Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -2 articles for you...
74
web securitycookie securityApache configurationEnhancing Web Cookie Security with HTTPOnly and ModSecurity
The bottom line is this - while this cookie option flag does absolutely nothing to prevent XSS attacks, it does significanly help to prevent the #1 XSS attack goal which is stealing SessionIDs. While HTTPOnly is not a "silver bullet" by any means, the potential ROI of implement it is quite large. Notice I said "potential" as in order to provide the intended protections, two key players have to work together. This article looks at one way you can make your Web cookies more secure by using the Apache's extension called modsecurity. If you are interested in this please read on for more information and how you set this up on your own Apache web server.. The link for this article located at modsecurity is no longer available. . Discover the strategies for enhancing cookie security through the HTTPOnly attribute via Apache's mod_security for improved web safety protocols.. web cookie security, HTTPOnly, Apache ModSecurity, secure cookies, web applications. . Bill Locke
Dec 29, 2008
•
Network Security
77
data protectionweb threatsbest practicesExploring Cookie Security Threats and Misconfigurations
Within one week's time, we stumbled across two different sites using cookies the wrong way. While the attack vectors were a bit different, both sites trusted the cookie data to secure their users. Let's break this cookie down so we can understand its intent. First, you can easily tell who the cookie belongs to . Unpack prevalent cookie setup issues and discover methods to manage cookie information securely for enhanced safeguarding.. Web Cookies, Secure Data Handling, Cookie Best Practices, Cybersecurity Risks. . LinuxSecurity.com Team
Dec 18, 2006
•
Server Security
77
security breachsession managementweb application securityCross Site Scripting Attack: Exploiting Session IDs And Cookies
Cross site scripting (XSS) errors are generally considered nothing more than a nuisance . As if fate wanted to make it challenging, the maximum size of the HTML input field for the email address was 25 characters, and it only accepted POST data, which is somewhat limiting. As a result, I had to "outsource" my cross-site scripting attack to a third server. The end result was that I had to make a user click on a link that first took the victim to my server. From there, the code on my server directed the victim to the web application with a POST value that included the XSS code, which was then fed into the login script. Finally, the above JavaScript was output into the login page. Once the JavaScript executed, the cookie data was passed back to the third party server, which captured that cookie value, stored it, and redirected the victim back to the real server where they would again be presented with the real and unaltered login page. Since all this happened in a matter of a second, only an educated and knowledgeable user would notice anything out of the ordinary. The link for this article located at Inform IT is no longer available. . As if fate wanted to make it challenging, the maximum size of the HTML input field for the email add. cross, scripting, (xss), errors, generally, considered, nothing, nuisance. . LinuxSecurity.com Team
Aug 16, 2006
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More