Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

(Jan 31)

Last July, a hacker broke into Yellowstone County, Mont.'s website, prompting the county to disable the site. In September 2011, two men with alleged ties to the online activist group Anonymous were indicted for hacking into Santa Cruz County, Calif., computers in December 2010, causing the county website to go offline.
Hacker's Demo Shows How Easily Credit Cards Can Be Read Through Clothes And Wallets (Jan 30)

Pull out your credit card and flip it over. If the back is marked with the words "PayPass," "Blink," that triangle of nested arcs that serves as the universal symbol for wireless data or a few other obscure icons, Kristin Paget says it's vulnerable to an uber-stealthy form of pickpocketing.
(Jan 30)

There are few things in life more exciting than a new system update for your favorite Linux distribution. Often, system updates can bring performance enhancements or simply address problematic security issues. These updates are generally considered a good thing. But when it comes to installing kernel updates, there are some critical factors that must be considered.
(Jan 30)

A recent Linux Foundation survey shows that open-source technology is poised for continued growth among new and existing users for a variety of reasons, including lower total cost of ownership, technical features and security. The survey, released in January, is entitled "Linux Adoption Trends 2012: A Survey of Enterprise End Users," and is co-written by the Linux Foundation and the Yeoman Technology Group.
Wanted: Ethical hackers (Jan 30)

Recently, the website of Ankit Fadia, a well-known ethical hacker, was hacked by another group that goes by the name Team Grey Hat (TGH). The "hactivist" group entered Ankit Fadia's official site and exposed his credentials, including sensitive data, student details, database credentials (like name, user name & password).
(Feb 1)

Sweden's Supreme Court on Wednesday upheld the prison sentences of the four founders of The Pirate Bay, the notorious file-sharing service on Hollywood's and the recording industry's most-hated list.
4 Ways to Prevent Domain Name Hijacking (Feb 2)

On the night of Monday, January 23, the hacktivist group UGNazi hijacked Coach.com, the Internet domain name of luxury goods manufacturer Coach. For several hours, fashionistas who wanted to ogle Coach's new Willis handbag on Coach.com or get a deal on its Penelope shoulder bag at Coachfactory.com were redirected to UGNazi's cryptic website.
Hacking Made Easy (Feb 2)

I am honoured to have been invited back to present at the prestigious e-Crime Congress to be held in London, March this year. However it caused a flash-back to the last occasion I presented at Congress in 2009, when things seemed to be very different.
(Feb 3)

A member of the computer hacking group Anonymous has hacked into a telephone conference between the FBI and Scotland Yard and posted it on the internet.
RFID Credit Cards Are Easy Prey for Hackers (Feb 2)

It's been known for some time that there are security issues associated with the increasing use of RFID tags in credit cards, but this past weekend afforded a fresh demonstration of just how easy it is for hackers to take advantage of them.
(Feb 3)

In a world that is constantly connected, it seems these days you are never alone, whether you know it or not. "People are online around the clock," said computer expert Jake DeWoskin. DeWoskin is with the Twin Cities business consulting firm KDV.
Mozilla closes critical holes in Firefox, Thunderbird and SeaMonkey (Feb 1)

Following the release of new versions of its open source Firefox web browser, Thunderbird email client and SeaMonkey suite, Mozilla has detailed the security fixes included in each of the updates. According to the project's Security Center page for Firefox, version 10.0 closes a total of 8 security holes in the browser, 5 of which are rated as "Critical" by Mozilla.