LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Security Week: December 26th, 2012 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Linux servers targeted by new drive-by iFrame attack (Dec 21)
 

A new Linux iFrame attack has been spotted, this time one attempting to infect its victims with the Zeus/Zbot bank login stealer, security firm ESET has reported.

  How Hackers Protect Themselves From Getting Hacked (Dec 21)
 

When Adrian Lamo goes online, he leaves nothing to chance.To log in to personal accounts, he uses a digital password generator -- a plastic key chain-like device that displays a new string of digits every 60 seconds.

  The top 5 tech bozos of the year (Dec 20)
 

Picking the bozos of the year is always bittersweet. It's altogether satisfying to call out the big cigars of the tech world -- and sometimes their allies in government -- who deserve to be ridiculed and brought to account. On the other hand, these bozos have caused damage to their companies, their employees, and their customers, which is no joking matter. Here are 2012's top five.

  Anonymous continues its hack offensive against Westboro Baptist Church (Dec 19)
 

Over the weekend, Anonymous was stirred to action against an old nemesis: the Westboro Baptist Church. The most recent feud came in the wake of WBC's appalling reaction to the Sandy Hook shooting Friday in Newtown, CT.

  Private Clouds, Cyber-security, Privacy: ISACA Issues Guidance (Dec 20)
 

ISACA, a non-profit global association of more than 100,000 IT audit, security, risk, and governance professionals, released guidance on managing three top trends expected to pose major challenges to Indian businesses in 2013: Private vs. public clouds, cyber-security threats, and data privacy.

  Cisco VoIP Hacker Urges Closer Look at Firmware Security Vulnerabilities (Dec 19)
 

Ang Cui's "Funtenna" is just the latest eye-opener into the security of embedded networked devices such as printers, VoIP phones, routers and other core, connected infrastructure.

  China Now Blocking Encryption (Dec 20)
 

The "Great Firewall of China" is now able to detect and block encryption: A number of companies providing "virtual private network" (VPN) services to users in China say the new system is able to "learn, discover and block" the encrypted communications methods used by a number of different VPN systems.

  Apache plugin turns legit sites into bank-attack platforms (Dec 21)
 

A malicious Apache module found operating in the wild turns sites running the Internet's most popular Web server into platforms that surreptitiously install malware on visitors' computers.

  How to set up a safe and secure Web server (Dec 24)
 

Fifteen years ago, you weren't a participant in the digital age unless you had your own homepage. Even in the late 1990s, services abounded to make personal pages easy to build and deploy--the most famous is the now-defunct GeoCities, but there were many others (remember Angelfire and Tripod?). These were the days before the "social" Web, before MySpace and Facebook.

  How Linux reads your fingerprints, helps national security (Dec 24)
 

Gunnar Hellekson has many awesome-sounding job titles.He's the chief technology strategist for Red Hat's US Public Sector group, where he works with government departments to show them how open source can meet their needs, and with systems integrators to show them what they can do to provide the government with what it needs.

  Why SELinux is more work, but well worth the trouble (Dec 26)
 

Many of us got used to the simple owner, group, and other model of Unix security so long ago that we were somewhat taken back when the setfacl and getfacl commands were introduced and added complexity to file permissions. All of a sudden, users and groups could be assigned access privileges separately from these three groupings and we had to pay attention to + signs at the ends of our permissions matrices that reminded us that additional access permissions were in effect.

  Hackers Use Backdoor to Break System (Dec 26)
 

Industrial control system comes with a backdoor: Although the system was password protected in general, the backdoor through the IP address apparently required no password and allowed direct access to the control system. "[Th]e published backdoor URL provided the same level of access to the company's control system as the password-protected administrator login," said the memo.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
State-of-the-art spear phishing and defenses
Linux kernel source code repositories get better security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.