LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: September 17th, 2012 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Go Daddy-serviced Web sites go down; hacker takes credit (Sep 11)
 

Web sites serviced by DNS and hosting provider Go Daddy were down for most of today, but were back up later this afternoon. A hacker using the "Anonymous Own3r" Twitter account claimed credit for the outage.

  New Attack Against Chip-and-Pin Systems (Sep 11)
 

You see, an EMV payment card authenticates itself with a MAC of transaction data, for which the freshly generated component is the unpredictable number (UN). If you can predict it, you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location. You can as good as clone the chip.

  Hacker takes apart iPhone 5: Finds no fingerprint security or NFC (Sep 11)
 

This does it, really. If the nine reasons we gave you on Monday weren't enough to dissuade you from buying the new iPhone 5 (yeah, that's what we're calling it for now), here are two more – and big ones too.

  Elderwood hacker gang claims unlimited supply of zero-day bugs (Sep 10)
 

An elite hacker group targeting defense industry sub-contractors has an inexhaustible supply of zero-days, or vulnerabilities that have yet to be publicised, much less patched, according to Symantec.

  Do Your SSL Certs Meet Microsoft's New Requirements? (Sep 14)
 

Warning from Microsoft to the entire Internet: make sure that your digital certificates are at least 1024 bits. As of Oct. 9, 2012, longer key lengths are mandatory for all digital encryption certificates that touch Windows systems.

  Cosmo, the Hacker ‘God' Who Fell to Earth (Sep 11)
 

Cosmo is huge -- 6 foot 7 and 220 pounds the last time he was weighed, at a detention facility in Long Beach, California on June 26. And yet he's getting bigger, because Cosmo -- also known as Cosmo the God, the social-engineering mastermind who weaseled his way past security systems at Amazon, Apple, AT&T, PayPal, AOL, Netflix, Network Solutions, and Microsoft -- is just 15 years old.

  Google Gets Serious about Chrome Security on Linux (Sep 12)
 

Google was a bit slow in the beginning getting its Chrome browser ready for Linux. That's now changing as Google is now set to take advantage of an advanced Linux kernel feature that could well make Chrome on Linux more secure than any other OS.

  Debora Plunkett, NSA's Cyber Defense Director, Says Foreign Cyber Attacks Are Increasingly 'Reckless (Sep 10)
 

Other nations are increasingly employing cyber attacks without "any sense of restraint," a top U.S. cybersecurity official said on Friday, citing "reckless" behaviors that neither the United States nor the Soviet Union would have dared at the height of Cold War tensions.

  222,000 Music Piracy Fine Not Unconstitutional, Court Rules (Sep 12)
 

The most recent step in the never-ending Thomas-Rasset music piracy case occurred today with the US Court of Appeals for the 8th Circuit ruling in favor of the RIAA. In its ruling the court decided that the outcome of the first trial in 2007 was indeed correct, and that Thomas-Rasset owes $222,000 to the major music labels.

  BlackHole 2.0 gives hackers stealthier ways to pwn (Sep 13)
 

A new version of the BlackHole exploit kit is now out on the web and ready to start infecting. The developer of the toolkit, who goes by the handle "Paunch," recently announced the availability of Blackhole 2.0, which removes much of its trove of known and patched exploits, and replaces them with a whole new crop--along with features that will make it harder for antivirus companies and site owners to detect trouble.

  GoDaddy Outage: Anonymous Attack Or IT Failure? (Sep 14)
 

What's worse for a website hosting company: getting taken down by hackers, or failing to properly configure your network, sparking downtime and lost revenue for customers?

  Cyberdetectives hunt down hackers, shore up security risks (Sep 10)
 

Hackers often are portrayed as basement-dwelling, junk-food eating computer geniuses who enjoy wreaking havoc on unsuspecting people by sneaking into their computers.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
DARPA-derived secure microkernel goes open source tomorrow
Hacker Gary McKinnon turns into a search expert
Hackers seed Amazon cloud with potent denial-of-service bots
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.