Linux Security Week: September 17th, 2012
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Go Daddy-serviced Web sites go down; hacker takes credit (Sep 11)
 

Web sites serviced by DNS and hosting provider Go Daddy were down for most of today, but were back up later this afternoon. A hacker using the "Anonymous Own3r" Twitter account claimed credit for the outage.

  New Attack Against Chip-and-Pin Systems (Sep 11)
 

You see, an EMV payment card authenticates itself with a MAC of transaction data, for which the freshly generated component is the unpredictable number (UN). If you can predict it, you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location. You can as good as clone the chip.

  Hacker takes apart iPhone 5: Finds no fingerprint security or NFC (Sep 11)
 

This does it, really. If the nine reasons we gave you on Monday weren't enough to dissuade you from buying the new iPhone 5 (yeah, that's what we're calling it for now), here are two more – and big ones too.

  Elderwood hacker gang claims unlimited supply of zero-day bugs (Sep 10)
 

An elite hacker group targeting defense industry sub-contractors has an inexhaustible supply of zero-days, or vulnerabilities that have yet to be publicised, much less patched, according to Symantec.

  Do Your SSL Certs Meet Microsoft's New Requirements? (Sep 14)
 

Warning from Microsoft to the entire Internet: make sure that your digital certificates are at least 1024 bits. As of Oct. 9, 2012, longer key lengths are mandatory for all digital encryption certificates that touch Windows systems.

  Cosmo, the Hacker ‘God' Who Fell to Earth (Sep 11)
 

Cosmo is huge -- 6 foot 7 and 220 pounds the last time he was weighed, at a detention facility in Long Beach, California on June 26. And yet he's getting bigger, because Cosmo -- also known as Cosmo the God, the social-engineering mastermind who weaseled his way past security systems at Amazon, Apple, AT&T, PayPal, AOL, Netflix, Network Solutions, and Microsoft -- is just 15 years old.

  Google Gets Serious about Chrome Security on Linux (Sep 12)
 

Google was a bit slow in the beginning getting its Chrome browser ready for Linux. That's now changing as Google is now set to take advantage of an advanced Linux kernel feature that could well make Chrome on Linux more secure than any other OS.

  Debora Plunkett, NSA's Cyber Defense Director, Says Foreign Cyber Attacks Are Increasingly 'Reckless (Sep 10)
 

Other nations are increasingly employing cyber attacks without "any sense of restraint," a top U.S. cybersecurity official said on Friday, citing "reckless" behaviors that neither the United States nor the Soviet Union would have dared at the height of Cold War tensions.

  222,000 Music Piracy Fine Not Unconstitutional, Court Rules (Sep 12)
 

The most recent step in the never-ending Thomas-Rasset music piracy case occurred today with the US Court of Appeals for the 8th Circuit ruling in favor of the RIAA. In its ruling the court decided that the outcome of the first trial in 2007 was indeed correct, and that Thomas-Rasset owes $222,000 to the major music labels.

  BlackHole 2.0 gives hackers stealthier ways to pwn (Sep 13)
 

A new version of the BlackHole exploit kit is now out on the web and ready to start infecting. The developer of the toolkit, who goes by the handle "Paunch," recently announced the availability of Blackhole 2.0, which removes much of its trove of known and patched exploits, and replaces them with a whole new crop--along with features that will make it harder for antivirus companies and site owners to detect trouble.

  GoDaddy Outage: Anonymous Attack Or IT Failure? (Sep 14)
 

What's worse for a website hosting company: getting taken down by hackers, or failing to properly configure your network, sparking downtime and lost revenue for customers?

  Cyberdetectives hunt down hackers, shore up security risks (Sep 10)
 

Hackers often are portrayed as basement-dwelling, junk-food eating computer geniuses who enjoy wreaking havoc on unsuspecting people by sneaking into their computers.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!