LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: June 4th, 2012 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Anonymous: The secret lives of dangerous hackers (Jun 1)
 

In December 2010 the heat-seeking internet pranksters known as Anonymous attacked PayPal, the online bill-paying business. PayPal had been a conduit for donations to WikiLeaks, the rogue whistle-blower site, until WikiLeaks released a huge cache of State Department internal messages.

  Open source and the National Security Agency, together again (May 29)
 

The Open Source Software Institute, a non-profit group that supports open-source adoption and the National Security Agency (NSA), the organization in charge of all out of country eavesdropping, will co-host an Open Source Software Industry Day on Wednesday, May 30, 2012.

  Security problem in VMware vSphere 5 (May 30)
 

Security experts from ERNW have demonstrated the ability to break out of the virtualisation hypervisor of VMware ESXi 5.0 using crafted VMware images. If a provider offers customers the ability to run customer-supplied VMware images on its servers as part of an infrastructure as a service (IaaS) offering, a malicious user could access all data on the server, including other customers' user passwords and virtual machines.

  Lack of defence against hacking? (Jun 1)
 

With several government websites hacked or defaced over the last few days, members of the hacker group "Anonymous" have labelled the country's cyber security setup as a "joke", and said they could easily hack into servers of most government organisations.

  TSP Hackers: The Naked Truth (May 30)
 

Point is that some things, no matter how lucrative or fun they might seem, just aren't worth the risk. Example: A life of crime can be rewarding or, more often, pretty tough. One day you are on top, the next you are busted. Literally and figuratively. If Jesse James is your role model, here are some things to avoid which will add years to your time on the street -- as opposed to jail.

  Interview with a Safecracker (May 29)
 

Technically, the biggest difference between what a burglar does and what I do is that the burglar wants to get in and out quickly and doesn't care if the safe ever gets used again. I take my time because my objective is opening it with minimal damage so the owner can use it again.

  Trojan poses as privacy tool, spies on Iranian surfers (May 30)
 

Backdoored versions of a widely used privacy tool have surfaced in Iran, raising fears that its government is using the Trojanised software to spy on its citizens.

  For Diablo 3 Hacking, the Buck Stops Where? (May 31)
 

You never really know what your most controversial pieces are going to be before you write them. I figured an exploration of what it feels like to have your account hacked in a game would be a relatable topic for many who have suffered something similar.

  Hackers pose large threat to companies on Net (May 31)
 

Computer hacking is a growing problem, and a growing career field. The third annual Appalachian Institute for Digital Evidence Conference at the Marshall University Forensics Lab focused on hacking and what it can mean for those fighting crime.

  CloudLinux Enhances Shared Hosting Security (May 31)
 

Cloud Linux Inc., an innovative software company serving the needs of hosting service providers, has released CageFS Version 3.5. This new version of the software features dramatic improvements in security for shared hosting companies. CageFS is a virtual file system that encapsulates each shared hosting customer in its own private virtual space.

  Flame worm was signed by forged Microsoft certificate (Jun 4)
 

Some components of the Flame spyware worm were signed using forged Microsoft certificates, according to a recent investigation by Microsoft. These unauthorised digital certificates allowed the Flame developers to make the malware appear as if it was actually created and approved by Microsoft.

  Fedora could seek Microsoft code signing to contend with secure boot (Jun 4)
 

Future versions of Fedora could come with a bootloader that is signed by Microsoft, a move that would ensure that the Linux distribution is easy to install on computers with the secure boot mechanism. The proposal was described in a blog entry this week by Red Hat kernel developer Matthew Garrett.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.