Linux Security Week: December 5th, 2011
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Squid and Digest Authentication - Digest AuthenticationDigest Authentication hashes the password before transmitting over the wire. Essentially it sends a message digest generated from multiple items including username, realm and nonce value. If you want to know more see (RFC 2617).

Squid and Basic Authentication - This is perhaps the easiest authentication helper to configure in Squid, but also the most insecure. The biggest problem with Basic is it transmits username and password in clear text, hence very susceptible to network sniffing or man in the middle type attacks. The only reason I'm writing about it is it's a valid authentication mechanism in some limited circumstances. Secondly I want to show you how authentication has evolved over the years.


  Why Password Wisdom Is All Wrong (Nov 30)
 

I don't like to keep people in suspense, so I'll start off with the surprise ending: Your password is not secure. Now that I've gotten your attention, we can talk about why that is (and what you can do to improve upon it).

  Best Paying IT Security Jobs In 2012 (Nov 28)
 

Good news for information security professionals: Expect salaries to increase by an average of 4.5% in 2012. Pay for chief security officers, meanwhile, is expected to increase by 3.9%.

  Exclusive: Millions of printers open to devastating hack attack (Nov 29)
 

Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire? Or use a hijacked printer as a copy machine for criminals, making it easy to commit identity theft or even take control of entire networks that would otherwise be secure?

  New Apache Reverse Proxy Issue Uncovered (Nov 28)
 

A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said.

  Android glitch allows hackers to bug phone calls (Dec 1)
 

Computer scientists have discovered a weakness in smartphones running Google's Android operating system that allows attackers to secretly record phone conversations, monitor geographic location data, and access other sensitive resources without permission.

  Hackers getting hacked by security firms (Nov 30)
 

In late 2010, a team of Eastern European hackers began attacking the website of a Fortune 100 company. They employed what's known as an SQL injection, manipulating the online forms where visitors enter information. The hope was to trick the underlying database into spitting out valuable corporate data.

  Anonymous: 'We hacked cybercop's email' (Nov 28)
 

The Anonymous hacking collective's AntiSec group has launched a fresh assault on law enforcement agencies with the release of what they claim are personal emails stolen from a Californian cybercrime investigator.The cache of emails which according to AntiSec are from the account of Fred Baclagan, a retired special agent supervisor of the Californian Department of Justice includes 30,000 emails detailing various computer forensic techniques and cybercrime investigation protocols.The hacktivists claim to have hacked into Baclagan's Gmail account and to have accessed his voicemails and SMS message logs using unspecified techniques as part of their ongoing campaign against law enforcement officials and their "allies" in the computer security industry.

  The Pest Who Shames Companies Into Fixing Security Flaws (Nov 30)
 

Every Christopher Soghoian production follows a similar pattern, a series of orchestrated events that lead to the public shaming of a large entity--Google, Facebook, the federal government--over transgressions that the 30-year-old technologist sees as unacceptable violations of privacy. Sometimes he discovers these security flaws by accident, other times because someone has pissed him off, but mostly because he's parked at his computer all day looking for security flaws.

  Hackers target IPv6 (Nov 28)
 

If your IPv6 strategy is to delay implementation as long as you can, you still must address IPv6 security concerns right now. If you plan to deploy IPv6 in a dual-stack configuration with IPv4, you're still not off the hook when it comes to security. And if you think you can simply turn off IPv6, that's not going to fly either.

  HP laser printer hack raises concern, millions vulnerable (Nov 30)
 

Researchers from Columbia University have demonstrated a security flaw found in, but perhaps not limited to, HP printers which can actually lead to fires. The exploit allows hackers to reprogram printers with custom firmware, giving the attacker full control of printer functions. As a result, the hacker can continually heat a laser printer's fuser until paper begins to burn, MSNBC reports.

  Hacking linked to Northern Ireland (Nov 29)
 

POLICE have told Britain's former Northern Ireland secretary Peter Hain they are investigating evidence that his computer may have been hacked by private detectives working for News International.Senior Northern Ireland civil servants and intelligence agents may also have been hacked, they said.

  Bruce Schneier Awarded Honorary Degree From Westminster University (Nov 28)
 

Security technology expert Bruce Schneier has been awarded an honorary degree from the University of Westminster. The Doctor of Science award from the university's School of Electronics and Computer Science was given in recognition for Schneier's 'hard work and contribution to industry and public life'.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!