Linux Security Week: May 31st, 2011

Ls Default Copy 1

Anthony Pell

2 - 4 min read May 31, 2011

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

sec-wall: Open Source Security Proxy - sec-wall, a recently released security proxy is a one-stop place for everything related to securing HTTP/HTTPS traffic. Designed as a pragmatic solution to the question of securing servers using SSL/TLS certificates, WS-Security, HTTP Basic/Digest Auth, custom HTTP headers, XPath expressions with an option of modifying HTTP headers and URLs on the fly.

Book Review: Linux Kernel Programming - As Linux is implemented on increasingly wider number of devices, the number of people responsible for developing and maintaining Linux on those platforms have increased. As the level of maturity of the kernel increases, so does the complexity, capabilities, and size. This book provides the Linux programmer the tools necessary to understand the core aspects of the kernel and how to interface with it.


	Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
	Email accounts hacked in 15 minutes (May 27)
	A recently posted video on YouTube teaches viewer's how to hack into someone's email account in just 15 minutes. The video showed a group of volunteers follow an online "man in the middle technique" tutorial. It showed them learn in just fifteen minutes how to hack into a computer network. It went on to show them using the technique to obtain each other's login details and passwords.
	Make your mark by stopping hackers (May 24)
	I remember being excited when I was asked to use a sledgehammer to tear down a covered garage that wasn't approved by the city. It had been standing beside my girlfriend's house for years. You could tell it was built intelligently and with love. The supporting beams were twice as thick as required by code, and every nail and screw was driven straight. The lumber itself was top shelf, not a knot or bend in it.
	Apache Updates HTTP Web Server for Security and the Future (May 25)
	The Apache HTTP Server powers the majority of web servers around the world. As such, when there is a security flaw, it's critical to fix it as quickly as possible.
	Fedora 15 Boosts Linux Security (May 25)
	As the starting point for many IT perimeter defense architectures, the firewall is a critical piece of security technology. In the upcoming, Fedora 15 Linux distribution release, a new dynamic firewall technology will help to improve the critical cornerstone technology for server and desktop users.
	Apple standard procedures won't work with security (May 27)
	On May 24, Apple posted a support forum entry on how to avoid or remove the MacDefender malware that's been plaguing an unknown number of users since early May. And I'm glad they did. But the support forum is way overdue, and Apple's standard method of responding to user issues--ignore them until they won't go away and then issue a response when the outcry gets too loud--simply won't fly where user security is at stake.
	Student collects 15 million Gmail addresses (May 27)
	In his blog, a student from the University of Amsterdam reports that he gathered around 15 million Gmail addresses from Google user profiles within a month. Matthijs Koot analysed just under 35 million profile links from Google's profile site map, which is easily accessible on the company's servers.
	(May 24)
	Just a couple of weeks after the source code for the Zeus crimeware kit turned up on the Web, the Black Hole exploit kit now appears to be available for download for free, as well. Black Hole normally sells for $1,500 for an annual license, and is one of the more powerful attack toolkits on the market right now.
	Linkedin SSL vulnerability leaves accounts open to hacking (May 23)
	AN INDEPENDENT insecurity researcher says there are multiple security vulnerabilities in the business social network Linkedin, due to the way it handles and transmits cookies over SSL.
	(May 27)
	From the 'You Can Teach an Old Dog New Tricks' files: With all the excitementaround Red Hat Enterprise Linux 6.1 last week, it's important to remember that most RHEL users are still likely on RHEL 5.
	(May 27)
	Decryption is difficult and computationally expensive. So what if, instead of decrypting the content of a message, you found a correlation between the encrypted data and its meaning

LinuxSecurity Poll

Why do you use a VPN on Linux?

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved