Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.


  EFF, ACLU, Other NGOs Urging U.N. to Create Privacy Watchdog (Mar 6)
 

A coalition of 63 non-governmental organizations (NGOs) from around the world are calling on national governments to support the establishment of a special rapporteur on the right to privacy within the United Nations.

  Domain keywords used to spot phishing sites (Mar 6)
 

Criminals setting up fake domains for phishing are prone to use the same words over and over and spotting those words can help identify malicious sites, according to a new threat detection model from OpenDNS.

  Bad movie: Hackers can raid networks with burnt Blu-Rays (Mar 2)
 

British hacker Stephen Tomkinson has found two Blu-Ray-borne attacks.His first exploit relies on a poor Java implementation in a product called PowerDVD from CyberLink. PowerDVD plays DVDs on PCs and creates menus using Java, but the way Oracle's code has been used allows naughty folk to circumvent Windows security controls.

  Snowden willing to face trial in US, if it's fair (Mar 4)
 

Edward Snowden, the former U.S. National Security Agency contractor who leaked details of the agency's surveillance programs, is willing to return to the U.S. and face criminal charges, if he's assured of a fair trial, according to a Russian news report.

  PATCH FREAK NOW: Cloud providers faulted for slow response (Mar 5)
 

Hundreds of cloud providers are still vulnerable to the serious FREAK cryptographic vulnerability.Skyhigh Networks found that 766 cloud services are still at risk 24 hours after FREAK was made public, based on an analysis of more than 10,000 different services.

  New FREAK Attack Threatens Many SSL Clients (Mar 4)
 

For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack.

  The Deadly Game of Cyber Mis-Attribution (Mar 3)
 

Despite the demand and market pressure in the cyber security industry to get past "what" and point a finger at "who" is behind sophisticated hacks, the tools and techniques for doing so haven't changed much in recent years.

  Why Silicon Valley Hackers Still Won't Work With the Military, and Vice Versa (Mar 2)
 

In the fight to defend cyberspace from its enemies, the US military is rushing to hire as many skilled hackers as it can. But no one is really sure how to get the two cultures to coexist.

  CSI: Cyber: We Watched So You Didn't Have To (Mar 5)
 

From the time the first commercials aired during the American pro football championship game last month, CSI: Cyber has been one of the more talked-about and least-anticipated shows in recent memory. At least in tech circles. For normal viewers, it's one of those shows that you wake up in the middle of at 10:27 after nodding off during Criminal Minds or CSI: Pet Detectives.

  Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox (Mar 3)
 

Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser's trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however.

  D-Link Routers Haunted by Remote Command Injection Bug - (Mar 3)
 

Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks.

  Clinton's Homebrew E-Mail Server: Risky or Genius? (Mar 9)
 

No, it's not always a room filled with wires and glowing blue lights. It's probably not even the size of your furnace. The personal email server used by Hillary Rodham Clinton during her time as secretary of state was probably about the size of your office desktop computer and could have been tucked quietly in a corner somewhere.