Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Squid and Digest Authentication - Digest AuthenticationDigest Authentication hashes the password before transmitting over the wire. Essentially it sends a message digest generated from multiple items including username, realm and nonce value. If you want to know more see (RFC 2617).

Squid and Basic Authentication - This is perhaps the easiest authentication helper to configure in Squid, but also the most insecure. The biggest problem with Basic is it transmits username and password in clear text, hence very susceptible to network sniffing or man in the middle type attacks. The only reason I'm writing about it is it's a valid authentication mechanism in some limited circumstances. Secondly I want to show you how authentication has evolved over the years.

  (Nov 30)
 

I don't like to keep people in suspense, so I'll start off with the surprise ending: Your password is not secure. Now that I've gotten your attention, we can talk about why that is (and what you can do to improve upon it).
  (Nov 28)
 

Good news for information security professionals: Expect salaries to increase by an average of 4.5% in 2012. Pay for chief security officers, meanwhile, is expected to increase by 3.9%.
  Exclusive: Millions of printers open to devastating hack attack (Nov 29)
 

Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire? Or use a hijacked printer as a copy machine for criminals, making it easy to commit identity theft or even take control of entire networks that would otherwise be secure?
  New Apache Reverse Proxy Issue Uncovered (Nov 28)
 

A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said.
  Android glitch allows hackers to bug phone calls (Dec 1)
 

Computer scientists have discovered a weakness in smartphones running Google's Android operating system that allows attackers to secretly record phone conversations, monitor geographic location data, and access other sensitive resources without permission.
  (Nov 30)
 

In late 2010, a team of Eastern European hackers began attacking the website of a Fortune 100 company. They employed what's known as an SQL injection, manipulating the online forms where visitors enter information. The hope was to trick the underlying database into spitting out valuable corporate data.
  Anonymous: 'We hacked cybercop's email' (Nov 28)
 

The Anonymous hacking collective's AntiSec group has launched a fresh assault on law enforcement agencies with the release of what they claim are personal emails stolen from a Californian cybercrime investigator.The cache of emails