Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

vBulletin.com's password database hack gives forum admins the jitters (Nov 19)

Forumware giant vBulletin.com has admitted that it's been turned over by hackers who made off with customer user IDs and encrypted passwords.
FBI sends memo to US.gov sysadmins: You've been hacked... for the past YEAR (Nov 19)

Hacktivists allegedly affiliated with Anonymous have been covertly breaking into US government systems and pilfering sensitive information for nearly a year, the FBI warned last week.
'Encrypt everything:' Google's answer to government surveillance is catching on (Nov 22)

While Microsoft's busy selling t-shirts and mugs about how Google's "Scroogling" you, the search giant's chairman is busy tackling a much bigger problem: How to keep your information secure in a world full of prying eyes and governments willing to drag in data by the bucket load. And according to Google's Eric Schmidt, the answer is fairly straightforward.
(Nov 18)

Comodo, a leading Certificate Authority and Internet security organization, today announced that their Comodo Endpoint Security Manger software proactively protects against endpoints from getting hit by the CryptoLocker ransomware.
Experts applaud Google completion of SSL certificate upgrade (Nov 20)

Google's faster-than-expected upgrade of all its SSL certificates to an RSA key length of 2048 bits will make cracking connections to the company's services more difficult without affecting performance, experts say.
(Nov 21)

A worm-like type of malicious software has been found targeting Apache Tomcat, an open-source Web server application, according to Symantec.
(Nov 19)

The NSA allegedly gathered millions of records from Google and Yahoo data centers around the world, but soon, the agency might have a much harder time trying to collect this type of data.
Google: We're bombarded by gov't requests on user data (Nov 18)

Requests from governments worldwide for user information have more than doubled since three years ago. Worse still, says Google, is what the US won't let us tell you.
Does Linux Mint need better security? (Nov 21)

Today in Open Source: Does Linux Mint have a security problem? Or has the media made a mountain out of a molehill?
The hacker hunters (Nov 22)

Somewhere deep within PwC's doughnut-shaped headquarters in the shadow of London's Tower Bridge, a projection flickers on the whitewashed wall of a meeting room. Its uniform multicoloured dots form an image that would not look out of place on one of Damien Hirst's production lines. But this is not art; it is science.
Vint Cerf: 'Privacy may be an anomaly' (Nov 20)

Could online privacy one day be a thing of the past as we share more and more details about ourselves through social networks? Vint Cerf certainly believes that privacy will become much harder to ensure.
Remembering legendary Enigma code breaker Mavis Batey (Nov 21)

Cracking one of the most complicated cipher devices ever created -- the Enigma machine -- may not have been what Britain's Mavis Batey envisioned when she studied the German romantic poets at University College London when World War II broke out.