Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

(Apr 29)

Security researchers were surprised to discover that the malware baddies had gone to the unprecedented effort of creating an entirely new online advertisement distribution network, called BadNews, which burrowed its way through Google Play's security defences by laying dormant for weeks before distributing malware millions of times by sending fake update notifications.
Apache servers ambushed by sophisticated backdoor attacks (May 3)

Apache servers are being ambushed by a particularly pernicious malware program called Linux/Cdorked.A that's infecting visitors to the sick machines with the Blackhole malware kit.
Not all hackers bad: academic (May 1)

The arrest of a 24-year-old Australian claiming to be the head of an international hacking ring and a Twitter hack that briefly sent Wall Street into a tailspin last week has shone the light on hackers as Perth prepares to host its first "hacker con".
Hackers Train Security Experts in Digital Attack Methods (May 1)

The HackMiami 2013 Hackers Conference, taking place on Miami Beach, will feature comprehensive training seminars that seek to facilitate the skills of SQL injection, smartphone attacks, and enterprise network breaches.
(Apr 30)

Recently, a former student of mine wrote me asking how to handle an overzealous white-hat hacker. In this case, the hacker had probed the publically exposed computer networks and assets of my friend's company, then left multiple copies of a document describing the weaknesses he found -- and asked to be hired to close the holes and locate more weaknesses.
The 7 elements of a successful security awareness program (May 3)

When we were asked to keynote a recent CSO event, it was a pleasant surprise that the top concern of the CSOs was "security culture." From performing many security assessments and penetration tests, it is sadly obvious that even the best technical security efforts will fail if their company has a weak security culture.
(May 1)

Amazon (NSDQ:AMZN) is attempting to help its cloud users boost their security prowess with the launch of a blog focusing on information security best practices.
(Apr 29)

A Dutch citizen arrested in northeast Spain on suspicion of launching what is described as the biggest cyber attack in internet history operated from a bunker and had a van capable of hacking into networks anywhere in the country, officials said on Sunday.