Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Using the sec-wall Security Proxy - This article full of examples will show you various ways to test services secured using sec-wall, a feature-packed high performance security proxy. We'll be using cURL, a popular Linux command line tool and PycURL - a Python interface to cURL. As of version 1.0, sec-wall supports HTTP Basic auth, digest auth, custom HTTP headers, XPath-based authentication, WS-Security & SSL/TLS client certificates and each of the options is being shown below.

sec-wall: Open Source Security Proxy - sec-wall, a recently released security proxy is a one-stop place for everything related to securing HTTP/HTTPS traffic. Designed as a pragmatic solution to the question of securing servers using SSL/TLS certificates, WS-Security, HTTP Basic/Digest Auth, custom HTTP headers, XPath expressions with an option of modifying HTTP headers and URLs on the fly.

2011 CWE/SANS Top 25 Most Dangerous Software Errors (Jul 1)

The 2011 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
Keyboard Anarchists (Jul 1)

For months we've been reading about hacker groups like Lulz Security who reportedly have no agenda other than to create mayhem and laugh-snort at their own clever online exploits.
(Jul 1)

Security Manager 1.5 is a revamped version of Greenbone's security appliance; it is now able to test devices on IPv6 networks for vulnerabilities and pass its findings to Sourcefire's intrusion detection and prevention systems.
(Jun 27)

On Saturday, Lulz Security announced what would be their final release, indicating that the group of six (according to the release) would disband.
Ubuntu Linux, Day 24: More Secure By Default (Jun 27)

As I have gone through the 30 Days With Ubuntu Linux experience--and especially the past couple days as I have toyed with Wine and trying to get Windows software to run within Ubuntu--I have seen ample evidence of the security features of the OS. Simply put, Ubuntu Linux (and, I assume, Linux in general) is more secure by default.
(Jun 29)

The hacking group Lulz Security ended its 50-day reign of terror this weekend, but law enforcement's hunt for its members will go on. Last week, FBI agents raided an Iowa woman's home because of her connections to the group.
(Jun 28)

When the Electronic Frontier Foundation's John Perry Barlow tweeted last December, "The first serious infowar is now engaged. The field of battle is WikiLeaks. You are the troops," many in the mainstream media rolled their eyes and dismissed his words as hacker hyperbole.
FBI raids homes of two alleged hackers (Jul 1)

The FBI searched two US residences in the past week as part of its probe into alleged hacking by members of a now-defunct group known as Lulz Security.
(Jun 30)

Robert Morris, a cryptographer who helped developed the Unix computer operating system, which controls an increasing number of the world's computers and touches almost every aspect of modern life, died on Sunday in Lebanon, N.H. He was 78.
(Jun 28)

Many of the highest-profile computer hacking attacks of the past year took advantage of common, well-known software flaws and could have been prevented with a solid testing and review process, according to an analysis supported by the US Department of Homeland Security.
(Jun 30)

Sony CEO Howard Stringer told shareholders that his company was the target of hacker attacks in April "because we tried to protect our IP (intellectual property), our content, in this case videogames."
LulzSec Successors Press On, Hitting Viacom, AZ (Jul 1)

Less than a week after hactivist group LulzSec called it quits, a hacker group to which its members migrated mounted separate attacks on Viacom and Vivendi SA's Universal Music Group as well as on a previous LulzSec target, the Arizona Department of Public Safety (DPS).