Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

What You Need to Know About Linux Rootkits - Rootkits are a way attackers hide their tracks and keep access to the machines they control. The good rootkits are very hard to detect and remove. They can be running on ones computer and no one can even know they have been running. Read more to learn how to detect them on your system.

Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition - Mark Sobell again delivers the answers to common Linux administration challenges, and provides thorough and step-by-step instructions to configuring many of the common Linux Internet services in A Practical Guide to Fedora and Red Hat Enterprise Linux, Fifth Edition.

Return of the BIOS trojans (Sep 13)

Chinese AV vendor 360 has discovered a virus in the wild that makes its home in a computer's BIOS, where it remains hidden from conventional virus scanners. The contaminant, called Mebromi, first checks to see whether the victim's computer uses an Award BIOS. If so, it uses the CBROM command-line tool to hook its extension into the BIOS.
Apache Releases Version 2.2.21 With New Fix For Range Header Flaw (Sep 14)

Two weeks after releasing a fix for the range-header denial-of-service flaw that was much-discussed on security forums and mailing lists, the Apache Software Foundation has pushed out another version of its popular Web server that includes a further fix for the same flaw.
Case study: Using remote access securely (Sep 14)

A data-breach-investigations report issued by Verizon earlier this year found 71 percent of all hacking attacks on business take place using remote access or desktop service.
(Sep 14)

A well-maintained secure operating system, like Linux, can be safe. But, that doesn't mean that a Website built on top of it is necessarily safe. The Linux Foundation has found out the hard way. The Linux Foundation's main site, and related sites such as Linux.com are still down after a break-in was discovered on September 8th.
Iran blocks Tor; Tor releases same-day fix (Sep 15)

The short version: Tor relays and bridges should upgrade to Tor 0.2.2.33 or Tor 0.2.3.4-alpha so users in Iran can reach them again.
BitTorrent announces breach of its uTorrent systems (Sep 14)

Popular P2P file sharing company said its systems were breached Tuesday, enabling an attacker to replace its uTorrent client download with scareware.
(Sep 13)

For too many of us, passwords are annoying obstacles rather than valuable tools meant to keep our business (and back accounts) private. You may find yourself sticking with the same small number of passwords for every site, which means that you're only as secure as the least secure site you visit. Here are some tips to boost your online security:
(Sep 11)

Hackers broke anew into the online home of the Linux operating system last week, prompting administrators of the Linux Foundation to temporarily take their websites offline.
Hacker Rattles Security Circles (Sep 11)

He claims to be 21 years old, a student of software engineering in Tehran who reveres Ayatollah Ali Khamenei and despises dissidents in his country.
(Sep 15)

Search engines and internet service providers (ISPs) could be forced to make it harder for users to access copyright infringing content online under new UK communications laws, the Culture Secretary has said.
Hacker group draws increased scrutiny from feds (Sep 11)

Anonymous is not so anonymous anymore. The computer hackers, chat room denizens and young people who comprise the loosely affiliated Internet collective have increasingly turned to questionable tactics, drawing the attention of the FBI, the Department of Homeland Security and other federal investigators.
(Sep 13)

LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.