Linux Security Week: January 21st, 2013
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Security Week Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Hackers claim new air traffic system can be hijacked (Jan 14)
 

The Federal Aviation Administration is in the midst of upgrading its air traffic control system at a cost of tens of billions of dollars. A big price might not fix an even bigger problem, though, as hackers suggest that system could be compromised.

  The Importance of Securing a Linux Web Server (Jan 15)
 

With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise.

  Fedora still has issues with secure boot (Jan 15)
 

Three days before its scheduled release, Fedora 18 still has some issues when confronted with a computer that is running Windows 8 with secure boot enabled, if one goes by the latest testing image available online.

  Java Security Vulnerability – How To Disable Java In Linux Browsers (Jan 14)
 

When the Homeland Security folks get into the mix and urge all computer users to disable Java in their browsers, you know it's serious. Indeed, the exploit announced yesterday seems to affect all operating systems, including Linux, and it's already being exploited. According to Trend Micro the flaw is already being used by blackhat toolkits mainly to distribute ransomware. In a blog posted yesterday, the company advises all users to disable or uninstall Java:

  Aaron Swartz, Coder and Activist, Dead at 26 (Jan 14)
 

We often say, upon the passing of a friend or loved one, that the world is a poorer place for the loss. But with the untimely death of programmer and activist Aaron Swartz, this isn't just a sentiment; it's literally true. Worthy, important causes will surface without a champion equal to their measure.

  Firefox getting built-in HTML5-based PDF viewer to improve security (Jan 14)
 

A built-in PDF viewer component based on JavaScript and HTML5 Web technologies has been added to the beta version of Firefox 19, Mozilla said Friday.

  Mozilla develops Minion security testing framework (Jan 18)
 

The Mozilla Foundation is developing an open source security framework called Minion and plans to release a beta version in the first quarter of 2013. Minion will allow developers to subject their web applications to a security check.

  Security Flaw Allows Hackers to Take over Cisco IP Phones (Jan 15)
 

If you work in an office that uses the popular CiscoUnified IP Phone 7900 Series, prepare to feel violated. A couple of security researchers have published details on a security vulnerability that allows a nefarious hacker to turn the phones into eavesdropping devices. The hack allows people to listen in on private phone calls as well as to nearby conversations.

  Should 'good' hackers be protected by law? (Jan 17)
 

A Dutch MP who brought to light a security gap on a medical site is himself being accused of hacking crimes, pulling him into an ongoing debate in the Netherlands over 'ethical hacking.'

  Beware: Hackers in your car, TV and light-bulbs? (Jan 17)
 

We all know we should be careful transacting online, but are you thinking about cyber-security when you're watching TV or driving your car?

  Oracle releases emergency Java update (Jan 14)
 

Oracle Corp. released an emergency update to its Java software for surfing the Web on Sunday, but security experts said the update fails to protect PCs from attack by hackers intent on committing cyber crimes.

  U.S. Attorney Says Aaron Swartz Prosecution ‘Was Appropriate' (Jan 18)
 

Carmen Ortiz, the U.S. attorney in Massachusetts, said Thursday the government's "conduct was appropriate" in its handling of the Aaron Swartz prosecution.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!