|
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas
|
Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system. |
|
|
Source: H Security - Posted by Dave Wreski
|
The Debian developers have pointed out, in a announcement on the debian-announce mailing list, that – three years after it was released – Debian GNU/Linux 5.0 (Lenny) has reached its "End of Life". |
|
|
Source: CNET - Posted by Dave Wreski
|
Yesterday, researchers outlined a complicated way to crack the Google Wallet PIN used to make purchases with the smartphone-based payment system. Now there's a new hack that could let a stranger gain access to the funds of Wallet users. |
|
|
Source: Information Week - Posted by Alex
|
More than 55 DDoS tools and services on the market offer hacktivists, increasingly driven by ideological or political goals, a wide range of choices, Arbor security researcher reports. |
|
|
Source: Dark Reading - Posted by Anthony Pell
|
Following the hack of the global intelligence firm Stratfor, hackers published the stolen password file containing the usernames and hashes for more than 860,000 accounts. An effort to use typical password breaking techniques on the file yielded quick results: About 1 in every 10 accounts had a trivial password.
|
|
|
Source: Network World - Posted by Anthony Pell
|
Google plans to remove online certificate revocation checks from future versions of Chrome, because it considers the process inefficient and slow. Browsers currently check if a website's SSL certificate has been revoked by its issuing Certificate Authority (CA) when trying to establish an HTTPS connection. |
|
|
Source: DailyTech - Posted by Dave Wreski
|
|
App is vulernable to quick brute-force attacks on rooted phones. Near field communications (NFC) technology has been around overseas for over half a decade now, but it's finally jumping from the Asian market to the United States. |
|
|
Source: Forbes - Posted by Dave Wreski
|
|
Foxconn, the gargantuan Chinese manufacturing backend for much of the tech industry, has developed a reputation as one of the world’s largest, least ethical, and most secretive companies. What better target for an unknown group of hackers trying to make a name for themselves?
|
|
|
Source: Reuters - Posted by Anthony Pell
|
|
A hacker released the source code for antivirus firm Symantec's pcAnywhere utility on Tuesday, raising fears that others could find security holes in the product and attempt takeovers of customer computers.
|
|
|
Source: InfoWorld - Posted by Anthony Pell
|
Digital Certificate Authority (CA) Trustwave revealed that it has issued a digital certificate that enabled an unnamed private company to spy on SSL-protected connections within its corporate network, an action that prompted the Mozilla community to debate whether the CA's root certificate should be removed from Firefox.
|
|
|
Source: CSO Online - Posted by Dave Wreski
|
|
From the start, Google's Safe Browsing API was designed to spot malicious web pages so users wouldn't get trapped in them. Google identifies these sites through its own algorithms and user notification.
|
|
|
Source: The Register UK - Posted by Dave Wreski
|
|
In a story published yesterday your humble Reg writer wrongly confused Mozilla's Telemetry project with the open-source outfit's so-called Metrics Data Ping proposal. Mozilla has been in touch to clear things up.
|
|
|
Source: Dark Reading - Posted by Anthony Pell
|
In the network security world, nmap is the king for fingerprinting systems and services over the network. It can help identify the operating system (OS), type, and version of a network service, and vulnerabilities that might be present. |
|
|
Source: Dark Reading - Posted by Anthony Pell
|
|
Every day, we hear another story about a company whose sensitive data has been breached. Press releases, tweets, customer support email, and followup articles all provide insight into the kind of information that’s been compromised, the company’s plans to investigate, and how affected parties can protect themselves. |
|
