Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

  Bugs in Tor network used in attacks against underground markets (Apr 6)
 

The operator of an underground marketplace hosted within the Tor network has reported a flaw in Tor that he claims is being used for an ongoing denial of service attack on the site.
  (Apr 6)
 

Cybersecurity legislation, for the most part, is a good idea. But not without protections for bug bounty programs and other vital, proactive security research.
  Review: Anonabox or InvizBox, which Tor router better anonymizes online life? (Apr 9)
 

A while back, we covered the controversy over a few Kickstarter projects aiming to provide something in increasing demand as of late: a foolproof way to connect any Wi-Fi capable device to the Tor anonymized network. Two such Tor "travel router" projects have since become actual product: InvizBox, from a team in Ireland, and the resurrected Anonabox, which was acquired by the tech holding company Sochule.
  Vast majority of organizations are still vulnerable to Heartbleed (Apr 8)
 

According to research from Venafi, a vast majority of the world's top businesses are still vulnerable to Heartbleed, which was disclosed a year ago this month.The OpenSSL flaw impacted organizations both large and small, but the latest figures show that 74-percent of the Global 2000 remain vulnerable.
  Two NTP Key Authentication Vulnerabilities Patched (Apr 9)
 

NTP, the much maligned protocol abused in a number of high volume DDoS attacks a year ago, is suffering from newly patched vulnerabilities that could allow an attacker to send unauthenticated packets to a client that would be executed.
  Police operation disrupts Beebone botnet used for malware distribution (Apr 9)
 

Europol, in collaboration with Dutch authorities, the U.S. FBI and private security companies, have seized the domain names used to control a botnet called Beebone.
  A MILLION Chrome users' data was sent to ONE dodgy IP address (Apr 8)
 

A team of security researchers have found malware in a popular Chrome extension which may have sent the browsing data of over 1.2m users to a single IP address.ScrapeSentry credits its researchers with uncovering "a sinister side-effect to a free app [...] which potentially leaks [users'] personal information back to a single IP address in the USA".
  Google sticks anti-SQL injection vaccine into MySQL MariaDB fork (Apr 9)
 

Google is dropping encryption into MariaDB, the fork of Oracle's MySQL, to help shut out SQL injection attacks.Mountain View is credited with developing and testing tablespace encryption in MariaDB Server 10.1 - the community edition of MariaDB.
  US drug enforcement amassed bulk phone records for decades (Apr 8)
 

The U.S. started keeping from 1992 records of international phone calls made by Americans, under a joint program of the Department of Justice and the Drug Enforcement Administration, according to a newspaper report.
  How the U.S. thinks Russians hacked the White House (Apr 10)
 

Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.
  (Apr 10)
 

In-brief: Researchers in Japan have developed a way to uniquely identify Internet of Things devices: creating a "fingerprint" based on subtle variations in chip composition, according to a report in IEEE Spectrum.
  (Apr 13)
 

The Simda botnet, known for spreading banking malware and dropping a backdoor on hundreds of thousands of machines worldwide, was taken down last Thursday in a collaborative effort between international law enforcement bodies and private security and technology companies.