Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

  Hacker Lexicon: What Is Homomorphic Encryption? (Nov 3)
 

The problem with encrypting data is that sooner or later, you have to decrypt it. Keep your cloud files cryptographically scrambled using a secret key that only you possess, and it's likely no hacker will have the codebreaking resources necessary to crack them.
  BlackEnergy cyberespionage group targets Linux systems and Cisco routers (Nov 7)
 

A cyberespionage group that has built its operations around a malware program called BlackEnergy has been compromising routers and Linux systems based on ARM and MIPS architectures in addition to Windows computers.
  Researchers observe a new phishing technique (Nov 6)
 

An effective new phishing technique identified by researchers with Trend Micro allows attackers to go after information without having to spend as much time developing copies of websites.
  (Nov 4)
 

According to the Open Security Foundation, three out of 10 of the all-time worst security breaches happened this year. That includes 173 million records from the NYC Taxi & Limousine Commission, 145 million records at Ebay, and 104 million records from the Korea Credit Bureau.
  (Nov 7)
 

Computer hacker Jonathan Singer wants to remind everyone that not all hackers are of the so-called "black hat" variety who have sinister intent. "'White hat' is what I do in my industry and profession, to help secure networks and bring awareness to make it safer," said Singer.
  (Nov 4)
 

Well, new studies and reports have been bubbling up over the last month or so, and although I don't have a definitive answer, I can take a stab at answering his question.
  UK spy chief, parroting his US counterparts, calls for crypto backdoors (Nov 5)
 

Writing that "privacy has never been an absolute right," Robert Hannigan, the head of British spy agency GCHG, urged the US tech sector to assist the fight against terrorism and other crimes by opening up their proprietary networks to government authorities.
  Google Releases Nogotofail Tool to Test Network Security (Nov 6)
 

The last year has produced a rogues' gallery of vulnerabilities in transport layer security implementations and new attacks on the key protocols, from Heartbleed to the Apple gotofail flaw to the recent POODLE attack. To help developers and security researchers identify applications that are vulnerable to known SSL/TLS attacks and configuration problems, Google is releasing a tool that checks for these problems.
  Why Facebook Just Launched Its Own