Linux Security Week: April 6th, 2015

Advisories

Linux Security Week: April 6th, 2015

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.


  New Firefox version says "might as well" to encrypting all Web traffic (Apr 2)
 

Developers of the Firefox browser have moved one step closer to an Internet that encrypts all the world's traffic with a new feature that can cryptographically protect connections even when servers don't support the HTTPS protocol.

  Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks (Mar 31)
 

News this week that guests at hotels around the world were exposed to malicious attacks from a gaping vulnerability in a popular network routing product is a reminder of the inherent risks business travelers face in connecting to the Internet from unfamiliar Wi-Fi access points.

  5 keys to hiring security talent (Apr 1)
 

Hiring (and retaining) data security talent is one of the toughest jobs today, especially after a slew of high-profile data breaches that have driven demand and salaries sky-high. Robert S. Allen, chief security officer at CNA, a major commercial insurance carrier, is tackling that challenge by making sure his company has an attractive story to tell job candidates.

  Like Google, Mozilla set to punish Chinese agency for certificate debacle (Apr 2)
 

The Mozilla Foundation plans to reject new digital certificates issued by the China Internet Network Information Center (CNNIC) in its products, but will continue to trust certificates that already exist.

  DDoS attacks that crippled GitHub linked to Great Firewall of China (Apr 3)
 

Earlier this week came word that the massive denial-of-service attacks targeting code-sharing site GitHub were the work of hackers with control over China's Internet backbone. Now, a security researcher has provided even harder proof that the Chinese government is the source of the assaults.

  EFF questions US government's software flaw disclosure policy (Mar 31)
 

It's not clear if the U.S. government is living up to its promise to disclose serious software flaws to technology companies, a policy it put in place five years ago, according to the Electronic Frontier Foundation.

  DDoS Attack Against GitHub Continues After More Than Four Days (Apr 1)
 

More than four days after it began, the massive DDoS attack on GitHub is still ongoing. The attack has evolved significantly since it started and GitHub officials said they believe that the goal of the operation is to force the site to remove some specific content.

  Feds Charged With Stealing Money During Silk Road Investigation (Mar 31)
 

Two former federal agents who investigated the Silk Road, the infamous online drug marketplace seized by the FBI in 2013, have been charged for their own outrageous digital crimes, including stealing money they acquired on their druggie undercover assignment.

  Audit Concludes No Backdoors in TrueCrypt (Apr 3)
 

The results are in from the cryptanalysis phase of the TrueCrypt audit, and they show--nothing.Well, maybe not "nothing," but certainly no signs of a deliberate backdoor from the NSA or any government entity, fears of which date back to the autumn of 2013, post-Snowden, and ignited talk to have the open source encryption software audited.

  MongoDB Patches Remote Denial-of-Service Vulnerability (Apr 1)
 

MongoDB, a popular NoSQL database used in big data and heavy analytics environments, has patched a serious denial-of-service vulnerability that is remotely exploitable.

  Little Change in Online Behavior Following Snowden Revelations (Apr 2)
 

Some 30 percent of American adults say they have altered their digital behavior in the wake of Edward Snowden's NSA spying revelations in order to hide information from the government.

  Cyberwar heats up in the Middle East (Apr 3)
 

Two new malware campaigns have been spotted in the Middle East, according to reports released this week, one targeting energy companies and the other going after political targets in Israel and Lebanon.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.