Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Ahead With Linux Security News

Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found 11 articles for you...
78

Intel Core Ultra Series 2: Securing Linux with Partner Security Engine

Intel recently introduced a game-changer in hardware security with its new Partner Security Engine integrated into the Core Ultra Series 2. This advanced security architecture ushers in a new era of hardware-enforced protection, offering features like secure boot, cryptographic operations, and an unassailable root of trust. For those tasked with safeguarding Linux systems, this means the opportunity to offload some complex security tasks from software to hardware, achieving more without the burden of additional overhead. . The real surprise here lies in the seamless blend of cutting-edge security features and their practical benefits to daily operations. The Partner Security Engine creates a more resilient defense against unauthorized access and emerging threats by leveraging hardware isolation to protect sensitive processes and data. Linux security admins will find this integration a significant ally, simplifying their security management while preparing their systems to tackle future challenges with a robust, hardware-backed foundation. Let's examine this exciting development and its benefits for us Linux admins in more depth. An Overview of the Intel Partner Security Engine Intel Partner Security Engine (PSE) was developed to add an extra layer of physical protection for Intel Core Ultra Series 2 PCs, meeting many of the challenges inherent to traditional software-based security measures. By including PSE in these processors, Intel ensures critical security functions can be handled more efficiently and securely. One of the PSE's standout features is its ability to isolate itself from other system resources, which protects sensitive processes from being altered or accessed by unintended individuals or parties. Linux systems typically utilize environments where security is at the top of mind , making this level of protection all the more vital. PSE provides various capabilities to significantly enhance your Linux deployment's security posture. Secure Boot and Hardware-Enforced Root ofTrust PSE provides secure boot, which ensures only trusted software runs during system startup by verifying the digital signatures of the bootloader and critical components before they are executed. This means reduced chances of infection from malicious software during booting. Intel has implemented the PSE as part of its efforts to create a hardware-backed root of trust. It is the cornerstone for many security protocols and a reliable starting point to establish trust in systems. By making it part of its hardware design, this approach significantly strengthens overall Linux system security by making exploiting vulnerabilities more difficult for attackers. Cryptographic Operations and Data Protection Cryptographic operations are another critical area where the PSE shines. Encryption and decryption processes can be handled more efficiently and securely when offloaded to dedicated hardware. This improves performance and reduces the risk of sensitive data being exposed during these operations. Linux admins can leverage the PSE to implement stronger encryption policies without placing additional strain on system resources. The PSE's capabilities extend to various use cases, including secure identity verification, data protection , and communication channels. By providing a hardware-based solution for these critical security tasks, Intel has made it easier for Linux admins to enhance their security measures without overhauling their existing infrastructure. Streamlining Security Administration One of the most surprising benefits of the PSE for Linux users is its ability to streamline security administration. Traditional software-based security measures can be complex and time-consuming to implement and maintain. With the PSE, many of these tasks can be offloaded to hardware, simplifying the overall security management process. This hardware-enforced security approach reduces the attack surface by minimizing the reliance on potentially vulnerable software components. This translates to amore straightforward and efficient method of maintaining robust security controls. The PSE's advanced features enable administrators to focus on other critical aspects of system management, knowing that the hardware handles many heavy-lifting security processes. Compatibility and Integration with Linux While integrating the PSE into Linux systems may require updating security policies and practices, the overall benefits outweigh the initial adjustments. Given Linux's flexibility and adaptability , incorporating the PSE's features is a manageable task for most administrators. The key to successful integration is understanding how the PSE interacts with the existing system architecture. Linux admins should review their security frameworks and identify areas where the PSE's capabilities can be most beneficial. Doing so can create a more cohesive security strategy that leverages hardware and software solutions. Preparing for Future Security Challenges PSE provides advanced capabilities that meet current security needs and are equipped to tackle emerging security threats more effectively in the future. As cyberattacks evolve and new risks emerge, having a secure foundation ensures systems can stay resilient against emerging risks. Linux administrators who adopt the PSE are effectively future-proofing their security strategies by taking this proactive step. Its hardware features provide a strong defense against sophisticated attacks such as ransomware attacks , and it forms an essential component of any comprehensive security plan. As technology progresses, having a security engine that can adapt and respond appropriately is critical in upholding integrity and trustworthiness among Linux deployments. Practical Implementation and Best Practices Implementing the PSE in a Linux environment involves several key steps and best practices. First, administrators should ensure that their hardware is compatible with the Core Ultra Series 2 to utilize the PSE's features fully. Next, reviewing andupdating security policies to incorporate the PSE's capabilities is essential. This may involve configuring secure boot settings, enabling hardware-based encryption, and integrating the PSE with existing security frameworks. Training and awareness are also critical components of a successful implementation. Linux admins and users should be educated on how to leverage the PSE effectively, ensuring that they understand the benefits and potential applications of the technology. Regular security audits and assessments can help identify any gaps or vulnerabilities in the system, allowing administrators to make the necessary adjustments to maximize the security benefits of the PSE. Our Final Thoughts on Intel's Partner Security Engine Intel's introduction of the Partner Security Engine with the Core Ultra Series 2 represents a significant advancement in hardware security for Linux systems. By providing features like secure boot, cryptographic operations, and a hardware-enforced root of trust, the PSE offers Linux administrators a powerful tool for enhancing their security posture. The ability to offload complex security tasks to dedicated hardware simplifies the overall management process, reducing the attack surface and improving system resilience. As threats advance, the PSE’s advanced capabilities ensure that Linux systems are well-equipped to handle future security challenges. Embracing this technology means gaining a robust foundation for our security strategies, ultimately leading to a more secure and reliable computing environment. By integrating the PSE's features and adopting best practices, Linux users can leverage the full potential of this game-changing security engine to safeguard their systems against even the most sophisticated threats. . Explore Intel's Collaboration with the Security Framework, boosting Windows protection via hardware capabilities such as trusted execution and data safeguarding.. Intel Security Engine, Linux Security Advances, Hardware Protection, Secure BootFeatures. . Brittany Day

