Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

How Hackers Fool Your Employees (Apr 16)

Attackers are taking aim at the weakest point in your network: human beings. Do you know how to protect your data?
Wide-scale attack against WordPress blogs reported (Apr 15)

Unidentified hackers are said to have have launched a large-scale attack against WordPress blogs and any hosts using weak passwords are urged to update them immediately.
Your Next Big Security Headache: Your Wireless Router (Apr 18)

You've installed antivirus software on your computers, configured your operating system to update its security automatically and password-protected your Wi-Fi. So your home network is safe against hackers, right?
IRS going against privacy tide on warrantless email search (Apr 15)

The Internal Revenue Service (IRS) has taken the position it does not need a search warrant to gather email in criminal investigations, despite opposition from lawmakers and privacy advocates and a ruling by a federal appellate court.
Stop disabling SELinux! (Apr 19)

The push to cloud transforms the way we apply information security principles to systems and applications.
(Apr 18)

Former hacker Peiter "Mudge" Zatko has been working for the US government for several years, but he now says he is "getting the band back together", presumably at his new employer Google. Mudge, who, among other things, developed the hacking tool L0phtCrack (used to crack Windows passwords), had recently been working for the Defense Advanced Research Project Agency (DARPA) which is part of the Department of Defense.
(Apr 15)

Peter Zatko, the computer hacking expert better known by the handle Mudge, says he's leaving his job as a program manager at DARPA to join Google. He announced the change overnight on Twitter.
(Apr 16)

Peiter "Mudge" Zatko, who was hired three years ago to be a project manager at the U.S. Department of Defense's research and development division known as the Defense Advanced Research Projects Agency, has announced via Twitter that he's returning to the private sector with Google.
Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight (Apr 16)

A legal fight over the government's use of a secret surveillance tool has provided new insight into how the controversial tool works and the extent to which Verizon Wireless aided federal agents in using it to track a suspect.
(Apr 19)

Last week I talked about the importance of deploying honeypots to catch malicious hackers and malware. But there's a related tool that's craftier and even easier to deploy: the honeytoken.
Former LulzSec member gets prison sentence for Sony Pictures hack (Apr 19)

Cody Andrew Kretsinger, a 25-year-old man from Decatur, Illinois, was sentenced Thursday to one year in federal prison for his role in a May 2011 breach of a Sony Pictures website and database.
Largest gathering of offensive hackers converges on Miami (Apr 15)

No nametags. No photographs. No video. Attendees remain utterly anonymous -- and that's the way they like it.