Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

(Apr 23)

Attempting to "hack" into your own wireless network can help you spot potential Wi-Fi security vulnerabilities and figure out ways to protect against them.
(Apr 25)

It's been a little more than three weeks since the revelation of the Global Payments data breach that led to the exposure of about 1.5 million credit card numbers. However, while that high-profile attack generated lots of media attention, some of the most dangerous hackers in the world aren't after your money; they want to steal the way your business makes money.
WordPress fixes file upload security problems (Apr 23)

The developers of the popular open source blog engine WordPress have released a security update for the software. WordPress 3.3.2 fixes unspecified bugs in three external file upload libraries used in the software and other security problems with the application.
Security Experts, Internet Engineers Urge Lawmakers to Drop CISPA (Apr 24)

A long list of security, networking and computer science experts have signed a letter sent to lawmakers on Monday, asking them to drop support for CISPA and other proposed cybersecurity bills because they consider the measures overly broad and say they would infringe on users' privacy and civil liberties.
VMWare Source Code Leak Follows Alleged Hack of Chinese Defense Contractor (Apr 26)

The source code belongs to VMWare's ESX virtual machine software product, a popular tool for creating and operating virtual computing environments. The code was posted to the Patebin web site, a repository for coders that has become a favorite for hackers to publish purloined wares.
Thunderbird and SeaMonkey updates arrive, close security holes (Apr 25)

Along with new versions of the Firefox web browser, Mozilla has published updates to Thunderbird and SeaMonkey, but they introduce relatively few new features or changes.
(Apr 24)

On its Online Security Blog, Google has announced that the company will be increasing its bounties for serious code execution bugs found in production versions of Google products to $20,000 (about L12,400). It will also be paying $10,000 for less severe vulnerabilities like SQL injection flaws as well as $3,133.37 for other vulnerabilities such as cross-site scripting exploits.
(Apr 30)

Video game graphics, silly buzzwords and even two people typing frantically on the same keyboard at once - Hollywood has often had a bit of fun when it comes to computer hacking.
(Apr 30)

File-sharing site The Pirate Bay must be blocked by UK internet service providers, the High Court has ruled.
Anonymous Takes Action Following Passage Of CISPA Bill By House (Apr 30)

Following last week's passage of the controversial CISPA cybersecurity bill by the U.S. House of Representatives, the hacktivist group Anonymous is calling for protests and threatening to attack multiple organizations.
Mozilla to auto-upgrade Firefox 3.6 users to version 12 (Apr 30)

Soon, users running Firefox 3.6.x will start being automatically upgraded to the current version 12.0 release of the open source web browser. The plan to auto-update these users has been being discussed since the end of March, when Mozilla Release Manager Alex Keybl proposed the move on a Mozilla planning discussion thread.
(Apr 30)

Much has been made of the Cyber Intelligence Sharing and Protection Act (CISPA) lately, and last week (April 26), it passed through the House of Representatives. Like other cyber-security bills, CISPA is likely to be stalled in the Senate for a while. After that, President Obama has said he will veto the bill, shooting it down and protecting our privacy. Or will he?