Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

(Nov 9)

On Thursday, numerous Twitter users received an email saying that their Twitter accounts may have been compromised and that their passwords had been reset as a precautionary measure to prevent unauthorised access.
Evolving security standards a challenge for cloud computing (Nov 9)

Any enterprise looking to use cloud computing services will also be digging into what laws and regulations might hold in terms of security and privacy of data stored in the cloud. At the Cloud Security Alliance Congress in Orlando this week, discussion centered on two important regulatory frameworks now being put in place in Europe and the U.S.
AT&T Breaching Net-Neutrality Rules (Nov 9)

AT&T continues to breach net-neutrality regulations despite an announcement that it would begin offering Apple's FaceTime service to more of its iPhone and iPad subscribers, digital rights groups said.
Hackers Attack: South Carolina Taxpayers Exposed by Massive Security Breach (Nov 9)

Millions of South Carolina Social Security numbers and credit and debit card numbers have been exposed by an international hacker. It's likely the hack will prove enormously expensive for the state.
Ruby update fixes hash flooding vulnerability (Nov 12)

The Ruby developers have released an update to the 1.9.3 series of their open source programming language, fixing a denial-of-service vulnerability. Ruby 1.9.3 patch level 327, labelled 1.9.3-p327, corrects a hash-flooding issue that could be exploited by an attacker to cause a high CPU load that can result in a denial-of-service.