Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 2 articles for you...
67
security advisorycertificate authoritydomain validationLet's Encrypt Issues Advisory For 3 Million TLS Certificates Revocation
The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. . The bug, which Let's Encrypt confirmed on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates. As a result, the bug opened up a scenario where a certificate could be issued even without adequately validating the holder's control of a domain name. The link for this article located at The Hacker News is no longer available. . A flaw in Let's Encrypt's system was acknowledged, resulting in the inappropriate granting of TLS certificates, which have since been rescinded to ensure security.. TLS Certificate Revocation, Let's Encrypt Bug, Certificate Authority Issues. . LinuxSecurity.com Team
Mar 04, 2020
•
Cryptography
81
security advisoryprivacy breachbug reportFacebook Photo API Bug Exposes User Data: 6.8 Million Affected
A bug in Facebook’s photo API may have exposed up to 6.8 million users’ photos to app developers, the company announced on Friday. . Facebook said that normally, when a user gives permission for an app to get at their Facebook photos, the developers are only supposed to get access to photos that are posted onto their timeline. The link for this article located at NakedSecurity / Sophos is no longer available. . A glitch in Facebook's image API might have inadvertently revealed countless users' private images, sparking issues related to user confidentiality.. Facebook API, User Privacy, Data Breach, Photo Security. . LinuxSecurity.com Team
Dec 18, 2018
•
Privacy
83
security flawbug reportinformation systemFacebook Bug Report: Palestinian Analyst Highlights Security Flaw
A Palestinian information system expert says he was forced to post a bug report on Mark Zuckerberg. The vulnerability, which was reported by a man calling himself The link for this article located at RT is no longer available. . The vulnerability, which was reported by a man calling himself The link for this article located at . palestinian, information, system, expert, forced, report, zuckerberg. . LinuxSecurity.com Team
Aug 19, 2013
•
Hacks/Cracks
83
bug reportsoftware glitchdevelopment errorNine Strange Software Bugs That Users Encountered and Shared About
Writing buggy applications is a cinch--for decades, the world's software developers have been proving that with just about every program they release. Truly interesting bugs, however, are a relatively rare breed. I'm talking about the kind that cause technology products and services to stop working for extended periods, or that prompt them to behave as if they were possessed or harbored grudges against the humans who use them. And even though the bugs themselves usually stem from mundane errors such as typos or faulty math, their symptoms are anything but boring.. For this story, I rounded up nine truly peculiar bugs that bedeviled customers of some of the largest providers of software and services on the planet. (I didn't cover ones with catastrophic side effects such as explosions or the death of human beings; Simson Garfinkel discusses some of those in this creepy good read at Wired.com. Of course, when it comes to bugs, Windows occupies a category of its own, as you'll see in "The Worst Windows Flaws of the Past Decade." And sometimes the problem isn't a mistake so much as a really bad idea from the beginning; see "The 25 Worst Tech Products of All Time" and "The 10 Dumbest Tech Products So Far.") The link for this article located at IT World is no longer available. . For this story, I rounded up nine truly peculiar bugs that bedeviled customers of some of the larges. writing, buggy, applications, cinch--for, decades, world's, software, developers, provin. . LinuxSecurity.com Team
Jun 22, 2009
•
Hacks/Cracks
74
security advisoryinformation leakMozillaMozilla Denies Information Leak Claims For Firefox 2.0.0.12
Published reports of an information leakage vulnerability affecting fully patched versions of the open-source Firefox browser have been greatly exaggerated, according to Mozilla chief evangelist Mike Shaver. Shaver's sharp retort follows the release of an advisory by hacker Ronald van den Heetkamp claiming that the most recent Firefox 2.0.0.12 is susceptible to a bug that allows hackers to view sensitive information on a target machine. . The link for this article located at eweek is no longer available. . Claims regarding a vulnerability in Chrome overstated, asserts Google’s Jane Doe. Software stays resilient and updated.. Firefox Security,Browser Bug Reports,Mozilla Information Leak. . Bill Locke
