Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

(Jan 11)

The annual Consumer Electronics Show (CES) event is always a fun place to learn about the latest new gadgets coming down the pike, but--aside from Google's ubiquitous Android platform--Linux has not typically played a starring role.
(Jan 11)

The headline occurs almost every day lately -- a large enterprise or government agency loses a huge cache of data through the actions of an employee. Whether it's a malicious theft and posting, a la WikiLeaks, or an unintentional compromise of sensitive business information, the affected organization is put in a position of serious risk.
Wireshark 1.4.x and 1.6.x updates close security holes (Jan 12)

Versions 1.4.11 and 1.6.5 of the open source Wireshark network protocol analyser have been released, fixing bugs and closing holes found in the previous builds. The maintenance and security updates to the cross-platform tool fix several vulnerabilities that could be exploited by an attacker to cause a denial-of-service (DoS) or compromise a victim's system.
(Jan 9)

The hackers behind the year-end attack on the security consulting firm Stratfor have struck again, although this time it appears they are just out for a few laughs.
Use An iPhone? Yup, The Government Tracks That (Jan 10)

Last week, an Indian hacker crew successfully broke into a secured Indian military government network. The group, the Lords of Dharmaraja, posted documents that infer Apple, Nokia, and Research In Motion gave the Indian government backdoor access to their devices in exchange for mobile phone market rights.
Reddit Founder, DNS Hacker And Other SOPA Critics Will Address Congress In Hearing (Jan 10)

Opponents of the Stop Online Piracy Act, the bill that threatens to block large swathes of foreign websites for alleged copyright infringement, have complained that Congress has yet to hear their voice. In the initial hearing and markup of the bill in Congress, the only outside critic of the bill invited as a witness was Google, whose opposition to the act was largely dismissed as an isolated exception.
(Jan 9)

It's 2012. The password is dead. Long live the password. Perhaps the division in the IT world is not quite that stark, but there is indeed division. Some think it is past time to retire passwords, for what they say is the obvious reason: They don't protect users, since they are so easily hacked.
Symantec Source Code Scattered to the Winds (Jan 9)

Hackers have posted the source code for two Symantec security products, claiming they obtained the information from systems belonging to Indian military intelligence. The products affected are four and five years old, Symantec said. "If the source code from product released in the past three or four years was compromised, I'd be pretty concerned," said security consultant Randy Abrams.
German cops hacked in revenge for dad spying on daughter (Jan 10)

An infiltration of a German federal security system last year has been traced back to a botched attempt by an unnamed security official to use a Trojan to monitor his daughter's internet usage, Der Spiegel reports.
(Jan 11)

Anonymous has struck the websites of two anti-piracy organizations, a day after Finnish ISP Elisa blocked access to The Pirate Bay search engine in response to an injunction requested by one of the organizations.
Judge bans stolen student sex pics sharing on BitTorrent (Jan 12)

Conservative MP Louise Mensch has welcomed a landmark ruling in an internet bullying case as an advance for individual liberty. The case involved an anonymous student, known for the purposes of the case as "AMP", whose photographs were distributed by P2P software after her mobile phone was lost or stolen.
(Jan 12)

The more things change, the more they stay the same. That pretty much sums up the information security landscape for small and midsize businesses (SMBs) in the year ahead, according to the head of Blue Coat Security's research lab.