LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: December 5th, 2011 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Squid and Digest Authentication - Digest AuthenticationDigest Authentication hashes the password before transmitting over the wire. Essentially it sends a message digest generated from multiple items including username, realm and nonce value. If you want to know more see (RFC 2617).

Squid and Basic Authentication - This is perhaps the easiest authentication helper to configure in Squid, but also the most insecure. The biggest problem with Basic is it transmits username and password in clear text, hence very susceptible to network sniffing or man in the middle type attacks. The only reason I'm writing about it is it's a valid authentication mechanism in some limited circumstances. Secondly I want to show you how authentication has evolved over the years.


  Why Password Wisdom Is All Wrong (Nov 30)
 

I don't like to keep people in suspense, so I'll start off with the surprise ending: Your password is not secure. Now that I've gotten your attention, we can talk about why that is (and what you can do to improve upon it).

  Best Paying IT Security Jobs In 2012 (Nov 28)
 

Good news for information security professionals: Expect salaries to increase by an average of 4.5% in 2012. Pay for chief security officers, meanwhile, is expected to increase by 3.9%.

  Exclusive: Millions of printers open to devastating hack attack (Nov 29)
 

Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire? Or use a hijacked printer as a copy machine for criminals, making it easy to commit identity theft or even take control of entire networks that would otherwise be secure?

  New Apache Reverse Proxy Issue Uncovered (Nov 28)
 

A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said.

  Android glitch allows hackers to bug phone calls (Dec 1)
 

Computer scientists have discovered a weakness in smartphones running Google's Android operating system that allows attackers to secretly record phone conversations, monitor geographic location data, and access other sensitive resources without permission.

  Hackers getting hacked by security firms (Nov 30)
 

In late 2010, a team of Eastern European hackers began attacking the website of a Fortune 100 company. They employed what's known as an SQL injection, manipulating the online forms where visitors enter information. The hope was to trick the underlying database into spitting out valuable corporate data.

  Anonymous: 'We hacked cybercop's email' (Nov 28)
 

The Anonymous hacking collective's AntiSec group has launched a fresh assault on law enforcement agencies with the release of what they claim are personal emails stolen from a Californian cybercrime investigator.The cache of emails – which according to AntiSec are from the account of Fred Baclagan, a retired special agent supervisor of the Californian Department of Justice – includes 30,000 emails detailing various computer forensic techniques and cybercrime investigation protocols.The hacktivists claim to have hacked into Baclagan's Gmail account and to have accessed his voicemails and SMS message logs using unspecified techniques as part of their ongoing campaign against law enforcement officials and their "allies" in the computer security industry.

  The Pest Who Shames Companies Into Fixing Security Flaws (Nov 30)
 

Every Christopher Soghoian production follows a similar pattern, a series of orchestrated events that lead to the public shaming of a large entity--Google, Facebook, the federal government--over transgressions that the 30-year-old technologist sees as unacceptable violations of privacy. Sometimes he discovers these security flaws by accident, other times because someone has pissed him off, but mostly because he's parked at his computer all day looking for security flaws.

  Hackers target IPv6 (Nov 28)
 

If your IPv6 strategy is to delay implementation as long as you can, you still must address IPv6 security concerns right now. If you plan to deploy IPv6 in a dual-stack configuration with IPv4, you're still not off the hook when it comes to security. And if you think you can simply turn off IPv6, that's not going to fly either.

  HP laser printer hack raises concern, millions vulnerable (Nov 30)
 

Researchers from Columbia University have demonstrated a security flaw found in, but perhaps not limited to, HP printers which can actually lead to fires. The exploit allows hackers to reprogram printers with custom firmware, giving the attacker full control of printer functions. As a result, the hacker can continually heat a laser printer's fuser until paper begins to burn, MSNBC reports.

  Hacking linked to Northern Ireland (Nov 29)
 

POLICE have told Britain's former Northern Ireland secretary Peter Hain they are investigating evidence that his computer may have been hacked by private detectives working for News International.Senior Northern Ireland civil servants and intelligence agents may also have been hacked, they said.

  Bruce Schneier Awarded Honorary Degree From Westminster University (Nov 28)
 

Security technology expert Bruce Schneier has been awarded an honorary degree from the University of Westminster. The Doctor of Science award from the university's School of Electronics and Computer Science was given in recognition for Schneier's 'hard work and contribution to industry and public life'.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How to weed out the next Heartbleed bug: ENISA details crypto worries
Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign
Finally, a New Clue to Solve the CIA’s Mysterious Kryptos Sculpture
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.