7 "Must Read" Linux Tutorials Linux Screw: "GNU/Linux Command-Line Tools Summary by Gareth Anderson...This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide..." (Aug 26, 2008)
ISP Web Tracking Dead As Net Eavesdropping CEO Resigns (Sep 4, 2008, 12:01 UTC) (575 reads)
(0 talkbacks)
(feedback) Wired: "Online privacy scored a small victory this week as the CEO for controversial net eavesdropping firm NebuAD resigned just months after Congress successfully scared the country's ISPs into abandoning dreams of windfall profits from tracking their customers around the web."
Preventing Brute Force Attacks With Fail2ban On Fedora 9 (Sep 1, 2008, 20:02 UTC) (1662 reads)
(2 talkbacks)
(feedback) HowtoForge: "In this article I will show how to install and configure fail2ban on a Fedora 9 system. Fail2ban is a tool that observes login attempts to various services, e.g. SSH, FTP, SMTP, Apache, etc., and if it finds failed login attempts again and again from the same IP address or host, fail2ban stops further login attempts from that IP address/host by blocking it with an iptables firewall rule."
Inside India’s CAPTCHA Solving Economy (Aug 30, 2008, 19:03 UTC) (1201 reads)
(0 talkbacks)
(feedback) ZDNet: "No CAPTCHA can survive a human that’s receiving financial incentives for solving it, and with an army of low-wagedIndia CAPTCHA breakers human CAPTCHA solvers officially in the business of “data processing” while earning a mere $2 for solving a thousand CAPTCHA’s, I’m already starting to see evidence of consolidation between India’s major CAPTCHA solving companies."
Nessus Vulnerability Scanner in openSUSE (Aug 29, 2008, 07:02 UTC) (874 reads)
(0 talkbacks)
(feedback) SUSE & openSUSE: "The Nessus vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture."
Password Stealing Worm Catches NASA Napping: Houston, we have a virus. (Aug 28, 2008, 15:25 UTC) (1232 reads)
(2 talkbacks)
(feedback) Internet News: "You'd think the United States' space agency, which conducts highly sensitive research and has had its servers hacked before would be extremely thorough about computer security, but that does not appear to be the case. A worm that steals online gamers' user names and passwords has been running rampant on laptops on the International Space Station (ISS)."
Linux Security Idiots (Aug 28, 2008, 11:31 UTC) (3488 reads)
(3 talkbacks)
(feedback) Computerworld: "There are some Linux system administrators out there who should be glad, very glad, they don't work for me because I'd be firing them today."
Dumb and Dumber Proprietary Innovation Strikes Again (Aug 27, 2008, 23:01 UTC) (1834 reads)
(4 talkbacks)
(feedback) Linux Today Blog: "Nominum Solves Kaminsky Attack, and Novell's iPrint Open to Attack, Say Researchers. What do these stories have in common? I was thinking perhaps institutionalized delusional thinking and incompetence, but maybe I'm being too harsh."
Revealed: The Internet's Biggest Security Hole (Aug 27, 2008, 20:31 UTC) (1373 reads)
(1 talkbacks)
(feedback) Wired: "The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination."
Lawyer Falls Prey to Pricey Internet Scam (Aug 27, 2008, 19:31 UTC) (1595 reads)
(1 talkbacks)
(feedback) Law.com: "...Bartko is now a defendant in a federal suit by Wachovia Bank -- which is seeking reimbursement for nearly $200,000 that the bank wired, on Bartko's instructions, to a Korean bank on behalf of a company that had hired Bartko via the Internet."
Novell's iPrint Open to Attack, Say Researchers (Aug 27, 2008, 19:02 UTC) (823 reads)
(0 talkbacks)
(feedback) LinuxWorld: "Novell has issued a patch that plugs multiple holes in the ActiveX control that Novell ships as part of its iPrint product, but according to Danish bug tracker Secunia, one of the flaws remains unfixed."
SSH Key-based Attacks On Linux Hosts (Aug 27, 2008, 14:01 UTC) (1871 reads)
(0 talkbacks)
(feedback) US-Cert: "US-CERT is aware of active attacks against linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system..."
openSUSE to Add SELinux Basic Enablement in 11.1 (Aug 27, 2008, 11:31 UTC) (908 reads)
(1 talkbacks)
(feedback) openSUSE News: "We have exciting news for security enthusiasts, experts, and paranoid people!
