Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 0 articles for you...
81
civil libertiestransparencyaccountabilityNew Laws and Accountability Issues After Boston Bombings
As part of the fallout of the Boston bombings, we're probably going to get some new laws that give the FBI additional investigative powers. As with the Patriot Act after 9/11, the debate over whether these new laws are helpful will be minimal, but the effects on civil liberties could be large. . Even though most people are skeptical about sacrificing personal freedoms for security, it's hard for politicians to say no to the FBI right now, and it's politically expedient to demand that something be done. If our leaders can't say no -- and there's no reason to believe they can -- there are two concepts that need to be part of any new counterterrorism laws, and investigative laws in general: transparency and accountability. The link for this article located at Schneier on Security is no longer available. . Assessing new laws post-Boston bombings that impact civil liberties amid security concerns and FBI powers.. Investigative Powers, Accountability, Civil Rights, Counterterrorism Laws. . LinuxSecurity.com Team
May 14, 2013
•
Privacy
77
security managementvirtualizationaccountabilityManaging Security Accountability in Virtualization Environments
As network boundaries blur and longstanding design paradigms fall by the wayside, how do we assign accountability for security? It's a pressing question: Because virtualization gives us so much power and flexibility, we're moving ahead at a breakneck pace, often without looking closely at whether security-assurance levels remain as the services delivery model morphs.. Whether adding virtualization will break security depends on how you do IT. A unified organization, where network, storage, application, and security groups work well together, communicate openly, and follow a documented security program can take the added complexity of multisite virtualization in stride. Sure, processes will need to be expanded and new standards developed, but as a whole, the team approach can extend. The link for this article located at Information Week is no longer available. The link for this article located at Information Week is no longer available. . The influence of cloud computing on privacy hinges on cohesive technology frameworks for robust protection and reliability.. Virtualization Security, IT Design Practices, Network Accountability, Security Assurance. . LinuxSecurity.com Team
Nov 22, 2011
•
Server Security
82
security improvementsgovernment technologymanagement practicesInnovative Practices Needed for Federal Cybersecurity Accountability
Granted, popular enterprise technology is nowhere as secure as it should be, but today's federal cybersecurity woes result more from flawed technology management practices than flawed technology. To that end, we need to foster and reward innovative, effective management processes in the federal computer security arena and terminate the current technology management and oversight philosophy that tolerates and rewards idleness and mediocrity while doing little to actually eliminate them. The standards for acceptable cybersecurity are known: it's time to start holding the people in charge accountable to them. . . .. Over the past several years, various Washington entities, from the General Accounting Office to assorted Congressional committees, conducted surveys and issued reports on the state of the federal government's information security posture. In each case, with few exceptions, the findings range from the scathing to the downright embarrassing, and remain essentially unchanged since the mid-1990s. Like any other issue involving government oversight, this process has become an annual Washington tradition - the reports are released; there's back-and-forth blather in Congress about how we need "to do more" to secure our federal networks; agency leaders and CIOs are called to testify on the Hill; some more blather, and perhaps a piece of legislation is introduced and dies before reaching the floor; and then the issue recedes into digital memory until next year's survey results are released -- and the process begins anew, with little or nothing really changing. It's no different than our annual visit to the dentist. We know he's going to admonish us to brush more and cut out the sweets, and we know that we're going to be embarrassed or uncomfortable as he tells us this to our face and makes notes in our patient file, but we endure it year after year, because it's something we have to do for good oral hygiene. Of course, we ignore his advice because it's inconvenient and, besides, candy is a tastier snack thancelery. This seems to be the approach taken by the majority of the federal government when dealing with the security of federal information systems. As you can see in the following articles going back to the late 1990s, there's much bad news and many prescriptions for improving things, but the patient refuses to cooperate....and the dentist is powerless (in this case, unwilling) to force him to change his ways. In some cases, these reports show marked improvements in specific offices or sub-agencies of the federal government, and those success stories should be made known both to the American people (as a sign that there are clueful security people making a difference in their agencies) and throughout the federal government as a helpful roadmap to improve security practices elsewhere. Unfortunately, these few truly noteworthy success stories are seldom reported by the mainstream press because good news doesn't pull in the ratings the way gloom, doom, and old-fashioned Washington finger-pointing does. Like the much-vaunted but ineffective "certification and accreditation" process required for government and military systems, these annual assessments are an exercise in bureaucratic idleness designed to "address" but not "resolve" security problems in any meaningful fashion. After several years, the logic seems to be "why fix the problem when talking about it keeps us (and our contractors) employed?" As a result, and contrary to popular belief and rhetoric, security for federal systems has been reduced to a check-box on our government's annual to-do list -- as long as federal enterprise leaders can prove that work is being done on the matter, that's perfectly acceptable, it seems, because in federal security circles, "activity" (e.g., certification and accreditation) has been confused with "progress" (e.g., actually fixing things) and "job security" has been confused with "effective security." Agency leaders confirming this with Congress each year generally can avoid anything stronger than a verbal reprimandabout their job performance, no matter how dismal security really is back home. The link for this article located at infowarrior.org is no longer available. . Poor technological oversight poses significant threats to national cyber defense; prioritizing responsibility and creativity is essential for advancements.. Federal Cybersecurity Management, Cybersecurity Accountability, Innovative Security Practices. . Anthony Pell
Mar 23, 2004
•
Government
82
legislationdata integrityoversightProposed Law For Enhanced Accountability In Customer Data Oversight
A new law to require accurate customer data might be necessary because the U.S. Department of Commerce and other oversight bodies have not been doing their job, lawmakers on the House of Representatives intellectual-property subcommittee said.. . .. A new law to require accurate customer data might be necessary because the U.S. Department of Commerce and other oversight bodies have not been doing their job, lawmakers on the House of Representatives intellectual-property subcommittee said. "I'm disappointed with the failure of the marketplace and regulators to deal with this problem. A legislative solution seems necessary," said California Democratic Rep. Howard Berman. The Commerce Department will seek to require greater accountability from the Internet Corporation for Assigned Names and Numbers, or ICANN, when it renews its authority to oversee the domain-name system this fall, a Commerce Department official said. The link for this article located at ZDNet is no longer available. . Legislators stress the importance of implementing fresh guidelines to guarantee precise consumer information and enhanced supervision.. Government Legislation, Data Regulations, Customer Data Integrity. . Anthony Pell
Sep 05, 2003
•
Government
81
FBIprivacysurveillance systemFBI Carnivore Analysis: Internet Surveillance Accountability Concerns
In a 121-page report released Tuesday night by the U.S. Department of Justice, a seven-member review team gave mixed marks to the FBI's Internet surveillance system, known as Carnivore. While the Illinois Institute of Technology Research Institute review team confirmed that . . . . In a 121-page report released Tuesday night by the U.S. Department of Justice, a seven-member review team gave mixed marks to the FBI's Internet surveillance system, known as Carnivore. While the Illinois Institute of Technology Research Institute review team confirmed that the software program can snoop on e-mail communications in a manner limited by a court order, it voiced concern over the lack of any method of assuring that FBI agents don't abuse the system. "(In its analysis,) IITRI did not find adequate provisions -- (for example,) audit trails -- for establishing individual accountability for actions taken during the use of Carnivore," stated the report. The link for this article located at ZDNet is no longer available. . The recent analysis conducted by officials triggers alarms regarding the NSA's XKeyscore monitoring apparatus and its insufficient oversight protocols.. FBI Oversight, Carnivore System, Digital Accountability, Internet Privacy, Surveillance Issues. . LinuxSecurity.com Team
Nov 22, 2000
•
Privacy
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More