Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Squid and Digest Authentication - Digest AuthenticationDigest Authentication hashes the password before transmitting over the wire. Essentially it sends a message digest generated from multiple items including username, realm and nonce value. If you want to know more see (RFC 2617).

Squid and Basic Authentication - This is perhaps the easiest authentication helper to configure in Squid, but also the most insecure. The biggest problem with Basic is it transmits username and password in clear text, hence very susceptible to network sniffing or man in the middle type attacks. The only reason I'm writing about it is it's a valid authentication mechanism in some limited circumstances. Secondly I want to show you how authentication has evolved over the years.

  Techniques for disguising hacker attacks (Dec 7)
 

There are methods for attacking networks that even cutting-edge security systems cannot detect, and Advanced Evasion Techniques (AETs) are one example.
  DNSCrypt: a tool to encrypt all DNS traffic (Dec 8)
 

DNS service provider OpenDNS has announced a preview release of a new open source tool to improve internet security: DNSCrypt encrypts all DNS traffic between a user's system and a DNS server. The tool is currently only available for the Mac, with a Windows version promised, and only works with OpenDNS's own DNS service.
  (Dec 6)
 

Significant attacks against major technology companies have underscored that, while good defenses can make it hard for an attacker to penetrate a network, a persistent attacker will find a way in.
  (Dec 6)
 

This year is already being called "The Year of the Hack," due to the unprecedented number of damaging attacks against major companies like Sony, RSA Security, Google (GOOG: 626.69, +1.04, +0.17%) and even the U.S. government. It's hard to remember a time when businesses faced as many online threats as they do today.
  When will we take back our privacy? (Dec 6)
 

Back in 1999, I remember being extremely agitated when Sun Microsystems CEO Scott McNealy said, "You have zero privacy anyway. Get over it!" regarding consumer privacy protections. "How arrogant is this guy?" I remember asking. Little did I know he was speaking the truth, albeit earlier than most of us wanted to hear it.
  Hacked Zuckerberg photos expose Facebook security flaw (Dec 7)
 

CALLS for improved security at Facebook could get some high profile backing after private pictures of the website's founder Mark Zuckerburg were hacked and made public.
  (Dec 6)
 

The attack that hacked RSA Security's network earlier this year succeeded because the company failed to take a basic security precaution, a researcher said Monday.
  Sourcefire blends firewall and intrusion prevention systems (Dec 5)
 

Sourcefire is moving into the firewall business, bringing its experience in intrusion prevention systems (IPS) such as Snort to offer a more context-aware platform that can better adapt to modern security threats than traditional firewalls, according to the firm.
  Top 10 Influential 2011: Sony's PSN hacking (Dec 5)
 

While the tag-teaming antics of LulzSec and Anonymous made many a security news headline during the last year, arguably the repeated hacking of Sony's PlayStationNetwork (PSN) and Qriocity services was the biggest hack, securing its place in the Top 10 Influential list for 2011.
  HP Hit With Lawsuit Over Flaming-Printer Hack (Dec 6)
 

Goldblatt is the lead plaintiff in a class action lawsuit, filed Thursday against HP in California, claiming that the IT giant should have warned customers about the flaws ahead of time.
  Hacker gets Ice Cream Sandwich onto Kindle Fire (Dec 8)
 

A hacker named Steven has posted a video of Ice Cream Sandwich running on the Kindle Fire, along with more information in the XDA Developers forums. The hack is incomplete, lacking support for audio, Wi-Fi, the accelerometer and the light sensor. Also, transitions look a bit choppy, but it's a start.
  Government Applications Still Riddled with Serious Security Flaws (Dec 9)
 

The US government sector is markedly worse than private industry at eliminating a range of common but serious flaws from software code, an analysis of real applications submitted for review to testing company Veracode has found.