Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

  (Oct 20)
 

We often shift between a phone signal, private internet connections, and public Wi-Fi networks. You pass by your local Starbucks, for example, and the phone remembers you've been there in the past and latches on to its signal--without you thinking too much about it.
  (Oct 21)
 

John Kane was on a hell of a winning streak. On July 3, 2009, he walked alone into the high-limit room at the Silverton Casino in Las Vegas and sat down at a video poker machine called the Game King. Six minutes later the purple light on the top of the machine flashed, signaling a $4,300 jackpot.
  iPhone Encryption and the Return of the Crypto Wars (Oct 22)
 

Last week, Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone's encryption only protected a small amount of the data, and Apple had the ability to bypass security on the rest of it.
  (Oct 23)
 

Patches have been flung out to cover vulnerabilities in PHP that led to remote code execution and buffer overflows.
  (Oct 24)
 

Maintaining your privacy online, like investing in stocks or looking good naked, has become one of those nagging desires that leaves Americans with a surplus of stress and a deficit of facts. So it's no surprise that a cottage industry of privacy marketers now wants to sell them the solution in a $50 piece of hardware promising internet "anonymity" or "invisibility."
  (Oct 23)
 

US standards body the National Institute of Standards and Technology (NIST) has laid out the basics of hypervisor security in a draft publication released for comment on 20 October.
  Disaster as CryptoWall encrypts US firm's entire server installation (Oct 24)
 

"Here is a tale of ransomware that will make your blood run cold," announced Stu Sjouwerman of security training firm KnowBe4 in a company newsletter this week and he wasn't exaggerating.
  Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System (Oct 23)
 

Senator Ron Wyden thought he knew what was going on.The Democrat from Oregon, who has served on the Senate Select Committee on Intelligence since 2001, thought he knew the nature of the National Security Agency's surveillance activities.
  USB is now UEC (use with extreme caution) (Oct 22)
 

USB is an acronym for Universal Serial Bus; at least that is what it has stood for since 1999 when it was patented. But now it may take on a new meaning and instead stand for Ultimate Security Breakdown.
  Mobile Device Encryption Could Lead to a