Linux Security Week: November 1st, 2011

Ls Default Copy 1

Anthony Pell

2 - 4 min read Nov 01, 2011

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Free Online security course (LearnSIA) - A Call for Help - The Survivability and Information Assurance (SIA) course was originally developed by a team at Carnegie Mellon, led by Lawrence Rogers (/about/divisions/cert/index.cfm). Back in 2010, I requested a license to continue the development of the course because it provides useful information on Information Assurance. Also, this course will always be freely available for anyone to use in the classroom or self-study. There are three parts to the LearnSIA curriculum.

What You Need to Know About Linux Rootkits - Rootkits are a way attackers hide their tracks and keep access to the machines they control. The good rootkits are very hard to detect and remove. They can be running on ones computer and no one can even know they have been running. Read more to learn how to detect them on your system.

	(Oct 26)
	Security researchers at ESET and Sophos have discovered that hackers have gone out of their way to port an old Linux backdoor Trojan to the Apple Mac OS X platform, extending their reach of computers that they can use as part of their botnets.
	Stupid hacker tricks: Exploits gone bad (Oct 24)
	If the Internet is the new Wild West, then hackers are the wanted outlaws of our time. And like the gun-slinging bad boys before them, all it takes is one wrong move to land them in jail.
	Double Security Whammy, No Patches: Killer SSL DDoS Attack, XML Encryption Broken (Oct 25)
	The Germans have wreaked all kinds of mass destruction on the security forefront. The hacking group "The Hacker's Choice" released a new THC-SSL-DOS tool that allows a single laptop's DSL connection to take down a server. Other German researchers found a flaw and broke the W3C standard with a serious attack against XML Encryption that works in all cases, including against Microsoft, IBM, Red Hat, Apache and other XLM framework providers.
	Metasploit For The Masses (Oct 24)
	Two years after Rapid7 acquired the Metasploit Project, the company has rolled out a free and more user-friendly version of the open-source tool that is aimed at less technical users.
	The answer to the BYOD question is Virtualization. (Oct 28)
	Virtualization seems to be everyone's answer to every problem. For BYOD, it might just be the answer to stressed budgets and user happiness.
	Hackers could have TAKEN OVER Amazon Web Services (Oct 27)
	Security researchers have unearthed a flaw in Amazon Web Services that created a possible mechanism for hackers to take over control of cloud-based systems and run administrative tasks.
	(Oct 25)
	The hackers who defaced police department websites in Boston and Alabama did so in support of the Occupy Boston movement, and to protest the Boston Police for what they perceive as unprovoked violence against demonstrators. There's another, decidedly less righteous reason behind their attacks, however: they were bored.
	Authentication With Hardware (Oct 27)
	Here are some thoughts about providing users and businesses ways for a website to authenticate a user all the way to the hardware connection to his computer or mobile device.
	Skype security flaw allows location tracking (Oct 25)
	A glaring security flaw's been uncovered in Skype and other VoIP systems, potentially allowing hackers to access users' identities, locations and even files.
	Hackers Release DoS Attack Tool Targeting SSL Servers (Oct 26)
	A hacker group has released a proof-of-concept tool that exploits how encryption keys can be renegotiated to launch a distributed denial of service attack against Secure Sockets Layer servers.
	Hackers devise attack vs secure servers (Oct 26)
	What good are secure servers if they can get kicked off the Internet?This is the premise of a new distributed denial-of-service (DDos) tool released by a German hacker group, targeting servers using secure sockets layer (SSL).
	XML Encryption Flaw Leaves Web Services Vulnerable (Oct 25)
	Watch your Web Services: the official XML Encryption Syntax and Processing standard can be broken.So say two researchers from Ruhr-University Bochum in Germany, who have demonstrated a practical attack against XML's cipher block chaining (CBC) mode.

LinuxSecurity Poll

Why do you use a VPN on Linux?

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved