We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Thursday the Kudelski Group's cybersecurity division released "a tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes."
The fall version of systemd is here, with support for increased boot security, including tightened full-disk encryption.
The critical security vulnerability turned out to be two serious vulnerabilities. Still, they need patching ASAP.
Building your own initial RAMdisk? That's insecure!
The OpenSSL Project team has announced that, on November 1, 2022, they will release OpenSSL version 3.0.7, which will fix a critical vulnerability in the popular open-source cryptographic library (but does not affect OpenSSL versions before 3.0).
The random number generator "RNG" and crypto subsystem pull requests have already been submitted for the Linux 6.1 merge window.
WireGuard and OpenVPN keep you safe online, but which is best?
Hearing "open-source", "PSP", and "security" all together got me excited with my initial reaction thinking it was about AMD's Platform Security Processor (PSP) albeit that's not the case here. Google's PSP is the "PSP Security Protocol" and is designed for dealing with cryptographic hardware offloading at data center scale and used by Google already in production.
Lots of people “run Linux” without really knowing or caring – many home routers, navigational aids, webcams and other IoT devices are based on it; the majority of the world’s mobile phones run a Linux-derived variant called Android; and many, if not most, of the ready-to-go cloud services out there rely on Linux to host your content.
The OpenSSL team has released version 3.0 of its secure communications library after a lengthy gestation period. What have we learned during that time? Quite a bit, it appears.
Learn how to improve the security of the CrowdSec multi-server installation with HTTPS between agents.
To handle cryptography, the Linux kernel has its own API enabling common methods of encryption, decryption and your favourite hash functions! Learn about the use of hash functions and symmetric key encryption in the Linux kernel in the Linux Kernel Module Programming Guide.
OpenSSL has patched two high-severity crypto bugs. Upgrade now!
SSH keys play a critical role in server and network security, yet are too often overlooked by admins, IT professionals and security teams.
"Modern challenges require modern security approaches." Enterprises must transition to using passwordless solutions in order to protect against emerging threats – which is where SSH key-based authentication comes in handy. Learn about the SSH protocol in this comprehensive article.
Are you using full-disk encryption to protect your data? If so, you may want to reconsider after reading this article.
Cartesi has announced the launch of their Descartes SDK Documentation portal, which represents a leap forward for the Cartesi team in fulfilling their ambition in bridging the world of Linux open-sourced software with the inherent security benefits of blockchain technology.
HTTP/3 brings improved performance and reliability, as well as various security and privacy benefits - but there are some serious concerns that need to be considered.
IBM's new toolkit, which will soon be available for Linux, aims to give developers easier access to fully homomorphic encryption, a technology that protects sensitive data by allowing for computation and analysis of data while keeping it encrypted.
Could Wireguard be the open-source answer to VPN shortfalls? Find out in this article.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
