Post Defult Details

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

Essential tools for hardening and securing Unix based Environments - System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people's computers, servers and everywhere they can lay hands on and interrupt the normal runtime of services.

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

  Western Digital self-encrypting hard drives riddled with security flaws (Oct 22)
 

Several versions of self-encrypting hard drives from Western Digital are riddled with so many security flaws that attackers with physical access can retrieve the data with little effort, and in some cases, without even knowing the decryption password, a team of academics said.
  Network Time Protocol flaws defy HTTPS, cause network chaos (Oct 22)
 

Network admins take note: A set of vulnerabilities can bypass HTPPS with ease and result in spying, outages and authentication bypass.
  Red Hat and Black Duck partner to secure containers (Oct 21)
 

We love Docker and containers. But, the more we use containers the more we worry exactly what it is we're running when we spin them up. So, Linux giant and cloud power Red Hat and Black Duck, a leader in automating securing and managing open-source software, are working together on establishing a secure and trusted model for containerized application delivery.
  Building a new cloud security model (Oct 23)
 

Despite the numerous advantages presented by cloud computing, security is still the biggest factor holding back more widespread adoption by businesses. A recent survey by AlienVault found that an overwhelming 90 percent of organisations are still concerned about cloud security.
  (Oct 20)
 

Some certificate authorities are still issuing digital certificates signed with the SHA-1 hashing algorithm, despite recent research showing that the cost of undermining it is not beyond criminals' budgets.Browser makers Google, Microsoft, and Mozilla have announced plans to stop accepting SHA-1 SSL certificates by 2017.
  This Secret Code in Your Printer is Helping Governments to Spy On You (Oct 21)
 

According to a latest EFF research, it's possible that you own printer is leaking the important information about you to the government. By printing some secret yellow codes on each document, Xerox, Brother, Dell, HP, and Canon printers are "helping" the Secret Service. A research team at the Electronic Frontier Foundation (EFF) has cracked the secret code in printers that some color printers secretly hide in every document.
  Is it still possible to do phone phreaking? Yes, with Android on LTE (Oct 23)
 

In the 1960s and 70s, technically savvy enthusiasts sought to game telecommunications systems to make free calls, keeping telecom engineers on their toes.
  (Oct 20)
 

How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well.
  Hacking Fitbit (Oct 23)
 

This is impressive: "An attacker sends an infected packet to a fitness tracker nearby at bluetooth distance then the rest of the attack occurs by itself, without any special need for the attacker being near," Apvrille says.
  10-Second Hack Delivers First Ever Malware to Fitness Trackers (Oct 21)
 

A security researcher has developed a method by which one can exploit a vulnerability in FitBit fitness trackers and subsequently deliver malware to the target device in 10 seconds.
  Magento sites targeted by Neutrino exploit kit (Oct 19)
 

Some websites running the e-commerce platform Magento appear to have been infected with code that directs victims to the Neutrino exploit kit.It's not exactly clear how the Magento sites were infected, wrote Denis Sinegubko, a senior malware researcher with Sucuri, a Delware-based security company.
  (Oct 20)
 

A hacker who claims to have broken into the AOL account of CIA Director John Brennan says he obtained access by posing as a Verizon worker to trick another employee into revealing the spy chief's personal information.