Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Free Online security course (LearnSIA) - A Call for Help - The Survivability and Information Assurance (SIA) course was originally developed by a team at Carnegie Mellon, led by Lawrence Rogers (/about/divisions/cert/index.cfm). Back in 2010, I requested a license to continue the development of the course because it provides useful information on Information Assurance. Also, this course will always be freely available for anyone to use in the classroom or self-study. There are three parts to the LearnSIA curriculum.

What You Need to Know About Linux Rootkits - Rootkits are a way attackers hide their tracks and keep access to the machines they control. The good rootkits are very hard to detect and remove. They can be running on ones computer and no one can even know they have been running. Read more to learn how to detect them on your system.

When Sex Is Better Than Hacking (Oct 19)

Who is more likely to hand over their personal online information, a criminal hacker or an IT security professional? It seems they are all pretty bad if a female is involved, but "white hats" are worse.
(Oct 21)

Hackers who infiltrated the Nasdaq's computer systems last year installed malicious software that allowed them to spy on the directors of publicly held companies, according to two people familiar with an investigation into the matter.
Building a powerful & affordable firewall with Linux (Oct 20)

It's no doubt that one of the leaders for network equipment is Cisco Systems. Newer Cisco devices are starting to use what Cisco calls its "IOS-XE" operating system, which is a customized flavor of GNU/Linux. Yes, GNU/Linux, which should not come as any surprise as GNU/Linux is used on countless high level appliances and security devices.
Security firm finds hacker forums offer n00b hackers training, lulz (Oct 19)

IT security experts have long loved to troll through hacker forums to gather intelligence on emerging threats and even (as in the ill-fated case of HBGary Federal CEO Aaron Barr) try to profile the hackers themselves. But as a report from IT security firm Imperva shows, many of the so-called hacker portals out there are more hangouts for newbie hackers (and possibly a few budding FBI informants) looking at how to get started in the game.
Hackers Share Attack Techniques, Beginner Tutorials on Online Forum (Oct 18)

Imperva researchers analyzed the activities of a large hacker forum for a year and found that members are discussing distributed denial of service attacks and providing tutorials.
(Oct 17)

Hackers spent about 25 percent of their time in forums educating other hackers about beginner tips, according to a survey by cyber security firm Imperva.
Porn prankster hijacks Sesame Street YouTube channel (Oct 17)

The child-friendly Internet home of Ernie, Big Bird and Kermit the Frog went X-rate on Sunday as Sesame Street's YouTube channel was hijacked to serve hardcore porn.
(Oct 20)

A group that advocates for software user rights has launched a petition against technology in Microsoft's forthcoming Windows 8 operating system, saying it could turn PCs into Windows-only machines.
(Oct 19)

The hacker collective known as Anonymous has expressed interest in hacking industrial systems that control critical infrastructures, such as gas and oil pipelines, chemical plants and water and sewage treatment facilities, according to a Department of Homeland Security bulletin.
Virtualization Security Checklist (Oct 21)

What's the most dangerous threat to your virtualized systems? Hint: it's not the latest zero-day exploit. The most pressing risk is IT staff who have full privileges in these systems.
(Oct 17)

While many IT managers remain sceptical about storing company data off-site, there are many ways in which the dangers can be minimised. The qualities which make the cloud so appealing are also those which make it most vulnerable.
Mass SQL Injection Attack Hits 1 Million Sites (Oct 21)

A mass-injection attack similar to the highly publicized LizaMoon attacks this past spring has infected more than 1 million ASP.NET Web pages, Armorize researchers said today. According to database security experts, the SQL injection technique used in this attack depends on the same sloppy misconfiguration of website servers and back-end databases that led to LizaMoon's infiltration.