Linux Security Week: November 14th, 2011
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Demystifying the Chinese Hacking Industry: Earning 6 Million a Night - An Interview with a Member of the Chown Group (COG) about the billion dollar hacking business in China

Free Online security course (LearnSIA) - A Call for Help - The Survivability and Information Assurance (SIA) course was originally developed by a team at Carnegie Mellon, led by Lawrence Rogers (http://www.cert.org/sia/). Back in 2010, I requested a license to continue the development of the course because it provides useful information on Information Assurance. Also, this course will always be freely available for anyone to use in the classroom or self-study. There are three parts to the LearnSIA curriculum.


  Wi-Fi security do's and don'ts (Nov 7)
 

Wi-Fi is inherently susceptible to hacking and eavesdropping, but it can be secure if you use the right security measures. Unfortunately, the Web is full of outdated advice and myths. But here are some do's and don'ts of Wi-Fi security, addressing some of these myths.

  Hacker uncovers major iOS security flaw [video] (Nov 8)
 

A major security flaw in Apple's iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert. Described by Forbes as a "serial Mac hacker," Accuvant LABS computer security researcher Charlie Miller has uncovered a security flaw that allows hackers to build apps that look legitimate and pass through Apple's App Store approval process.

  Anonymous Hacks Wal-Mart, CapitalOne, Finland, El Salvador (Nov 9)
 

It's been a busy few days for the hacktivist collective known as Anonymous. On Saturday, Anonymous released data it had stolen after hacking the websites of CapitalOne and Wal-Mart.

  Firefox and Internet Explorer pull trust in DigiCert SSL certificates (Nov 7)
 

Mozilla and Microsoft said Thursday they are revoking trust in all certificates issued by Digicert, a Malaysian intermediate certificate authority, after it was found that it had issued 22 certificates with weak 512 bit keys and missing certificate extensions and revocation information.

  SSL certificates under fire as hacking incidents pile up (Nov 9)
 

A year ago nobody could have cared less about certificate authorities (CAs), a dull but critical part of Internet that makes it possible for web servers to authenticate themselves to other computers, including ordinary browsers, using SSL.

  Report: Security From The Inside Out (Nov 8)
 

IT and network administrators are increasingly concerned about data leaks and attacks from inside the company, but their user awareness training programs are falling short of the mark.

  Sloppy use of Amazon cloud can expose users to hacking (Nov 10)
 

Using Amazon's EC2 (Elastic Compute Cloud) can pose a security threat to organizations and individuals alike, though Amazon's not to blame, according to researchers from Eurecom, Northeastern University, and SecludIT.

  Prisons bureau alerted to hacking into lockups (Nov 7)
 

Federal authorities are concerned about new research showing U.S. prisons are vulnerable to computer hackers, who could remotely open cell doors to aid jailbreaks.

  Uncle Sam wants you, hackers: Cyberwarriors (Nov 10)
 

Geeks and security freaks are my favorite kind of people; it's a compliment, the same as being a hacker. They may not have always been considered cool labels, but most who fall in that category are not concerned about what people think. Instead of public opinion, these types of people apply their curiosity to other more important matters.

  Ruby's RSA crypto bug near miss (Nov 9)
 

The Ruby developers had a near miss with a crypto disaster when an "awful bug" crept into the language's source code development tree. A simple programming error made the library generate RSA keys that caused the encryption mechanism to produce clear text.

  Hackers ‘attack Sandia Labs 30,000 times/hr.' (Nov 10)
 

Sandia National Laboratories President and Director Paul Hommert said the lab has greatly increased its research and development efforts in cyber security in recent years.

  KPN Stops Issuing SSL Certificates After Possible Breach (Nov 7)
 

The largest telecommunications company in the Netherlands has stopped issuing SSL (Secure Sockets Layer) certificates after finding indications that the website used for purchasing the certificates may have been hacked.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!