Linux Security Week: December 3rd, 2012
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Piracy raid nabs Winnie the Pooh, Linux's Secure Boot stand-off, Facebook's new ToS (Nov 26)
 

Police investigating a request from an anti-piracy group in Finland have hit a new low in the fight against copyright infringement, confiscating the Winnie the Pooh laptop of a nine-year-old girl. Torrent Freak reports that Finnish anti-piracy group CIAPC sent the web account holder a letter requesting 600 and a non-disclosure signature to make the problem go away.

  Newly Discovered Linux Rootkit Not Sophisticated But Effective (Nov 26)
 

Researchers are analyzing a new rootkit for 64-bit Linux systems that injects iFrames onto websites and redirects traffic to malicious sites that install additional malware. It also accesses the system's memory and leverages the kernel to help conceal itself.

  Yahoo Mail hijacking exploit selling for $700 (Nov 27)
 

An exploit selling for $700 may put millions of Yahoo Mail users at risk of having their e-mail account hijacked and their browsers redirected to malicious sites.

  Known keycard hack suspected in hotel room burglary (Nov 27)
 

A known hack of a popular hotel keycard reader was allegedly employed in the burglary of a woman's hotel room in Texas.

  LulzSec hacker faces 30 years to life (Nov 28)
 

Jeremy Hammond is in really big trouble. Or, perhaps, the government is just trying to "scare the (expletive) out of him," in the words of Kevin Mitnick, formerly known as the world's "most-wanted hacker" and now a security consultant.

  Hackers steal experts' email addresses from International Atomic Energy Agency server (Nov 28)
 

A group of hackers leaked email contact information of experts working with the International Atomic Energy Agency (IAEA) after breaking into one of the agency's servers.

  Antivirus biz's founder unmasked as noted Chinese hacker (Nov 29)
 

Antivirus startup Anvisoft was founded by an infamous Chinese hacker who allegedly cut his teeth exploiting Microsoft Office security holes to hack US defence contractors, it has emerged.

  Email hacks router (Nov 30)
 

A whole range of Arcor, Asus and TP-Link routers are vulnerable to being reconfigured remotely without authorisation. On his blog, security researcher Bogdan Calin demonstrates that just displaying an email within the router's own network can have far-reaching consequences: when opened, his specially crafted test email reconfigures the wireless router so that it redirects the user's internet data traffic.

  Linux rootkit news "provides some comic relief" (Nov 27)
 

About two weeks ago, a posting on the Full Disclosure Mailing List announced a new Linux rootkit.Indeed, the posting didn't just announce the malware, but included a fully-working sample.

  Forget Disclosure -- Hackers Should Keep Security Holes to Themselves (Nov 30)
 

The author of this opinion piece, aka "weev," was found guilty last week of computer intrusion for obtaining the unprotected e-mail addresses of more than 100,000 iPad owners from AT&T's website, and passing them to a journalist. His sentencing is set for February 25, 2013.

  Security Experts Blast iPad Hacker's 'Chilling' Conviction (Nov 29)
 

Computer-security experts worldwide took to Twitter and the Web last night (Nov. 20) to denounce the conviction of famed troll and hacker Andrew "Weev" Auernheimer.

  Local hotel thefts may involve security flaw (Nov 29)
 

Did a Houston man accused of breaking into Galleria-area hotels use a device that targets a security flaw present in millions of hotel rooms worldwide?

Only registered users can write comments.
Please login or register.

Powered by AkoComment!