Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -1 articles for you...
82
privacy concernssmartphone securityfederal surveillanceFederal Court Demands Decryption From Apple And Google Under Law
The FBI has made it no secret that it hates Apple and Google's efforts to encrypt files in your smartphones and tablets. Now court documents have emerged showing just how far the Feds are willing to go to decrypt citizens' data.. The paperwork has shown two cases where federal prosecutors have cited the All Writs Act The link for this article located at The Register UK is no longer available. . Legal filings expose the methods by which federal authorities are leveraging the All Writs Act to require Apple and Google to unlock encrypted gadgets.. smartphone Encryption, Federal Surveillance, Privacy Concerns, Encryption Demands. . Alex
Dec 04, 2014
•
Government
67
encrypted communicationlaw enforcementsecurity challengesiMessage Encryption Limits Federal Surveillance Capabilities
Internal document from the Drug Enforcement Administration complains that messages sent with Apple's encrypted chat service are "impossible to intercept," even with a warrant.. Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals. The link for this article located at CNET is no longer available. . The encryption employed by WhatsApp poses significant challenges for law enforcement agencies, hindering their ability to monitor criminal activities effectively.. iMessage Encryption, Federal Surveillance, Privacy Protection. . LinuxSecurity.com Team
Apr 04, 2013
•
Cryptography
67
man-in-the-middlecommunication securitycertificate authorityResearch Reveals Government Use of Forged SSL Certificates for Interception
Here is a very technical discussion of some issues involved with intercepting communications in an SSL tunnel without breaking the encryption, and how it could be used by a federal government to wiretap on citizens.. Says Matt Blaze: A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don't even do that much. . Scary research by Christopher Soghoian and Sid Stamm: Abstract: This paper introduces a new attack, the compelled certificate creation attack, in which government agencies compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications. We reveal alarming evidence that suggests that this attack is in active use. Finally, we introduce a lightweight browser add-on that detects and thwarts such attacks. Even more scary, Soghoian and Stamm found that hardware to perform this attack is being produced and sold: At a recent wiretapping convention, however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds. The boxes were designed to intercept those communications -- without breaking the encryption -- by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities. The link for this article located at Bruce Schneier is no longer available. . Disturbing research shows how governments misuse fake SSL certificates to secretly infiltrate encrypted communications, jeopardizing online security and privacy. SSL, Man-In-The-Middle, Certificate Authority, Encryption Attacks, Internet Security. . LinuxSecurity.com Team
Apr 13, 2010
•
Cryptography
81
government guidelinesprivacy concernsdata miningSenate Judiciary Committee Reviews DOJ Surveillance Guidelines Proposal
The Senate Judiciary Committee on Thursday will examine proposed Justice Department guidelines that would give federal investigators new license to mine publicly available databases and monitor Web use. The changes, which come after a major FBI shakeup last week, have sparked . . . . The Senate Judiciary Committee on Thursday will examine proposed Justice Department guidelines that would give federal investigators new license to mine publicly available databases and monitor Web use. The changes, which come after a major FBI shakeup last week, have sparked intense debate over the merits of expanding government surveillance powers as the country faces ongoing threats of terrorist attacks. Backers paint the reforms as a long overdue end to restrictions that have hobbled investigators and denied them access to research tools that are available to anyone with an Internet connection. Intelligence failures in the FBI and CIA have come under the spotlight amid new questions about who knew what in advance of the Sept. 11 suicide hijackings, which left more than 3,000 people dead. The link for this article located at ZDNet is no longer available. . House Intelligence Committee to evaluate updated Federal Bureau of Investigation protocols regarding national security monitoring methods.. Federal Surveillance, Privacy Concerns, Government Guidelines, Data Mining. . LinuxSecurity.com Team
Jun 06, 2002
•
Privacy
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More