Linux Security Week: November 12th, 2012
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Twitter unintentionally resets thousands of passwords (Nov 9)
 

On Thursday, numerous Twitter users received an email saying that their Twitter accounts may have been compromised and that their passwords had been reset as a precautionary measure to prevent unauthorised access.

  Evolving security standards a challenge for cloud computing (Nov 9)
 

Any enterprise looking to use cloud computing services will also be digging into what laws and regulations might hold in terms of security and privacy of data stored in the cloud. At the Cloud Security Alliance Congress in Orlando this week, discussion centered on two important regulatory frameworks now being put in place in Europe and the U.S.

  AT&T Breaching Net-Neutrality Rules (Nov 9)
 

AT&T continues to breach net-neutrality regulations despite an announcement that it would begin offering Apple's FaceTime service to more of its iPhone and iPad subscribers, digital rights groups said.

  Hackers Attack: South Carolina Taxpayers Exposed by Massive Security Breach (Nov 9)
 

Millions of South Carolina Social Security numbers and credit and debit card numbers have been exposed by an international hacker. It's likely the hack will prove enormously expensive for the state.

  Ruby update fixes hash flooding vulnerability (Nov 12)
 

The Ruby developers have released an update to the 1.9.3 series of their open source programming language, fixing a denial-of-service vulnerability. Ruby 1.9.3 patch level 327, labelled 1.9.3-p327, corrects a hash-flooding issue that could be exploited by an attacker to cause a high CPU load that can result in a denial-of-service.

  Teenage Hacker ‘Cosmo the God' Sentenced by California Court (Nov 12)
 

The 15-year-old UG Nazi hacker known as Cosmo* or Cosmo the God was sentenced in juvenile court on Wednesday in Long Beach, California. According to Cosmo, he pleaded guilty to multiple felonies in exchange for a probation, encompassing all the charges brought against him, which included charges based on credit card fraud, identity theft, bomb threats, and online impersonation.

  Security Metrics: Critical Issues (Nov 12)
 

Numbers are the language of business. Fortunately, security metrics are growing ever more sophisticated. Knowing what to measure, how to measure it and how to communicate those metrics can help improve security's efficiency, effectiveness and standing in the business world.

  Encryption, not restriction, is the key to safe cloud computing (Nov 12)
 

It's 11 p.m. Do you know where your data is? If your enterprise has transitioned to the cloud for data storage the answer almost certainly is "no." Portions of it might be in Malaysia; other bits in Antigua.

  How to devise passwords that drive hackers away (Nov 12)
 

Not long after I began writing about cybersecurity, I became a paranoid caricature of my former self. It's hard to maintain peace of mind when hackers remind me every day, all day, just how easy it is to steal my personal data.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!