Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.


  What Happens When Personal Information Hits The Dark Web (Apr 14)
 

The bait--a trove of phony "stolen" data including several thousand Social Security numbers, credit cards, names, and email addresses--was swallowed within the first few days of being planted in the Dark Web. And when the 12-day experiment was over, the data had traveled to more than 22 different countries and been viewed nearly 1,100 times.

  Chrome starts pushing Java off the Web by disabling plugins (Apr 16)
 

Chrome 42, released to the stable channel today, will take a big step toward pushing old browser plugins, including Java and Silverlight, off the Web. Those plugins use a 1990s-era API called NPAPI ("Netscape Plugin API") to extend the browser, and with Chrome 42, that API is now off by default.

  Security pros name their must-have tools (Apr 17)
 

Secure file sharing is imperative for Lawyers Without Borders, a group that works with volunteer lawyers to advance human rights law in conflict-ridden regions. The nonprofit organization, headquartered in Hartford, Conn., uses Intralinks VIA to protect confidential legal documents and court papers from unsanctioned access.

  Wearables open new avenues for security and privacy invasions (Apr 15)
 

Wearable tech creates a new opportunity for private data to be collected, whether with or without the user's knowledge. And oftentimes, the user might have granted permission, without realizing quite what they were giving up.

  To Secure Modern Networks: Close The Visibility Gap (Apr 16)
 

Modern networks now go beyond traditional walls to include data centers, endpoints, virtual, mobile and the cloud. These extended networks and their components constantly evolve and span new attack vectors including: mobile devices, web- enabled and mobile applications, hypervisors, social media, web browsers, home computers, and even vehicles.

  Attacking Researchers Who Expose Voting Vulnerabilities (Apr 13)
 

A security flaw in New South Wales' Internet voting system may have left as many as 66,000 votes vulnerable to interception and manipulation in a recent election, according to security researchers.

  Survey finds younger workers make bad security choices (Apr 14)
 

The biggest smartphone security threats to companies caused by workers come from males younger than age 35 who earn more than $60,000 a year.Those are the findings of a new study commissioned by Aruba Networks that questioned 11,500 workers in 23 countries.

  APT group hacks cyber-spy gang in spy-on-spy pwnage (Apr 16)
 

Cyber-spy groups, whose numbers are growing with little constraint, have begun hacking each other.Hellsing, a small and technically unremarkable cyber-espionage group, was subjected to a spear-phishing attack by another threat actor last year, before deciding to strike back with its own malware-infected emails.

  Open-source personal crypto-key vault (Apr 14)
 

An open-source hardware project aimed at making the internet "a little bit safer" needs an influx of cash to continue its work.

  What the Ridiculous F$ck, D-Link?! (Apr 15)
 

As mentioned in an update to my post on the HNAP bug in the DIR-890L, the same bug was reported earlier this year in the DIR-645, and a patch was released. D-Link has now released a patch for the DIR-890L as well.

  WikiLeaks releases entire trove of Sony Hack including confidential emails (Apr 17)
 

Wikileaks has just now released the entire trove from the Sony hack. According to a press release on WikiLeaks, the entire archive which contains 30,287 documents from Sony Pictures Entertainment (SPE) and 173,132 emails, to and from more than 2,200 SPE email addresses has been leaked because "This archive shows the inner workings of an influential multinational corporation.

  Setting Security Professionals Up For Success (Apr 17)
 

People, process, and technology are all integral to a successful infosec program. What's too often missing involves the concept of workflow.