Linux Security Week: October 3rd, 2011
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. Feature Extras:

What You Need to Know About Linux Rootkits - Rootkits are a way attackers hide their tracks and keep access to the machines they control. The good rootkits are very hard to detect and remove. They can be running on ones computer and no one can even know they have been running. Read more to learn how to detect them on your system.

Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition - Mark Sobell again delivers the answers to common Linux administration challenges, and provides thorough and step-by-step instructions to configuring many of the common Linux Internet services in A Practical Guide to Fedora and Red Hat Enterprise Linux, Fifth Edition.

  Hackers post data on JP Morgan Chase CEO (Sep 30)

Hackers have posted personal information about the chief executive of J.P. Morgan Chase in solidarity with the Occupy Wall Street protests.

  Mozilla considers disabling Java in Firefox (Sep 29)

The Firefox developers are currently discussing whether to disable Oracle's Java plug-in as a potential workaround for the recently disclosed SSL/TLS vulnerability. The Java plug-in is the component that enables attackers to exploit the vulnerabilities presented by Juliano Rizzo and Thai Duong last week – the two researchers demonstrated how the cookies of arbitrary web pages can be reconstructed despite being sent via encrypted connections.

  Hackers are innovating SQL injection attacks to bypass security controls Hackers are innovating SQL (Sep 29)

From 2005 through today, SQL injection has been responsible for 83% of successful hacking-related data breaches. It is estimated that there are a total of 115,048,024 SQL injection vulnerabilities in active circulation today.

  Former super-hacker Kevin Mitnick finally opens up (Sep 30)

Kevin Mitnick was once one of the most wanted cybercriminals in America. Though he never stole a dime, he infiltrated the security systems of everyone from Sun Microsystems to Motorola to the California DMV. He also spent several years on the lam, living under carefully crafted false identities--until 1995, when he was arrested and sentenced to five years in federal prison. Now that the embargo on profiting from his story is up, Mitnick dissects his obsession in a new memoir, Ghost in the Wires. Dave Morris asked the hacker-turned-security-expert what businesses can learn from a guy like him.

  Authencity of Web pages comes under attack (Sep 28)

The keepers of the Internet have become acutely concerned about the Web's core trustworthiness. Hackers cracked three companies that work with the most popular Web browsers to ensure the authenticity of Web pages where consumers type in sensitive information, such as account log-ons, credit card numbers and personal data.

  USA Today Twitter account hacked (Sep 27)

USA Today's Twitter account was hacked, apparently by the same group that breached the Twitter accounts of NBC and Fox News.

  MySQL Malware Hack Cost Just $3,000 (Sep 28)

A security firm warned Monday that the website for downloading the popular MySQL open source relational database was infecting PCs via drive-by downloads.

  On Computers: Don't worry about that https (Sep 30)

A reader wrote me: "I occasionally see ‘https' in my browser. Should I suspect it might be some manner of hacking?" I wrote back that it does have something to do with hacking, but this time it's to our advantage.

  Top Scoring U.S. Cyber Challenge Cyber Quests Winners (Sep 28)

The U.S. Cyber Challenge (USCC) and the International Council of E-Commerce Consultants (EC-Council) today announced the recipient of a seat at the Global Cyberlympics, an international team ethical hacking competition. Chad Weber, a sophomore at Vermont Technical College, earned admission to Cyberlympics by scoring first place in the USCC Cyber Quests, a national competition focused on testing participants' ability to identify and interpret web application attacks.

  NSA Label-based System Could Secure Big Data (Sep 26)

The National Security Agency has submitted its new, label-based data store software to the Apache Software Foundation, in hopes that others will further develop it for use in secure systems.

  For Hackers, the Next Lock to Pick (Sep 28)

Hackers have broken into the cellphones of celebrities like Scarlett Johansson and Prince William. But what about the rest of us, who might not have particularly salacious photos or voice messages stored in our phones, but nonetheless have e-mails, credit card numbers and records of our locations?

  When Is A Web Hacker Good For My Business? (Sep 28)

When you ask for it. A new trend in business is to enhance ones sense of security for their website and/or confidential business data. An emerging trend to ensure your website, business server or database is secure is to hire a professional hacker and have them target you for an evaluation. Sounds crazy!

Only registered users can write comments.
Please login or register.

Powered by AkoComment!