Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

(May 3)

A landmark ruling in one of the many mass-BitTorrent lawsuits in the US has delivered a severe blow to a thus far lucrative business. Among other things, New York Judge Gary Brown explains in great detail why an IP-address is not sufficient evidence to identify copyright infringers. According to the Judge this lack of specific evidence means that many alleged BitTorrent pirates have been wrongfully accused by copyright holders.
(May 1)

The exploits of the hacker known as Geohot have been in the news for years, but to people outside the world of tech it has been more like a series of isolated events than one cohesive story. A new account by The New Yorker adds little information but binds the last five years of hacking into a single thread, showing convincingly that what has contributed most to companies' security woes has been an inability to understand the motivations of those who hack.
(Apr 30)

File-sharing site The Pirate Bay must be blocked by UK internet service providers, the High Court has ruled.
(May 3)

Hackers are always hunting to find business-logic flaws, especially on the Web, in order to exploit weaknesses in online ordering and other processes. NT OBJECTives, which validates Web application security, says these are the top 10 business-logic flaws they see all the time.
Cloud providers need to step up on security, say analysts (May 1)

Cloud providers ought to provide data security -- that should be obvious. But some providers themselves, along with some security analysts, say they also ought to be doing more, such as educating their customers about best security practices.
How to Become a Certified Ethical Hacker (May 3)

As security breaches continue to grow both in frequency and in the amount of damage they cause (according to Symantec, the average organization incurred $470,000 in losses from endpoint cyber attacks in 2011), penetration testing is becoming increasingly important for organizations of all sizes. For IT professionals seeking to expand their knowledge in that area, the EC-Council's Certified Ethical Hacker (CEH) credential offers a solid base of expertise.
SSL Pulse starts beating (May 2)

The Trustworthy Internet Movement has launched SSL Pulse, a "real time" dashboard as part of an initiative to improve the quality of SSL implementations in use on the web. The Trustworthy Internet Movement (TIM) is a non-profit launched by the chairman and CEO of Qualys, Philippe Courtot, in February at the RSA conference. Its next step, it has decided, is to create a TIM SSL Taskforce to look at SSL governance and implementation across the internet.
Mozilla Slams CISPA, Breaking Silicon Valley's Silence On Cybersecurity Bill (May 2)

While the Internet has been bristling with anger over the Cyber Intelligence Sharing and Protection Act, the Internet industry has been either silent or quietly supportive of the controversial bill. With one exception.
(Apr 30)

Video game graphics, silly buzzwords and even two people typing frantically on the same keyboard at once - Hollywood has often had a bit of fun when it comes to computer hacking.
(May 3)

When virtualization technology giant VMware admitted last week that some of the confidential source code for its ESX hypervisor had been leaked, the world didn't quite know whether this was a bombshell or something barely worth raising an eyebrow about.
Mozilla to auto-upgrade Firefox 3.6 users to version 12 (Apr 30)

Soon, users running Firefox 3.6.x will start being automatically upgraded to the current version 12.0 release of the open source web browser. The plan to auto-update these users has been being discussed since the end of March, when Mozilla Release Manager Alex Keybl proposed the move on a Mozilla planning discussion thread.
(Apr 30)

Much has been made of the Cyber Intelligence Sharing and Protection Act (CISPA) lately, and last week (April 26), it passed through the House of Representatives. Like other cyber-security bills, CISPA is likely to be stalled in the Senate for a while. After that, President Obama has said he will veto the bill, shooting it down and protecting our privacy. Or will he?