Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

  (Nov 24)
 

In 1989, the year the Berlin Wall began to fall, American artist Jim Sanborn was busy working on his Kryptos sculpture, a cryptographic puzzle wrapped in a riddle that he created for the CIA's headquarters and that has been driving amateur and professional cryptographers mad ever since.
  Hacker Lexicon: What Is End-to-End Encryption? (Nov 25)
 

Plenty of companies brag that their communications app is encrypted. But that marketing claim demands a followup question: Who has the key? In many cases, the company itself holds the cryptographic key data that lets it decrypt your messages--and so, therefore, does any hacker who compromises the company or government official standing over its shoulder.
  Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign (Nov 24)
 

Researchers have discovered a group of attackers who have published a variety of compromised WordPress themes and plug-ins on legitimate-looking sites, tricking developers into downloading and installing them on their own sites. The components then give the attackers remote control of the compromised sites and researchers say the attack may have been ongoing since September 2013.
  How to weed out the next Heartbleed bug: ENISA details crypto worries (Nov 24)
 

The cryptographic protocols used to secure data moving across the web are putting users at risk due to design flaws that date back many years.Given the current push to encrypt everything in response to revelations of government surveillance, it's important that the protocols being used to do the job are actually secure.
  Google Removes SSLv3 Fallback Support From Chrome (Nov 25)
 

Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3, the component that was the target of the POODLE attack revealed last month.
  (Nov 28)
 

Some of the world's best threat detection platforms have been bypassed by custom malware in a demonstration of the fallibility of single defence security.Five un-named top advanced threat detection products were tested against four custom malware samples written by researchers at Crysys Lab, Hungary.
  (Nov 28)
 

In 1984, the world was just emerging from its digital Dark Age. CompuServe, the world's first commercial email provider, was still trying to interest users in its fledgling service, and computer viruses and worms were still largely the stuff of engineering-school pranks.
  (Dec 1)
 

A global police crackdown co-ordinated by Interpol has seen the arrest of 118 people accused of using stolen or fake debit and credit cards to buy airplane tickets.