Feb 12, 2008
•
Network Security
79
security advisorysecurity practicesdebianDebian Security Advisory: User Awareness Concerns Raised by Florian Weimer
An interesting bug was filed today by Florian Weimer. I'll quote the bug report in full: "Over the past few months, the GNU/Linux community has slowly adopted a way of dealing with security issues which closely resembles the approach suggested by . . . . An interesting bug was filed today by Florian Weimer. I'll quote the bug report in full: "Over the past few months, the GNU/Linux community has slowly adopted a way of dealing with security issues which closely resembles the approach suggested by Microsoft last year: more-or-less systematic hiding of security problems from end users, at least for some time. The link for this article located at Debianhelp is no longer available. . Florian Weimer's recent bug submission emphasizes key points about security awareness in the GNU/Linux ecosystem, pointing to a need for improved education for developers and users. Debian Issues, GNU/Linux Security, User Awareness, Security Practices. . LinuxSecurity.com Team
Jan 17, 2002
•
Security Projects
77
security advisorynetwork flawsBINDBIND 9 Security Review: Critical Issues Raised By D. J. Bernstein
This post by D. J. Bernstein, author of djbdns, a "secure" DNS server, wrote this message prompted by the recent problems experienced with BIND 9 and its "300000 lines of bad code." "BIND 9 is good code, you say? The BIND programmers learned their lesson from these security disasters and rewrote everything from scratch? Professor Bernstein's opinion differs. . .. This post by D. J. Bernstein, author of djbdns, a "secure" DNS server, wrote this message prompted by the recent problems experienced with BIND 9 and its "300000 lines of bad code." "BIND 9 is good code, you say? The BIND programmers learned their lesson from these security disasters and rewrote everything from scratch? Professor Bernstein's opinion differs Date: 1 Feb 2001 07:29:42 -0000 Message-ID: From: "D. J. Bernstein" To: bugtraq@ Subject: Time to un-BIND your network! Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline It's interesting that the NXT security disaster and the TSIG security disaster were both introduced as new features in BIND 8.2. Paul Vixie blames BIND's problems on ``sleazeware produced in a drunken fury by a bunch of U C Berkeley grad students.' But BIND 4 was only 20000 lines of bad code. BIND 8.2 is 150000 lines of bad code. BIND 9 is good code, you say? The BIND programmers learned their lesson from these security disasters and rewrote everything from scratch? Let's look at the facts: * BIND 9 was funded in August 1998. There was a public statement that ``code drop has been made to funding organizations' in March 1999. Guess when BIND 8.2 was released? That's right: March 1999. * BIND 9 was made available for public testing in February 2000. The official BIND 9.0.0 release was in September 2000. _Hundreds_ of bugs have been discovered in BIND 9 since then. (The list of previously discovered bugs---presumably even more embarrassing--- doesn't seem to be publicly available. Gee, what a surprise.) * By all accounts, BIND 9 chokes even more often than BIND 8 does. Sample from thebind9-users mailing list last week: two sysadmins at large sites reported that, within a few days, BIND 9.1.0 stopped responding and started burning CPU time. Bottom line: The Buggy Internet Name Daemon lives on. BIND 9 is 300000 lines of bad code. Does anyone seriously believe that none of BIND 9's bugs can be exploited by attackers? I don't. But I can relax, because I've been free of my BINDs for the past year; I wrote my own DNS software, djbdns. To learn more: yp djbdns works for citysearch.com and pobox.com and one site that handles nearly 400000 *.com's; I think it'll work for you too. It's free, it doesn't crash, and it doesn't let attackers take over your machine. ---Dan . D. J. Bernstein analyzes vulnerabilities within the BIND 9 DNS server, advocating for solutions such as djbdns to mitigate potential security risks.. BIND Issues, DNS Server Security, D.J. Bernstein, Open Source DNS, Network Reliability. . LinuxSecurity.com Team
Feb 23, 2001
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More