Linux Security Week: May 12th, 2015

Advisories

Linux Security Week: May 12th, 2015

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."


  Mozilla Moving Toward Full HTTPS Enforcement in Firefox (May 4)
 

The Mozilla Foundation is initiating the process to phase out insecure HTTP connections in the Firefox browser. The decision is part of a broader movement to encrypt the Web, which in the case of Mozilla Firefox, means permitting only encrypted HTTPS browser connections.

  The Internet of Things to take a beating in DefCon hacking contest (May 6)
 

Hackers will put Internet-connected embedded devices to the test at the DefCon 23 security conference in August. Judging by the results of previous Internet-of-Things security reviews, prepare for flaws galore.

  7 reasons why the feds shouldn't mess with encryption (May 5)
 

The spread of encryption is posting public safety challenges and making it harder for the government to fight both criminals and terrorists, said Secretary of Homeland Security Jeh Johnson.

  The Internet of Things devices face DefCon hacking challenge (May 8)
 

Hackers will put Internet-connected embedded devices to the test at the DefCon 23 security conference in August. Judging by the results of previous Internet-of-Things security reviews, prepare for flaws galore.

  Breaking The Security Fail Cycle (May 7)
 

Security's heavy reliance and emphasis on technology--due to both its heritage and the reality of a shortage of manpower--is part of the reason attackers are getting the upper hand, experts said here this week.

  Garland shooter linked to the CyberCaliphate group which hacked US CENTCOM (May 7)
 

Four days after shooting at Garland, where Elton Simpson and Nadir Soofi were gunned down by authorities for opening fire, security agencies have found out that Elton Simpson was a online friend of CyberCaliphate co-founder Junaid Hussain.

  US reviews use of cellphone spying technology (May 4)
 

Faced with criticism from lawmakers and civil rights groups, the U.S. Department of Justice has begun a review of the secretive use of cellphone surveillance technology that mimics cellphone towers, and will get more open on its use, according to a newspaper report.

  Startup simplifies buying SSL certificates with subscription offer (May 4)
 

SSL and its successor, TLS (Transport Layer Security), which encrypt data exchanged between two machines, are at the heart of web security. Signified by "https" in the browser URL, they underpin almost all Web transactions that requires privacy

  Super secretive malware wipes hard drive to prevent analysis (May 5)
 

Researchers have uncovered new malware that takes extraordinary measures to evade detection and analysis, including deleting all hard drive data and rendering a computer inoperable.

  Google Updates Password Alert Extension, But Some Bypasses Still Work (May 5)
 

For the second time in less than a week, Google has updated its Password Alert extension for Chrome to address a method for bypassing the warning screens that alert users that they're entering data on a non-Google site. However, the researcher who discovered the most-recent bypass method said his technique still works on the latest version.

  Weak Homegrown Crypto Dooms Open Smart Grid Protocol (May 8)
 

In the three years since its inception, the Open Smart Grid Protocol has found its way into more than four million smart meters and similar devices worldwide.

  WordPress Sites Backdoored, Leaking Credentials (May 11)
 

WordPress site administrators just cannot come up for air.With a raft of WordPress vulnerabilities--most of them in plugins--to address, now comes word that a number of sites running the content management system have been compromised and are sending credentials via a backdoor to a criminal group.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.