Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.


  Your HDDs were RIDDLED with NSA SPYWARE for YEARS (Feb 17)
 

The US National Security Agency (NSA) has infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades, according to an analysis by Kaspersky Labs.

  "How do I stop this virus?" Equation Group victim pleaded for online help (Feb 18)
 

A day after security Kaspersky Lab researchers detailed a state-sponsored hacking campaign with ties to Stuxnet, an online posting has been spotted in which one of the victims pleaded for help.

  Chips under the skin: Biohacking, the connected body is 'here to stay' (Feb 17)
 

If you could replace your car keys, website login data, credit cards and bus passes with a chip embedded under your skin, would you? This is a question addressed this week at the Kaspersky Labs Security Analyst Summit by biohacker Hannes Sjoblad from BioNyfiken.

  Information disclosure flaw exposes Netgear wireless routers to attacks (Feb 16)
 

Several wireless routers made by Netgear contain a vulnerability that allows unauthenticated attackers to extract sensitive information from the devices, including their administrator passwords and wireless network keys.

  Google's Project Zero gets tough on companies with lax security patch (Feb 16)
 

Google Inc. has a elite team of hackers and programmers called Project Zero so named after the "zero day" security flaws that are exploited before developers learn of them.

  Lenovo shipped lappies with man-in-the-middle ad/mal/bloatware (Feb 19)
 

Lenovo is in hot water after being caught intentionally shipping laptops with software that steals web traffic using man-in-the-middle attacks.

  How to lock down an insecure wireless network router (Feb 19)
 

It's nearly always possible to find a router's default username and password online, depending on the brand and model. This means you can connect to the network, or tap into the router settings and lock out anyone from the network -- even the owners.

  Major Video Game Companies Agree to Share Customer Data with the US Government (Feb 16)
 

With or without controversial new legislation such as the ​Cybersecurity Information Sharing and Protection Act, President Obama is doing his best to make sure companies share the information they know about you with the federal government.

  The Great Bank Heist, or Death by 1,000 Cuts? (Feb 17)
 

I received a number of media requests and emails from readers over the weekend to comment on a front-page New York Times story about an organized gang of cybercriminals pulling off "one of the largest bank heists ever." Turns out, I reported on this gang's activities in December 2014, although my story ran minus many of the superlatives in the Times piece.

  Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy (Feb 19)
 

A year ago, the Department of Justice threatened to put Fidel Salinas in prison for the rest of his life for hacking crimes. But before the federal government brought those charges against him, Salinas now says, it tried a different tactic: recruiting him.

  Some notes on SuperFish (Feb 20)
 

  Lenovo Superfish Certificate Password Cracked (Feb 20)
 

Lenovo laptop owners are at risk for man-in-the-middle attacks as a vulnerability disclosed in pre-installed Superfish adware went nuclear this morning.