Beginning with openSUSE 11.1, SUSE users will have an additional option regarding security frameworks. In addition to AppArmor, we will be adding SELinux capabilities in openSUSE 11.1, which will allow users to enable SELinux in openSUSE if they wish."
Ubuntu Issues Security Patch For Kernel Flaw (Aug 26, 2008, 12:31 UTC) (1713 reads)
(0 talkbacks)
(feedback) ZDNet: "Ubuntu today became the latest Linux vendor to patch a vulnerability in the open source operating system's kernel that could have left the door open for hackers to find their way into users' machines."
tcpdump For Dummies (Aug 26, 2008, 05:03 UTC) (2113 reads)
(0 talkbacks)
(feedback) Alexander Sandler: "So first thing that we will learn about tcpdump is how to filter out SSH and telnet packets...for now just remember this syntax:
# tcpdump not port 22"
OpenVAS - Opensource Vulnerability Assessment Scanner (Aug 25, 2008, 22:33 UTC) (1091 reads)
(0 talkbacks)
(feedback) SUSE & openSUSE: " OpenVAS, Open Vulnerability Assessment Server is a free opensource vulnerability assessment software released under GNU GPL lincese. OpenVAS is a fork of Nessus Vulnerability assessment software. Similar to the Plugin sets in Nessus, OpenVAS provides free Network Vulnerability Tests plugins that can be updated regularly."
Security Unobscured (Aug 25, 2008, 18:33 UTC) (831 reads)
(0 talkbacks)
(feedback) Realeyes Technology: "...It makes the general public wonder, "What do those security people do?""
AppArmor is Dead (Aug 25, 2008, 14:03 UTC) (3400 reads)
(5 talkbacks)
(feedback) etbe - Russell Coker: "In late 2007 Novell laid off almost all the developers of AppArmor [4] with the aim of having the community do all the coding. Crispin Cowan (the founder and leader of the AppArmor project) was later hired by Microsoft..."
Vote-Dropping Software Bug Could Gum Up Elections (Aug 25, 2008, 02:02 UTC) (1440 reads)
(2 talkbacks)
(feedback) Linux Insider: "Premier Election Solutions -- a subsidiary of Diebold -- says in a product advisory that its machines that operate in 34 states are affected by the glitch.
The problem, it is believed, has been present in the program for the past decade."
How To Install Hamachi On Fedora 9 (Aug 24, 2008, 10:02 UTC) (2542 reads)
(2 talkbacks)
(feedback) HowtoForge: "Hamachi is a VPN service that easily sets up in 10 minutes, and enables secure remote access to your business network, anywhere there's an Internet connection. It works with your existing firewall, and requires no additional configuration. Hamachi is the first networking application to deliver an unprecedented level of direct peer-to-peer connectivity. It is simple, secure, and cost-effective."
SECURITY: Security? That's Obscure! (Aug 24, 2008, 00:02 UTC) (2586 reads)
(2 talkbacks)
(feedback) Cooking With Linux: "I live, breathe, eat and sleep computer security. I'm not one of those"masturbating monkeys" as Linus puts it (I was gonna write this blog post, before Marcel told me about his rant about security guys)."
Infrastructure report, 2008-08-22 UTC 1200 (Aug 23, 2008, 18:59 UTC) (1193 reads)
(0 talkbacks)
(feedback) Fedora-Announce-List: "While there is no definitive evidence that the Fedora key has been
compromised, because Fedora packages are distributed via multiple
third-party mirrors and repositories, we have decided to convert to new
Fedora signing keys."
CentOS Position on Systems Intrusion at Red Hat (Aug 23, 2008, 16:02 UTC) (2735 reads)
(0 talkbacks)
(feedback) Planet CentOS: "...as soon as we were made aware of the situation I undertook a complete audit of the entire CentOS4/5 Build and Signing infrastructure."
Fedora and Red Hat Servers Compromised (Aug 22, 2008, 15:05 UTC) (1768 reads)
(1 talkbacks)
(feedback) Netat -vat: "Servers for both Red Hat Enterprise Linux and Fedora Linux were compromised in recent weeks by some kind of illegal access. Neither project however is currently admitting than any of their software or users were in any way directly affected by the illegal access."
