Linux.com

NewsVac: News from around the Web

• Strong passwords no panacea as SSH brute-force attacks rise 10 hours, 15 minutes ago
  
  Thanks to the end-of-term for many colleges and some K12 schools, brute-force attacks against SSH servers surged sharply this past weekend, according to the SANS Internet Storm Center. The sudden jump in SSH attacks merits a re-examination of how such servers should be properly secured. Jim Owens and Jeanna Matthews of the Department of Computer Science at Clarkson University have published a paper on the methods that such attacks frequently employ and on the best ways to defeat them.
• Critical OpenSSL vulnerability in Debian and derivated distributions. 2 days, 17 hours ago
  
  Debian and Ubuntu published fixed packages of the OpenSSL software and urge all users to install them in order to bypass a critical weakness in this software.
• The Rising Trend of Internet Counter-Intelligence 3 days, 8 hours ago
  
  A growing and dangerous threat, called Internet counter-intelligence, is the use of sophisticated Web analytics to uncover corporate-user identities to analyze and track enterprise surfing habits. Doing so affords the perpetrator the ability to capture IP addresses and network identities. In many cases, exposing your IP address is as easy a visiting a website.
• How to: Asus Eee PC protection with privacy filters 4 days, 13 hours ago
  
  This article will show you how to make your Asus Eee PC secure from prying eyes by using a privacy filter. 3M Privacy Filters help block the screen view from anyone viewing the computer from a side view. Their unique microlouver privacy technology allows just persons directly in front of the computer to see on screen data clearly.
• Sshpass: non-interactive SSH password authentication 1 week, 5 days ago
  
  SSH’s (secure shell) most common authentication mode is called “interactive keyboard password authentication”, so called both because it is typically done via keyboard, and because OpenSSH takes active measures to make sure that the password is, indeed, typed interactively by the keyboard.

  Sometimes, however, it is necessary to fool SSH into accepting an interactive password non-interactively. This is where sshpass comes in ....

• Comprehensive study of wireless security in Las Vegas 2 weeks, 3 days ago
  
  AirDefense unveiled results from its comprehensive study of the wireless airwaves at hundreds of Las Vegas retailers and hotels/casinos. AirDefense found the majority of retailers in Las Vegas using strong encryption protocols to protect data with 65 percent of the 640 Access Points discovered encrypted with WPA or WPA2. In stark contrast, 82 percent of the 1,557 APs discovered in Las Vegas hotels/casinos were using either no encryption or WEP, the weakest protocol for wireless data encryption.
• Study: 70 percent say Red Hat more secure than Windows 3 weeks ago
  
  The Standish group recently completed an extensive study that examines factors influencing open-source adoption. Based on five years of research and analysis, the report provides intriguing insights into open-source adoption levels and the way that open source is reshaping the software industry. Individuals who participated in the Standish survey identified several key drivers for open source adoption, including lower costs, better security and reliability, and faster development speed.
• Stop hackers from launching cross-site scripting attacks 1 month, 1 week ago
  
  Cross-site scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into Web applications. Learn how hackers launch an attack, what damage it does, how to detect them, and how to prevent your Web site and your visitors from these invasions of privacy.
• Wikipedia-reading researchers break keyless entry algorithm 1 month, 1 week ago
  
  "A team of German scientists say they have cracked the encryption of a device widely used in keyless entry systems that electronically secure cars, garages and office buildings. ... The algorithm was kept secret for most of the two decades it's been in use. That changed about 18 months ago, when an an entry on Wikipedia published the cipher. The research team almost immediately spotted weaknesses."
• LPI to offer security training with LPIC-3 certification 1 month, 1 week ago
  
  There are Linux certifications, such as the RHCE (Red Hat Certified Engineer). There are security certifications, like the CCSP (Cisco Certified Security Professional). Now we have the first certification that combines Linux and security: the Linux Professional Institute's LPIC-3 with its new "Security" exam elective.
• CanSecWest: Countering Misinformation 1 month, 2 weeks ago
  
  As you surely know by now, the CanSecWest conference was the stage for a contest, PWN to OWN. Three laptops were set up; laptops running Windows Vista, Ubuntu Linux, and Mac OS X. The goal was to hack the computer and read the contents of a file located on each of the machines, using a 0day code execution vulnerability. During the first day, you can only attack the machine over the network, without physical access. On the second day, user interaction comes into play (visiting a website, opening an email). On the third and final day, third-party applications are added to the mix. Each machine had the same cash prize on its head. As you all know, the Mac was hacked first, on day two. The user only had to visit a website, and the Mac was hacked. Vista got hacked on the third day using a security hole in Adobe's Flash, and the Ubuntu machine did not get hacked at all.
• Forensic watermarking of encrypted content 1 month, 2 weeks ago
  
  Running Marks technology now enables traceable, stream-specific forensic watermarking of encrypted content. The new approach allows Running Marks to embed a unique serial number into individual customer video streams, without requiring providers or system operators to expose the high-value content in an unencrypted format.
• CanSecWest: Countering Misinformation 1 month, 2 weeks ago
  
  As you surely know by now, the CanSecWest conference was the stage for a contest, PWN to OWN. Three laptops were set up; laptops running Windows Vista, Ubuntu Linux, and Mac OS X. The goal was to hack the computer and read the contents of a file located on each of the machines, using a 0day code execution vulnerability. During the first day, you can only attack the machine over the network, without physical access. On the second day, user interaction comes into play (visiting a website, opening an email). On the third and final day, third-party applications are added to the mix. Each machine had the same cash prize on its head. As you all know, the Mac was hacked first, on day two. The user only had to visit a website, and the Mac was hacked. Vista got hacked on the third day using a security hole in Adobe's Flash, and the Ubuntu machine did not get hacked at all.
• Vista hacked on 3rd day thru Adobe Flash. Linux Undefeated. 1 month, 2 weeks ago
  
  After Mac was hacked in 2 minutes at the CanSecWest Conference, it was now the time for Vista to get hacked on the 3rd day. Vista's security was compromised through the popular 3rd party software, Adobe Flash.
• Apple is loser in three-way hacking contest 1 month, 2 weeks ago
  
  An Apple Mac was the first victim in a hacker shoot-out to determine which operating system is the most secure.
• More News