Linux Security Week: February 20th, 2012
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Passwords Suck: Learn About and Use Multi-Factor Authentication (Feb 14)
 

They are long, hard to remember (even if you have easier-to-remember phrases), moreso when new, and are largely a difficulty for users to user properly. Combined with the fact that many users choose easy-to-guess or easy-to-ascertain passwords based off of commonly-known facts about themselves and that they will try all of their passwords when told one isn't working…the list goes on.

  How to Become an Ethical Hacker (Feb 16)
 

Do viruses, DDoS attacks, or buffer overflows tickle your fancy? If so, you might consider becoming a legal hacker, aka an ethical hacker, "white hat" hacker, or penetration tester.

  RSA security flawed say researchers after collecting duplicate public keys (Feb 15)
 

Cryptography researchers collected millions of X.509 public key certificates that are publicly available over the web and found what they say is a shockingly high frequency of duplicate RSA-moduli keys.

  DDoS attackers start targeting IPv6 networks (Feb 17)
 

It had to happen: Criminals are trying to find holds in the IPv6 protocol by launching denial of service attacks. Cybercriminals have started launching distributed denial-of-service (DDoS) attacks against networks that transmit data over IPv6, according to a report published recently by DDoS mitigation vendor Arbor Networks.

  Google Wallet is Easy to Hack and Exploit (Feb 14)
 

Google Wallet, which initially launched in September of 2011, has decided to temporarily suspend its provisioning of prepaid cards as a result of two newly discovered security vulnerabilities. Recently, a security research team uncovered a potential threat to the overall security of the Google Wallet.

  Microsoft's struggle against bugs (Feb 15)
 

It has been ten years since Bill Gates famously emailed all Microsoft's employees declaring that data protection and system security should be the company's top priorities. Uli Ries describes the subsequent progress Microsoft has achieved in making its software more secure.

  StopTheHacker Helps Website Owners Combat Malware, Raises $1.1 Million (Feb 13)
 

StopTheHacker, an aptly named provider of SaaS-based website security services, has secured $1.1 million in first-round funding from public and private investors, including Runa Capital and former Bluecoat chief executive Brian NeSmith.

  The Pirate Bay's Peter Sunde: It's Evolution, Stupid (Feb 14)
 

In the case of The Pirate Bay, it's been particularly obvious. My fellow co-founders -- Fredrik Neij and Gottfrid Svartholm -- and I were convicted in 2009 of contributory copyright infringement. Last week the Supreme Court of Sweden refused to hear our appeal. We each face between four months and one year in prison. My sentence was eight months.

  Security Manager's Journal: Hackers phone home -- on our dime (Feb 13)
 

It's been a while since we've had a security breach worth mentioning (that we know of). Last week we had one, and it was an eye-opener.

  Privacy Tool Lets Users Quickly Rank Websites on Privacy Policies (Feb 15)
 

Website privacy policies, like end-user agreements, have become a morass of confusion that offer little in the way of clarity about what sites are and aren't tracking.A new tool and website launched today purports to clear some of the fog around this issue.

  Your address book is mine: Many iPhone apps take your data (Feb 14)
 

Last week, Path iPhone app users were surprised (and quite disgruntled) to learn that the innards of their address books contacts email addresses and phone numbers had been uploaded to and stored on Paths servers. After a public outcry, Path immediately amended its practice to request user permission, and deleted its records.

  New Waledac Variant Goes Rogue (Feb 16)
 

Remember the infamous Storm spamming botnet that later re-emerged as Waledac and was later silenced in a high-profile takedown led by Microsoft? It's baaaack -- and this time it's performing more malicious activity than sending annoying spam messages.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!