Linux Security Week: November 1st, 2011
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. Feature Extras:

Free Online security course (LearnSIA) - A Call for Help - The Survivability and Information Assurance (SIA) course was originally developed by a team at Carnegie Mellon, led by Lawrence Rogers ( Back in 2010, I requested a license to continue the development of the course because it provides useful information on Information Assurance. Also, this course will always be freely available for anyone to use in the classroom or self-study. There are three parts to the LearnSIA curriculum.

What You Need to Know About Linux Rootkits - Rootkits are a way attackers hide their tracks and keep access to the machines they control. The good rootkits are very hard to detect and remove. They can be running on ones computer and no one can even know they have been running. Read more to learn how to detect them on your system.

  Hackers port trojan from Linux to OS X (Oct 26)

Security researchers at ESET and Sophos have discovered that hackers have gone out of their way to port an old Linux backdoor Trojan to the Apple Mac OS X platform, extending their reach of computers that they can use as part of their botnets.

  Stupid hacker tricks: Exploits gone bad (Oct 24)

If the Internet is the new Wild West, then hackers are the wanted outlaws of our time. And like the gun-slinging bad boys before them, all it takes is one wrong move to land them in jail.

  Double Security Whammy, No Patches: Killer SSL DDoS Attack, XML Encryption Broken (Oct 25)

The Germans have wreaked all kinds of mass destruction on the security forefront. The hacking group "The Hacker's Choice" released a new THC-SSL-DOS tool that allows a single laptop's DSL connection to take down a server. Other German researchers found a flaw and broke the W3C standard with a serious attack against XML Encryption that works in all cases, including against Microsoft, IBM, Red Hat, Apache and other XLM framework providers.

  Metasploit For The Masses (Oct 24)

Two years after Rapid7 acquired the Metasploit Project, the company has rolled out a free and more user-friendly version of the open-source tool that is aimed at less technical users.

  The answer to the BYOD question is Virtualization. (Oct 28)

Virtualization seems to be everyone's answer to every problem. For BYOD, it might just be the answer to stressed budgets and user happiness.

  Hackers could have TAKEN OVER Amazon Web Services (Oct 27)

Security researchers have unearthed a flaw in Amazon Web Services that created a possible mechanism for hackers to take over control of cloud-based systems and run administrative tasks.

  AntiSec says it's behind police website attacks (Oct 25)

The hackers who defaced police department websites in Boston and Alabama did so in support of the Occupy Boston movement, and to protest the Boston Police for what they perceive as unprovoked violence against demonstrators. There's another, decidedly less righteous reason behind their attacks, however: they were bored.

  Authentication With Hardware (Oct 27)

Here are some thoughts about providing users and businesses ways for a website to authenticate a user all the way to the hardware connection to his computer or mobile device.

  Skype security flaw allows location tracking (Oct 25)

A glaring security flaw's been uncovered in Skype and other VoIP systems, potentially allowing hackers to access users' identities, locations and even files.

  Hackers Release DoS Attack Tool Targeting SSL Servers (Oct 26)

A hacker group has released a proof-of-concept tool that exploits how encryption keys can be renegotiated to launch a distributed denial of service attack against Secure Sockets Layer servers.

  Hackers devise attack vs secure servers (Oct 26)

What good are secure servers if they can get kicked off the Internet?This is the premise of a new distributed denial-of-service (DDos) tool released by a German hacker group, targeting servers using secure sockets layer (SSL).

  XML Encryption Flaw Leaves Web Services Vulnerable (Oct 25)

Watch your Web Services: the official XML Encryption Syntax and Processing standard can be broken.So say two researchers from Ruhr-University Bochum in Germany, who have demonstrated a practical attack against XML's cipher block chaining (CBC) mode.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!