Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Bug exposes eight years of Linux kernel

All versions of Linux since May 2001 (versions 2.4 and 2.6) are vulnerable to an exploit that leaves the OS open to local privilege escalation that can completely compromise the underlying machine. The vulnerability deals with how kernel-level routines react when left unimplemented. Critical update has been issued.

Click here for more information.

Twitter transformed into botnet command channel

Recent discoveries show Twitter has been utilized as the command/control platform for a BotNet. Long been the weak link, BotNets need to rely on a central command structure to receive instructions. Computers that form the BotNet tune to the RSS feed of a specific Twitter account, listening and reacting upon what appear to be undecipherable tweets in real time.

Click here for more information.

Iraqis demonstrate over Web censorship

Approximately 200 Iraqis took to the streets protesting the government’s potential banning of some websites after already imposing book censorship rules. The government says the website ban would apply only to those sites considered pornographic or promote violence or encourage crimes such as bomb making, prostitution and terrorism. However, media outlets are under threat of closure if they have offended the government. Fears are the government will go further than via original claims.

Click here for more information.

Report: NIST’s Cybersecurity Guidelines Aren’t Enough

A security firm has analyzed NIST’s recently released guidelines and feel they do not go far enough. The newly released set of cybersecurity controls lack in the following areas:

• Classification system for assigning “impact” to government systems. Low and moderate-impact classified systems won’t be adequately protected against highly-skilled attacks. High end threats are now the norm.

• Though to be high impact systems, such as law enforcement, are only classified as moderate.

• Systems that fall into the high-impact category are those that deal with death, life-threatening and serious financial harm.

• Lack of measurable or certified performance standards and validation processes. There is no requirement to test systems to see if they meet NIST’s requirements.

Click here for more information.