Tutorial: Cracking WEP Using Backtrack 3 (Aug 22, 2008, 06:32 UTC) (4029 reads)
(0 talkbacks)
(feedback) Whats the w0rd?: "This article will explan how to crack 64bit and 128bit WEP on many WIFI access points and routers using Backtrack, a live linux distribution."
Trinity vs. System Rescue CD Reviewed (Aug 22, 2008, 01:02 UTC) (2076 reads)
(0 talkbacks)
(feedback) Mad Penguin: "Trinity Rescue Kit. I have found that most people are unfamiliar with this distribution , as they ought to be. And to be honest, I think it is a distribution that all of us should have easy access to, since the tools provided with it are nothing to ignore."
Black Hat 2008 Aftermath (Aug 21, 2008, 15:02 UTC) (1138 reads)
(1 talkbacks)
(feedback) Law.com: "The SSL VPN Java and ActiveX Web plug-ins used by most vendors caught Zusman's attention. He surmised that these very powerful Web browser plug-ins might not be that secure or well-protected while in the Web browser."
States Throw Out Costly Electronic Voting Machines (Aug 20, 2008, 16:04 UTC) (1632 reads)
(17 talkbacks)
(feedback) Yahoo News: "The demise of touch-screen voting has produced a graveyard of expensive corpses: Warehouses stacked with thousands of carefully wrapped voting machines that have been shelved because of doubts about vanishing votes and vulnerability to hackers."
Internet Terrorist: Does Such A Thing Really Exist? (Aug 20, 2008, 12:04 UTC) (1079 reads)
(3 talkbacks)
(feedback) Help Net Security: "Recently, I have experienced an increase in organizations questioning how real is the threat of Internet terrorism and what they can do to protect themselves. As a former CISO, this was one of the last concerns that crossed my mind, especially since it was a daily up-hill battle getting buy-in for the most basic security controls and services."
MSNBC Spam-O-Rama (Aug 19, 2008, 18:04 UTC) (1527 reads)
(2 talkbacks)
(feedback) Cyber Cynic: "Headlines have ranged from the semi-plausible: "McCain Plans Vietnam Campaign Tour;" to the unlikely, "Nation Morns the Tragic Loss of Britney Spears;" to the utterly unbelievable: "Paris Hilton Lectures on Dickens and Dostoevsky.""
Sun to Issue Mobile Java Fix (Aug 18, 2008, 20:31 UTC) (1156 reads)
(0 talkbacks)
(feedback) ZDNet: "Gowdiak had demanded 20,000 euros (US$30,000) from Sun or Nokia for the full details of the vulnerabilities that he said he had found."
Clipboard Hijack Spreads Panic (Aug 18, 2008, 19:31 UTC) (2612 reads)
(5 talkbacks)
(feedback) Softpedia: "First reported by IE users on Windows, due to its flexible spreading method, the same behavior was then reported later by Mac and Linux users using Firefox."
Departing CIO Blames Microsoft For His Security Troubles (Aug 18, 2008, 17:01 UTC) (3319 reads)
(7 talkbacks)
(feedback) The Open Road: "Hackers recently compromised 4.2 million payment card details from the Hannaford Supermarket chain. The culprit? If you believe Hannaford's former CIO, Bill Homa, the problem is Windows:"
OpenVPN Counters Censorship (Aug 18, 2008, 15:31 UTC) (1786 reads)
(0 talkbacks)
(feedback) Linux Magazine: "Journalists at the 2008 Olympic Games in Beijing will not have unfettered access to the Internet. However, GPL software OpenVPN can be used to easily circumvent such censorship."
Troubles in Fedora Land - Don't Update! (Aug 18, 2008, 15:01 UTC) (3072 reads)
(2 talkbacks)
(feedback) OSDir: "The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance."
Crypto-Gram Newsletter, August 15, 2008 (Aug 15, 2008, 15:32 UTC) (1250 reads)
(0 talkbacks)
(feedback) Crypto-Gram Newsletter: "Remember when I said that I keep my home wireless network open? Here's a reason not to listen to me. "When Indian police investigating bomb blasts which killed 42 people traced an email claiming responsibility to a Mumbai apartment, they ordered an immediate raid."
