Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. Hottest news this week is the widespread Wordpress vulnerability, a Safari browser vulnerability, a Metaspolit interview, DDoS attack info, and much more. Let us know what you think!

LinuxSecurity.com Feature Extras:

Review: Practical Guide to Linux Commands, Editors, and Shell Programming - Mark Sobell has again compiled a great collection of applications and utilities in A Practical Guide to Linux Commands, and his experience shows in this second edition.

SSH: Best Practices - If you're reading LinuxSecurity.com then it's a safe bet that you are already using SSH, but are you using it in the best way possible? Have you configured it to be as limited and secure as possible?


Read on for my best practices for using Secure Shell.


Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

(May 10)

A recent simulation of a devastating cyberattack on America was crying for a Bruce Willis lead: A series of mysterious attacks--probably sanctioned by China but traced to servers in the Russian city of Irkutsk--crippled much of the national infrastructure, including air traffic, financial markets and even basic email. If this was not bad enough, an unrelated electricity outage took down whatever remained of the already unplugged East Coast.

Zero-day exploit for Safari (May 10)

Security company Secunia is warning of a critical vulnerability in Apple's Safari browser. The current version (4.0.5) and possibly older versions are affected. If a user visits a website containing the exploit using the Windows version of Safari, the site can compromise the system and either crash the browser or execute malicious code. The problem is caused by an error in the way the browser deals with pop-ups.

Large-scale attack on WordPress (May 10)

According to various reports, in the past few days a number of websites created using WordPress have been hacked. While the attack initially appeared to be limited to web sites hosted by American ISP DreamHost, it has since become apparent that blogs hosted at GoDaddy, Bluehost and Media Temple have also been affected.

Botnets exploit Linux owners' ignorance (May 10)

A lack of knowledge and awareness about how to use Linux mail servers could be contributing to the disproportionately large number of Linux machines being exploited to send spam, according to new Symantec Hosted Services research.

(May 10)

In a soberly worded response to Friday's edition of The Long View, Bruce Schneier clarifies that he didn't expect anyone to think he believes that 9/11 made us safer.I'm indebted to Bruce for clearing that up.

(May 10)

The latest MessageLabs Intelligence Report from Symantec Hosted Services is filled with interesting and useful information regarding the current state of malware and e-mail borne threats as well as the trends over time. Of particular interest to me is the assertion in the report that "any given Linux machine is five times more likely to be sending spam than any given Windows machine."

DNSSEC on all root servers - updated (May 10)

On Wednesday (5th May) the last of the 13 authoritative root servers for the domain name system switched over to the DNS Security Extensions (DNSSEC) security protocol. DNSSEC is intended to prevent DNS exploits such as cache poisoning. All 13 root servers are now serving a signed version of the root zone. However, it is not possible to validate these signatures at present as the public key remains undisclosed.

Symantec Study Mischaracterizes Linux Spam (May 7)

The latest MessageLabs Intelligence Report from Symantec Hosted Services is filled with interesting and useful information regarding the current state of malware and e-mail borne threats as well as the trends over time. Of particular interest to me is the assertion in the report that "any given Linux machine is five times more likely to be sending spam than any given Windows machine."

FedRAMP Seeks to Unify Cloud Computing Security Standards Across the U.S. Government (May 7)

Yesterday, I hosted a panel at the Cloud Computing summit focused on cloud security for the federal government. The panel was made up of some smart folks: Alex Hart from VMware, Bob Wambach from EMC and one of the primary authors of the Cloud Security Alliance guidelines, Chris Hoff from Cisco.

IPv6 tunnel basics (May 7)

More Internet traffic is expected to be carried via tunnels as the Internet infrastructure migrates from IPv4, the current version of the Internet protocol, to the long-anticipated upgrade known as IPv6.

(May 7)

A small internet service provider has been awarded nearly $2.6m in a lawsuit it filed against a company that sent just under 25,000 spam messages over an 18-month period.

The HacKid Conference: An idea whose time has come (May 7)

I go to a lot of security conferences, almost always without my family in tow. The logistics and money involved with trekking them from one part of the country to the next is usually beyond my resources. But when a conference is local and there's something in it for the kids, I'm in 100 percent.

(May 7)

Government websites. Fortune-500 companies. All are victims of crippling distributed denial-of-service (DDoS) attacks. The attacks have grown in reach and intensity thanks to botnets and a bounty of application flaws. This collection of articles will bring you up to speed on how the threat has evolved and what you can do to better protect your organization.