LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: December 12th, 2011 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Squid and Digest Authentication - Digest AuthenticationDigest Authentication hashes the password before transmitting over the wire. Essentially it sends a message digest generated from multiple items including username, realm and nonce value. If you want to know more see (RFC 2617).

Squid and Basic Authentication - This is perhaps the easiest authentication helper to configure in Squid, but also the most insecure. The biggest problem with Basic is it transmits username and password in clear text, hence very susceptible to network sniffing or man in the middle type attacks. The only reason I'm writing about it is it's a valid authentication mechanism in some limited circumstances. Secondly I want to show you how authentication has evolved over the years.


  Techniques for disguising hacker attacks (Dec 7)
 

There are methods for attacking networks that even cutting-edge security systems cannot detect, and Advanced Evasion Techniques (AETs) are one example.

  DNSCrypt: a tool to encrypt all DNS traffic (Dec 8)
 

DNS service provider OpenDNS has announced a preview release of a new open source tool to improve internet security: DNSCrypt encrypts all DNS traffic between a user's system and a DNS server. The tool is currently only available for the Mac, with a Windows version promised, and only works with OpenDNS's own DNS service.

  Best Ways To Detect Advanced Threats Once They Invade (Dec 6)
 

Significant attacks against major technology companies have underscored that, while good defenses can make it hard for an attacker to penetrate a network, a persistent attacker will find a way in.

  Top Hacker Disasters of 2011 (Dec 6)
 

This year is already being called "The Year of the Hack," due to the unprecedented number of damaging attacks against major companies like Sony, RSA Security, Google (GOOG: 626.69, +1.04, +0.17%) and even the U.S. government. It's hard to remember a time when businesses faced as many online threats as they do today.

  When will we take back our privacy? (Dec 6)
 

Back in 1999, I remember being extremely agitated when Sun Microsystems CEO Scott McNealy said, "You have zero privacy anyway. Get over it!" regarding consumer privacy protections. "How arrogant is this guy?" I remember asking. Little did I know he was speaking the truth, albeit earlier than most of us wanted to hear it.

  Hacked Zuckerberg photos expose Facebook security flaw (Dec 7)
 

CALLS for improved security at Facebook could get some high profile backing after private pictures of the website's founder Mark Zuckerburg were hacked and made public.

  RSA security lapse led to March hack, says researcher (Dec 6)
 

The attack that hacked RSA Security's network earlier this year succeeded because the company failed to take a basic security precaution, a researcher said Monday.

  Sourcefire blends firewall and intrusion prevention systems (Dec 5)
 

Sourcefire is moving into the firewall business, bringing its experience in intrusion prevention systems (IPS) such as Snort to offer a more context-aware platform that can better adapt to modern security threats than traditional firewalls, according to the firm.

  Top 10 Influential 2011: Sony's PSN hacking (Dec 5)
 

While the tag-teaming antics of LulzSec and Anonymous made many a security news headline during the last year, arguably the repeated hacking of Sony's PlayStationNetwork (PSN) and Qriocity services was the biggest hack, securing its place in the Top 10 Influential list for 2011.

  HP Hit With Lawsuit Over Flaming-Printer Hack (Dec 6)
 

Goldblatt is the lead plaintiff in a class action lawsuit, filed Thursday against HP in California, claiming that the IT giant should have warned customers about the flaws ahead of time.

  Hacker gets Ice Cream Sandwich onto Kindle Fire (Dec 8)
 

A hacker named Steven has posted a video of Ice Cream Sandwich running on the Kindle Fire, along with more information in the XDA Developers forums. The hack is incomplete, lacking support for audio, Wi-Fi, the accelerometer and the light sensor. Also, transitions look a bit choppy, but it's a start.

  Government Applications Still Riddled with Serious Security Flaws (Dec 9)
 

The US government sector is markedly worse than private industry at eliminating a range of common but serious flaws from software code, an analysis of real applications submitted for review to testing company Veracode has found.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.