Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

Go Daddy-serviced Web sites go down; hacker takes credit (Sep 11)

Web sites serviced by DNS and hosting provider Go Daddy were down for most of today, but were back up later this afternoon. A hacker using the "Anonymous Own3r" Twitter account claimed credit for the outage.
New Attack Against Chip-and-Pin Systems (Sep 11)

You see, an EMV payment card authenticates itself with a MAC of transaction data, for which the freshly generated component is the unpredictable number (UN). If you can predict it, you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location. You can as good as clone the chip.
Hacker takes apart iPhone 5: Finds no fingerprint security or NFC (Sep 11)

This does it, really. If the nine reasons we gave you on Monday weren't enough to dissuade you from buying the new iPhone 5 (yeah, that's what we're calling it for now), here are two more