Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

Anonymous: The secret lives of dangerous hackers (Jun 1)

In December 2010 the heat-seeking internet pranksters known as Anonymous attacked PayPal, the online bill-paying business. PayPal had been a conduit for donations to WikiLeaks, the rogue whistle-blower site, until WikiLeaks released a huge cache of State Department internal messages.
Open source and the National Security Agency, together again (May 29)

The Open Source Software Institute, a non-profit group that supports open-source adoption and the National Security Agency (NSA), the organization in charge of all out of country eavesdropping, will co-host an Open Source Software Industry Day on Wednesday, May 30, 2012.
Security problem in VMware vSphere 5 (May 30)

Security experts from ERNW have demonstrated the ability to break out of the virtualisation hypervisor of VMware ESXi 5.0 using crafted VMware images. If a provider offers customers the ability to run customer-supplied VMware images on its servers as part of an infrastructure as a service (IaaS) offering, a malicious user could access all data on the server, including other customers' user passwords and virtual machines.
(Jun 1)

With several government websites hacked or defaced over the last few days, members of the hacker group "Anonymous" have labelled the country's cyber security setup as a "joke", and said they could easily hack into servers of most government organisations.
(May 30)

Point is that some things, no matter how lucrative or fun they might seem, just aren't worth the risk. Example: A life of crime can be rewarding or, more often, pretty tough. One day you are on top, the next you are busted. Literally and figuratively. If Jesse James is your role model, here are some things to avoid which will add years to your time on the street -- as opposed to jail.
(May 29)

Technically, the biggest difference between what a burglar does and what I do is that the burglar wants to get in and out quickly and doesn't care if the safe ever gets used again. I take my time because my objective is opening it with minimal damage so the owner can use it again.
Trojan poses as privacy tool, spies on Iranian surfers (May 30)

Backdoored versions of a widely used privacy tool have surfaced in Iran, raising fears that its government is using the Trojanised software to spy on its citizens.
For Diablo 3 Hacking, the Buck Stops Where? (May 31)

You never really know what your most controversial pieces are going to be before you write them. I figured an exploration of what it feels like to have your account hacked in a game would be a relatable topic for many who have suffered something similar.
(May 31)

Computer hacking is a growing problem, and a growing career field. The third annual Appalachian Institute for Digital Evidence Conference at the Marshall University Forensics Lab focused on hacking and what it can mean for those fighting crime.
CloudLinux Enhances Shared Hosting Security (May 31)

Cloud Linux Inc., an innovative software company serving the needs of hosting service providers, has released CageFS Version 3.5. This new version of the software features dramatic improvements in security for shared hosting companies. CageFS is a virtual file system that encapsulates each shared hosting customer in its own private virtual space.
Flame worm was signed by forged Microsoft certificate (Jun 4)

Some components of the Flame spyware worm were signed using forged Microsoft certificates, according to a recent investigation by Microsoft. These unauthorised digital certificates allowed the Flame developers to make the malware appear as if it was actually created and approved by Microsoft.
(Jun 4)

Future versions of Fedora could come with a bootloader that is signed by Microsoft, a move that would ensure that the Linux distribution is easy to install on computers with the secure boot mechanism. The proposal was described in a blog entry this week by Red Hat kernel developer Matthew Garrett.