Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

(Apr 26)

It can be said in the length of a single tweet: When a 140-character message can lead to national security issues, Twitter itself needs better security tools.
"Forget passwords!": Google joins FIDO (Apr 26)

The FIDO Alliance, an organisation that aims to develop user-friendly password alternatives, has gainedPDF several new members and supporters this week. Google, NXP and CrucialTec have joined the Alliance's board of directors, taking seats alongside existing "Board Level" members.
(Apr 25)

We'd all love to have a magic bullet to stop hackers, but these five defenses won't do the trick, despite what you've been told
More malware discovered from drone cyberattacks (Apr 24)

Researchers following a cyberespionage campaign apparently bent on stealing drone-related technology secrets have found additional malware related to the targeted attacks.
Six open source security myths debunked - and eight real challenges to consider (Apr 23)

Detractors of open source software often point to its broad developer base and open source code as a potential security risk. But that's not a fair assessment, according to Dr Ian Levy, technical director with the CESG, a department of the UK's GCHQ intelligence agency that advises UK government on IT security.
Low-level clerk may be big-time hacker (Apr 25)

A COMPUTER help-desk clerk has been accused of manipulating confidential government data, amid revelations he is the self-confessed ringleader of shadowy hacking syndicate Lulzsec that previously undermined the CIA and FBI websites, federal police allege.
(Apr 25)

Security expert HD Moore warns of the existence of unprotected terminal servers on the internet. The researcher says that he found over 100,000 such systems during his analyses, and that more than 13,000 provided administrative access without requesting a password.
(Apr 23)

Verizon's annual Data Breach Investigations Report, which will be released on Tuesday, found the number of attacks by state-affiliated actors had nearly tripled from last year and that 96 percent were attributed to China.
(Apr 24)

Australian police have arrested IT security professional and self-proclaimed leader of an international hacking ring Matthew Flannery after he allegedly infiltrated a government website this month.
(Apr 29)

Security researchers were surprised to discover that the malware baddies had gone to the unprecedented effort of creating an entirely new online advertisement distribution network, called BadNews, which burrowed its way through Google Play's security defences by laying dormant for weeks before distributing malware millions of times by sending fake update notifications.
(Apr 29)

A Dutch citizen arrested in northeast Spain on suspicion of launching what is described as the biggest cyber attack in internet history operated from a bunker and had a van capable of hacking into networks anywhere in the country, officials said on Sunday.
From hackers to security experts, the Balkan IT sector is booming (Apr 29)

After hacking the Pentagon, NASA and Britain's Royal Navy for fun, TinKode got a real job as a computer security expert for a Romanian cyber safety consultancy.