Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

(May 10)

With hacking groups like Anonymous and LulzSec stealing headlines and hackers from China, Brazil and everywhere else stealing secrets and technology, it's only natural that security and hacking are finding their way into movies and books these days.
(May 8)

Lately I have received a couple of suspicious emails that seem innocent and from people I know, mostly consisting of quick get rich schemes. Coming from a trusted friend it can seem genuine. But then the same type of message would come from different people on my contact list. So when I confront these people about the emails, fortunately without opening the links, they would say they didn't send such emails. So who did?
Twitter breached, 50,000 accounts posted to Internet (May 10)

Twitter is investigating an apparent data breach that resulted in more than 50,000 user names and passwords being posted to the Internet. The data was posted across five pages (one, two, three, four, five) on Pastebin, a favorite site for hackers to post their ill-gotten gains. Ordinarily, when large files are involved, data thieves "tease" their exploits at the site and include a link to a site, like BitTorrent, that supports large file downloads. The maximum file size for Pastebin is 512KB.
(May 8)

The attackers chose their moment well.On Apr. 7, 2011, five days before Microsoft patched a critical zero-day vulnerability in Internet Explorer that had been publicly disclosed three months earlier on a security mailing list, unknown attackers launched a spear-phishing attack against workers at the Oak Ridge National Laboratory in Tennessee.
(May 8)

Google has dramatically raised the bounties it pays independent researchers for reporting bugs in its websites, services and online apps.
The Malicious Hacker's Ever-Sharper Eye (May 8)

There were an average of 94 targeted cyberattacks per day in November of last year, according to Symantec, and the trend appears to be growing. Targeted attacks are aimed at specific individuals inside an organization based on the information they have access to or the type of work they do. HR professionals, for example, are often targeted since opening email attachments is part of their day-to-day routine.
(May 11)

Red Hat, Inc. RHT +2.03% and IBM IBM +0.49% today announced that Red Hat Enterprise Linux 5 with the KVM hypervisor on IBM Systems has been awarded Common Criteria Certification at Evaluation Assurance Level 4+ (EAL4+). The Common Criteria is an internationally recognized set of standards used by the federal government and other organizations to assess the security and assurance of technology products.
FBI Wants Backdoors in Facebook, Skype and Instant Messaging (May 6)

The FBI has been lobbying top internet companies like Yahoo and Google to support a proposal that would force them to provide backdoors for government surveillance, according to CNET.
PHP patches critical CGI vulnerability (May 9)

The PHP Group released PHP 5.4.3 and PHP 5.3.13 on Tuesday to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers.
Who's Afraid of a Big, Bad Hacking Story? (May 7)

"Security by obscurity does not work, and the more people who know about means of attack/vulnerability, the more secure our IT will be," opined blogger Robert Pogson. "Most people are good and decent and should be empowered to defend their computers and networks. Knowledge is the key."
'Anonymous' hackers reportedly take down Putin website (May 9)

Activists from the hacker group 'Anonymous' blocked access to Russian President Vladimir Putin's website for several minutes on Wednesday, Reuters reports.
(May 9)

A Twitter hacker on Monday revealed thousands of user names and passwords for the microblogging site, but here's the good news: Most of the compromised accounts appear to be spam.