Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

Automating data encryption for new cloud architectures (Apr 9)

Cloud computing is the ideal environment for processing big data. For databases that scale horizontally, sometimes with a million or more fields and reaching multiple petabytes in size, it's possible to chunk up the data and spread it across hundreds or thousands of servers for parallel processing and analytics. It's an efficient and effective use of cloud technology.
How to Hack Like a Pro: Getting Started with Metasploit (Apr 10)

This is my first contribution in an ongoing series on detailing the best free, open source hacking and penetration tools available. My goal is to show you some of the quality tools that IT security experts are using every day in their jobs as network security and pen-testing professionals. There are hundreds of tools out there, but I will focus and those that meet four key criteria
How to secure your BIOS (Apr 9)

You probably don't interact with your PC's BIOS (Basic Input/Output Operating System) much, but it occupies a unique and highly privileged position in your computer's architecture.
Why Not Use Port Knocking? (Apr 13)

The robots currently at work knocking around for your guessable password could easily be repurposed to guess your Unicode password currently known as your port knocking sequence, and quite likely have been already. Plus, we already have authpf(8) for network-level restrictions on access.
Hackers claim they've snared Tunisian leader's emails (Apr 9)

A group claiming affiliation with activist hacker collective Anonymous says it has hacked 2,725 emails belonging to Tunisia's ruling Ennahda party, including those of the prime minister, in the latest challenge to the Islamist-led government.
Megaupload User Demands Return of Seized Content (Apr 9)

An Ohio man is asking a federal judge to preserve data of the 66.6 million users of Megaupload, the file-sharing service that was shuttered in January following federal criminal copyright-infringement indictments that targeted its operators.
Disguising Tor Traffic as Skype Video Calls (Apr 13)

To prevent the Tor traffic from being recognized by anyone analyzing the network flow, SkypeMorph uses what's known as traffic shaping to convert Tor packets into User Datagram Protocol packets, as used by Skype. The traffic shaping also mimics the sizes and timings of packets produced by normal Skype video conversations. As a result, outsiders observing the traffic between the end user and the bridge see data that looks identical to a Skype video conversation.
Meet The 'Place Hacker' Who Trespassed And Scaled Europe's Tallest Building (Apr 10)

Very few people have taken in the magnificent view at the top of the Shard, the modern new tower that will be the tallest in Western Europe when it is finished in about a month's time. But last February, and in the dead of night, PhD graduate Bradley Garrett got together with two friends from London's urban exploration community to trespass the building and "place hack" it.
Apple Delays, Hackers Play (Apr 13)

Jeroen Frijters describes himself as an "accidental" hacker, a guy who trips over security holes the way a pedestrian stumbles over a sidewalk crack. In July the Dutch software engineer discovered the Grand Canyon of sidewalk cracks: a serious vulnerability in Java, one of the most widely used programming languages and a building block of many websites. He reported the flaw to Oracle (ORCL), which oversees Java.
Anonymous targets UK Government sites with DDoS - Update (Apr 9)

The hacktivist collective Anonymous are staging a distributed denial of service attack on the UK Government's Home Office, the Prime Minister's Number 10 and the Ministry of Justice web sites. The attacks began on the evening of Saturday 7 April and were claimed as the work of Anonymous in three tweets (1, 2, 3) by @YourAnonNews, the first of which read "TANGO DOWN - https://www.gov.uk/government/organisations/home-office (via @AnonymouSpoon) For your draconian surveillance proposals! Told you to #ExpectUs! #ANONYMOUS #AnonUK".
Financial services industry sees DDOS attacks triple, says Prolexic (Apr 12)

The financial services industry saw nearly triple the number of distributed denial-of-service (DDOS) attacks during the first three months of this year compared to the same period last year, according to a report released Wednesday.
(Apr 12)

Financial firms were in the crosshairs of cyber-attackers during the first three months of 2012, while a threefold increase in DDoS attacks was recorded.