Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Essential tools for hardening and securing Unix based Environments - System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people's computers, servers and everywhere they can lay hands on and interrupt the normal runtime of services.

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

  Hackers, Activists, Journos: How to Build a Secure Burner Laptop (Oct 29)
 

Security researcher Georg Wicherski recalls a friend who was once stopped at the airport on his way to the Black Hat hacking conference. Security took his laptop, supposedly for a routine X-ray, but it seemed to be taking too long. He suspected something more nefarious: airports are an easy place for authorities to place malware on seized equipment.
  This 11-year-old is selling cryptographically secure passwords for $2 each (Oct 26)
 

We now live in a world where a New York City sixth grader is making money selling strong passwords. Earlier this month, Mira Modi, 11, began a small business at dicewarepasswords.com, where she generates six-word Diceware passphrases by hand.
  Webmasters have only hours to deploy patches, Joomla incident shows (Oct 27)
 

Four hours -- that's the time Joomla website owners had to apply a patch recently before attackers started to exploit the flaw it fixed. Those who still haven't updated their websites are likely to find them compromised.
  Turns Out Police Stingray Spy Tools Can Indeed Record Calls (Oct 29)
 

The federal government has been fighting hard for years hide details about its use of so-called stingray surveillance technology from the public.
  The Most Controversial Hacking Cases of the Past Decade (Oct 27)
 

The Computer Fraud and Abuse Act, the law that's been at the heart of almost every controversial hacking case of the past decade, is in the news again this month.
  15-year-old arrested over TalkTalk hack (Oct 27)
 

A 15-year-old teenager has been arrested in Northern Ireland by law enforcement over their alleged role in the TalkTalk hack.In a statement released late Monday, the UK Metropolitan Police force said the Police Service of Northern Ireland (PSNI) and detectives from the Metropolitan Police Cyber Crime Unit (MPCCU) executed a search warrant and arrested a 15-year-old boy in County Antrim, Northern Ireland.
  Find a flash drive, pick it up: Study highlights poor city security habits (Oct 28)
 

Nearly one in five people would give in to curiosity and plug abandoned USB drives into their systems, placing their personal security at risk.
  EFF: We found 100+ license plate readers wide open on the Internet (Oct 30)
 

Law enforcement agencies around the country have been all too eager to adopt mass surveillance technologies, but sometimes they have put little effort into ensuring the systems are secure and the sensitive data they collect on everyday people is protected.
  New attacks on Network Time Protocol can defeat HTTPS and create chaos (Oct 27)
 

Serious weaknesses in the Internet's time-synchronization mechanism can be exploited to cause debilitating outages, snoop on encrypted communications, or tamper with Bitcoin transactions, computer scientists warned Wednesday.
  000webhost hacked, 13 million customers exposed (Oct 29)
 

Free website hosting service 000webhost has suffered a data breach which has placed the service's security practices under scrutiny.000webhost is a free web hosting service which supports both PHP and MySQL, catering for millions of users worldwide. On Wednesday, the firm told users in a Facebook message that the company had suffered a databreach on its main server.
  Tor Project launches encrypted anonymous chat app to the public (Oct 30)
 

The Tor Project has launched the beta version of Tor Messenger, an easy-to-use encrypted message client for those concerned about their privacy and potential surveillance.
  CISA data-sharing bill passes Senate with no privacy protections (Oct 28)
 

A controversial draft law, which one senator called a "surveillance bill by another name," has passed the Senate.CISA, the Cybersecurity Information Sharing Act (S. 754), will allow private companies to share cyber-threat data with the federal government, including personal user data, in an effort to prevent cyberattacks, such as those on the scale of Target, Home Depot, and Sony.