LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: May 7th, 2012 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Judge: An IP-Address Doesn't Identify a Person (or BitTorrent Pirate) (May 3)
 

A landmark ruling in one of the many mass-BitTorrent lawsuits in the US has delivered a severe blow to a thus far lucrative business. Among other things, New York Judge Gary Brown explains in great detail why an IP-address is not sufficient evidence to identify copyright infringers. According to the Judge this lack of specific evidence means that many alleged BitTorrent pirates have been wrongfully accused by copyright holders.

  Failure to understand hackers led to Sony security woes (May 1)
 

The exploits of the hacker known as Geohot have been in the news for years, but to people outside the world of tech it has been more like a series of isolated events than one cohesive story. A new account by The New Yorker adds little information but binds the last five years of hacking into a single thread, showing convincingly that what has contributed most to companies' security woes has been an inability to understand the motivations of those who hack.

  The Pirate Bay must be blocked by UK ISPs, court rules (Apr 30)
 

File-sharing site The Pirate Bay must be blocked by UK internet service providers, the High Court has ruled.

  The 10 worst Web application-logic flaws that hackers love to abuse (May 3)
 

Hackers are always hunting to find business-logic flaws, especially on the Web, in order to exploit weaknesses in online ordering and other processes. NT OBJECTives, which validates Web application security, says these are the top 10 business-logic flaws they see all the time.

  Cloud providers need to step up on security, say analysts (May 1)
 

Cloud providers ought to provide data security -- that should be obvious. But some providers themselves, along with some security analysts, say they also ought to be doing more, such as educating their customers about best security practices.

  How to Become a Certified Ethical Hacker (May 3)
 

As security breaches continue to grow both in frequency and in the amount of damage they cause (according to Symantec, the average organization incurred $470,000 in losses from endpoint cyber attacks in 2011), penetration testing is becoming increasingly important for organizations of all sizes. For IT professionals seeking to expand their knowledge in that area, the EC-Council's Certified Ethical Hacker (CEH) credential offers a solid base of expertise.

  SSL Pulse starts beating (May 2)
 

The Trustworthy Internet Movement has launched SSL Pulse, a "real time" dashboard as part of an initiative to improve the quality of SSL implementations in use on the web. The Trustworthy Internet Movement (TIM) is a non-profit launched by the chairman and CEO of Qualys, Philippe Courtot, in February at the RSA conference. Its next step, it has decided, is to create a TIM SSL Taskforce to look at SSL governance and implementation across the internet.

  Mozilla Slams CISPA, Breaking Silicon Valley's Silence On Cybersecurity Bill (May 2)
 

While the Internet has been bristling with anger over the Cyber Intelligence Sharing and Protection Act, the Internet industry has been either silent or quietly supportive of the controversial bill. With one exception.

  Hacking: How Hollywood can get it wrong (Apr 30)
 

Video game graphics, silly buzzwords and even two people typing frantically on the same keyboard at once - Hollywood has often had a bit of fun when it comes to computer hacking.

  VMware Source Code Leak Reveals Virtualization Security Concerns (May 3)
 

When virtualization technology giant VMware admitted last week that some of the confidential source code for its ESX hypervisor had been leaked, the world didn't quite know whether this was a bombshell or something barely worth raising an eyebrow about.

  Mozilla to auto-upgrade Firefox 3.6 users to version 12 (Apr 30)
 

Soon, users running Firefox 3.6.x will start being automatically upgraded to the current version 12.0 release of the open source web browser. The plan to auto-update these users has been being discussed since the end of March, when Mozilla Release Manager Alex Keybl proposed the move on a Mozilla planning discussion thread.

  CISPA Clears The House, What's Next And What It Means (Apr 30)
 

Much has been made of the Cyber Intelligence Sharing and Protection Act (CISPA) lately, and last week (April 26), it passed through the House of Representatives. Like other cyber-security bills, CISPA is likely to be stalled in the Senate for a while. After that, President Obama has said he will veto the bill, shooting it down and protecting our privacy. Or will he?

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
NSA keeps low profile at hacker conventions despite past appearances
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.