Linux Security Week: April 6th, 2015

Developers of the Firefox browser have moved one step closer to an Internet that encrypts all the world's traffic with a new feature that can cryptographically protect connections even when servers don't support the HTTPS protocol.

News this week that guests at hotels around the world were exposed to malicious attacks from a gaping vulnerability in a popular network routing product is a reminder of the inherent risks business travelers face in connecting to the Internet from unfamiliar Wi-Fi access points.

Hiring (and retaining) data security talent is one of the toughest jobs today, especially after a slew of high-profile data breaches that have driven demand and salaries sky-high. Robert S. Allen, chief security officer at CNA, a major commercial insurance carrier, is tackling that challenge by making sure his company has an attractive story to tell job candidates.

The Mozilla Foundation plans to reject new digital certificates issued by the China Internet Network Information Center (CNNIC) in its products, but will continue to trust certificates that already exist.

Earlier this week came word that the massive denial-of-service attacks targeting code-sharing site GitHub were the work of hackers with control over China's Internet backbone. Now, a security researcher has provided even harder proof that the Chinese government is the source of the assaults.

It's not clear if the U.S. government is living up to its promise to disclose serious software flaws to technology companies, a policy it put in place five years ago, according to the Electronic Frontier Foundation.

More than four days after it began, the massive DDoS attack on GitHub is still ongoing. The attack has evolved significantly since it started and GitHub officials said they believe that the goal of the operation is to force the site to remove some specific content.

Two former federal agents who investigated the Silk Road, the infamous online drug marketplace seized by the FBI in 2013, have been charged for their own outrageous digital crimes, including stealing money they acquired on their druggie undercover assignment.

The results are in from the cryptanalysis phase of the TrueCrypt audit, and they show--nothing.Well, maybe not "nothing," but certainly no signs of a deliberate backdoor from the NSA or any government entity, fears of which date back to the autumn of 2013, post-Snowden, and ignited talk to have the open source encryption software audited.

MongoDB, a popular NoSQL database used in big data and heavy analytics environments, has patched a serious denial-of-service vulnerability that is remotely exploitable.

Some 30 percent of American adults say they have altered their digital behavior in the wake of Edward Snowden's NSA spying revelations in order to hide information from the government.

Two new malware campaigns have been spotted in the Middle East, according to reports released this week, one targeting energy companies and the other going after political targets in Israel and Lebanon.