul 13)
Google has a long history of tracking user activity, and the introduction of its Chrome operating system later this year is sure to follow suit. While we know that it's being built off of Linux, one big thing we don't know is how its terms of service will differ from those found in other Google products, and what kinds of user data it will be collecting. Based on the company's track record of watching and monetizing user data, it could be anything from which applications you're using, to all the information that's coming in and out of your computer.
Five of the biggest IPv6-based threats facing CIOs (Jul 13)
The IETF has identified many security threats related to IPv6, the long-anticipated upgrade to the Internet's main communications protocol. Security concerns around IPv6 deployment are real, although the number of IPv6-based attacks remains small.
