Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: September 8th, 2009
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Ten Linux commands you can't live without," "One-minute WiFi crack puts further pressure on WPA," and "Encrypted Is Not A Boolean Variable."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: Googling Security: How Much Does Google Know About You - If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business – and what you can do to protect yourself.
A Secure Nagios Server - Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
"To be a good administrator, you have to know the command line. Why? Well, with Windows there are times when the command line is the only thing that can save your skin. With Linux, the command line is vast, reliable, flexible, fast … I could go on and on.
And of the 2119 possible commands from the /usr/bin directory (in Mandriva Spring 2008) and the 388 possible commands from /usr/sbin/, a few are indispensable."
HelpNetSecurity writes, "According to the August edition of the MessageLabs Intelligence monthly report, it can be a costly exercise for the bad guys to produce new families of malware in order to maintain their criminal activity at sufficient levels. Registering new domains is much more economical for them, and by spreading the malware across as many different websites and domains as possible, the longevity of each new malware is increased."
A hacker has discovered a critical vulnerability in open-source firmware available for wireless routers made by Linksys and other manufacturers that allows attackers to remotely penetrate the device and take full control of it.
Network security firm Check Point today launched a new version of its consumer security suite designed specifically to meet the increasingly sophisticated security needs of small and home business users.
One-minute WiFi crack puts further pressure on WPA (Sep 1)
Researchers have come a step closer to breaking open a common WiFi encryption scheme. An attacker can now read and falsify short packets in the common TKIP version of WiFi Protected Access (WPA) encryption in about one minute--a huge speed increase from the previously-required 12-15 minutes.
Apple unveiled the latest update to its Mac OS X operating system on Friday, an early release that caught many software makers, including some significant security vendors, behind in their development schedule.
Game server admins arrested for Chinese DNS attacks (Sep 1)
A denial of service attack that took down Internet access in parts of China earlier this year has been attributed to an over-enthusiastic game provider trying to take down rivals. Police in Foshan, a city in Guangdong, have announced that they arrested four individuals for the attack, noting that they would go to trial sometime in the mysterious future.
The release on Friday of Apple's Mac OS X 10.6, known as "Snow Leopard," has elicited criticism from security companies, which may have business to lose if Apple's latest operating system reduces interest in third-party security software.
Court rules Google must reveal journalists' IP addresses (Aug 31)
According to WikiLeaks, this civil action "issued by the Superior Court, County of Santa Clara, as part of a 'libel tourism' action taken by non-US property developers, demands detailed information about the operators of 'tcijournal @ gmail.com.' The account is the main email address of the TCI Journal, the most influential journal covering the Turks & Caicos Islands.
Nice comment from the Bitarmor folks on how the media and others think of "encryption" and that it's often equated with "secure" and "insecure".Let's face it, encryption is a new thing, and you have to keep things simple so people can understand it.
But it frustrates me that most of the talk about encryption technology, law, policy, compliance, etc is always in terms of "encrypted" vs "unencrypted". Yeah, all your data should be encrypted. But that's the beginning of the discussion, not the end. Encryption is easy. Protecting data is hard.
This is a short overview of what happened on Friday August 28 2009 to the apache.org services. A more detailed post will come at a later time after we complete the audit of all machines involved.
On August 27th, starting at about 18:00 UTC an account used for automated backups for the ApacheCon website hosted on a 3rd party hosting provider was used to upload files to minotaur.apache.org. The account was accessed using SSH key authentication from this host.
