General Esm W900
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

Big news this week with two new book reviews, great interview with the Metasploit creator, and a bunch of privacy issues from Google, the US government, the tor project, and more.

LinuxSecurity.com Feature Extras:

Review: Practical Guide to Linux Commands, Editors, and Shell Programming - Mark Sobell has again compiled a great collection of applications and utilities in A Practical Guide to Linux Commands, and his experience shows in this second edition.

SSH: Best Practices - If you're reading LinuxSecurity.com then it's a safe bet that you are already using SSH, but are you using it in the best way possible? Have you configured it to be as limited and secure as possible?


Read on for my best practices for using Secure Shell.

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
Apache Traffic Server Gets Top-Level Project Status (May 5)

The Apache Software Foundation runs its open source projects on a hierarchy of principally three levels, top-level projects (TLPs), sub-projects and incubated projects. Achieving the TLP status is a major milestone for an open source effort and this week Apache announced that six projects were being graduated to TLP status.
Computer hacking becoming easier and cheaper (May 5)

Once upon a time, only computer geeks were smart enough to be cyber-criminals. Now, anyone with enough cash can become one.WebAttacker, CrimePack, IcePack and dozens of other do-it-yourself crime kits are available online for less than $1,000.
Apache moves on traffic server, machine learning projects (May 4)

The Apache Software Foundation, developer of open source software, on Tuesday is announcing the creation of six Top-Level Projects, including the Apache Traffic Server for caching and Apache Mahout, implementing machine-learning algorithms atop the Apache Hadoop distributed computing platform.
Metasploit's HD Moore from (almost) rags to (not quite) riches (May 4)

Last week, I got on the phone with HD Moore to ask him how things have been going since he sold Metasploit to Rapid7, sending the open source security world into a frenzy some six months ago. Rapid7 had just released the commercial version, dubbed Metasploit Express, of Moore's much beloved open source penetration testing tool.
U.S. Treasury Web sites hacked, serving malware (May 4)

Three Web sites belonging to the U.S. Department of the Treasury have been hacked to attack visitors with malicious software, security vendor AVG says.
Google tightens cloud security for Apps users (May 4)

Google has released a new tool that allows administrators at firms using Google Apps to remotely reset cookies to ensure that sensitive data cannot be accessed if a device is lost or stolen.
Technology security myths debunked (May 4)

Think you can hide behind the privacy of an "unlisted" cell phone number? Think again. Maybe you believe you don't need security software on a Mac or iPad. You'd swear that Firefox is the safest browser in town. Wrong on both counts.
NIST Tackles Cybersecurity Education (May 4)

The National Institute of Standards and Technology will spearhead the national cybersecurity workforce development and awareness campaign. As part of the federal government's Comprehensive National Cybersecurity Initiative, much of which was recently declassified, the National Institute of Standards and Technology has been enlisted to spearhead a new nationwide cybersecurity education initiative, the White House and Department of Commerce announced.
(May 3)

A new security report from Verizon claims that cybersecurity breaches worldwide are starting to level off, with the communications vendor forecasting that the next 10 years will see security protection become more effective and widespread as organisations band together to fight cybercrime.
An information security blueprint, part 1 (May 3)

Symantec's Francis deSouza lays out the requirements for a more practical way of addressing information security threats. The recent the Hydraq attacks were the latest example of just how radically the Internet threat landscape has changed over the past few years, and how vulnerable companies and their information stores are to cyber attacks.
Court OKs Unmasking Identities of Copyright Scofflaws (May 1)

A federal appeals court is blessing the legal process by which the recording industry and other content owners unmask the identities of alleged peer-to-peer copyright infringers.
Bittorrent over Tor isn't a good idea (May 1)

An increasing number of people are asking us about the recent paper coming out of Inria in France around Bittorrent and privacy attacks. This post tries to explain the attacks and what they imply.
(Apr 30)

"Do I want my children to think for themselves? Yes," said Slashdot blogger Josh Ulmer. "Do I believe that all closed systems are bad, or that they should think outside the box continuously, or any of the other ridiculous paradigms spouted in this diatribe? No." The perfect "co-op, open-sourced, self-governing commune qchapter wants his daughter to be a part of does not work."
A Digital Forensics Student's Linux Workspace (Apr 30)

Our next entry for the "The $100.00 (USD) Coolest Linux Workspace Contest" was sent all the way from the Netherlands by a digital forensics student named Huseyin. He is also working as an intern at an IT-audit company and described Linux as the best OS to do research on. If ever chosen as the grand winner, he says he will use the $100 to buy another 1TB hard disk drive since the 3TB of HDDs that he already have are not enough --probably because of lots of legal evidences to store :-)