Calendar%202 Jan 31, 2025 User Avatar Brittany Day Vendors/Products
67

TPM 2.0 Buffer Overflow Threats: Cryptographic Key Exposure

The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys. . TPM is a hardware-based technology that provides operating systems with tamper-resistant secure cryptographic functions. It can be used to store cryptographic keys, passwords, and other critical data, making any vulnerability in its implementation a cause for concern. While a TPM is required for some Windows security features, such as Measured Boot, Device Encryption, Windows Defender System Guard (DRTM), Device Health Attestation, it is not required for other more commonly used features. However, when a Trusted Platform Module is available, Windows security features get enhanced security in protecting sensitive information and encrypting data. The TPM 2.0 specification gained popularity (and controversy) when Microsoft made it a requirement for running Windows 11 due to its required boot security measures and ensuring that Windows Hello face recognition provides reliable authentication. Linux also supports TPMs, but there are no requirements for using the module in the operating system. However, there are Linux tools available that allow applications and users to secure data in TPMs. . TPM is a hardware-based technology that provides operating systems with tamper-resistant secure cryp. trusted, platform, module, (tpm), specification, affected, buffer, overflow, vulnerabiliti. . LinuxSecurity.com Team

Calendar%202 Mar 06, 2023 User Avatar LinuxSecurity.com Team Cryptography
210

Two Distinct Exploits Target Intel SGX: Threats to Crypto Keys and Data

For the past two years, Intel CPUs have been under siege by an unending series of attacks that make it possible for cybercriminals to pluck passwords, encryption keys, and other secrets out of silicon-resident memory. New security research reveals that Intel's speculative execution flaws go deeper and are even harder to fix than we initially thought. . On Tuesday, two separate academic teams disclosed two new and distinctive exploits that pierce Intel’s Software Guard eXtension, by far the most sensitive region of the company’s processors. Abbreviated as SGX, the protection is designed to provide a Fort Knox of sorts for the safekeeping of encryption keys and other sensitive data even when the operating system or a virtual machine running on top is badly and maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system. . Multiple groups disclose vulnerabilities aimed at AMD's SEV, endangering encryption integrity and safeguarding information.. Intel SGX Exploit, Cybersecurity Risks, Encryption Key Theft, Hardware Vulnerability. . Brittany Day

Calendar%202 Jun 12, 2020 User Avatar Brittany Day Security Vulnerabilities
79

Custom Hardware Authentication Keys With Google's OpenSK Project

Interested in using hardware security keys to log into online services more securely? Well, now you can make your own from scratch, thanks to an open-source project that Google announced last week. . Google has released an open-source implementation called OpenSK . It’s a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key. FIDO is a standard for secure online access via a browser that goes beyond passwords. There are three modern flavours of it: Universal Second Factor (U2F), Universal Authentication Factor (UAF), and FIDO2. UAF handles biometric authentication, while U2F lets people authenticate themselves using hardware keys that you can plug into a USB port or tap on a reader. That works as an extra layer on top of your regular password. The link for this article located at Naked Security is no longer available. . Google hasreleasedan open-source implementation calledOpenSK. It’s a piece of firmware that you ca. interested, using, hardware, security, online, services, securely. . LinuxSecurity.com Team

Calendar%202 Feb 03, 2020 User Avatar LinuxSecurity.com Team Security Projects
67

Best Hardware Encrypted Flash Drives For Secure Data Transport

If you're physically transporting data you don't want other people to see, you should be doing it on secure media. And what better than something that hides easily within a pocket? Secure flash drives that are only about the size of a small cigarette lighter feature robust hardware security to make them super secure. You'll pay a premium for the integrated security, but you can't put a price on the peace of mind you get by knowing that your data is locked down.. To get the skinny on the state-of-the-art in secure flash drives, we took five hardware-encrypted drives for test spins. The results? As far as security is concerned, it's all systems go. Three of the units--the Kingston DataTraveler 4000 Managed, the Kanguru Defender 2000, and the CMS CE-Secure Vault FIPS--are certified to Level 2 of the government's FIPS 140-2 security standard. The Imation Defender F200 ratchets that up to Level 3. The Apricorn Aegis Secure Key is being processed for Level 3 certification, though it is not yet certified. The link for this article located at PC World is no longer available. . To get the skinny on the state-of-the-art in secure flash drives, we took five hardware-encrypted dr. you're, physically, transporting, don't, other, people, should, doing. . LinuxSecurity.com Team

Calendar%202 May 25, 2012 User Avatar LinuxSecurity.com Team Cryptography
67

Survey Insights on Self-Encrypting Drives and Data Protection

One-third of security professionals who handle encryption don't understand self-encrypting hard disk drives. In particular, they're unsure whether the drives are better or worse than software-based encryption for preventing tampering, managing encryption, or handling authentication keys.. Those findings come from a recent survey of 517 IT practitioners who are at least familiar with self-encrypting drives, conducted by Ponemon Institute, and sponsored by the Trusted Computing Group (TCG), which promotes hardware-based, vendor-neutral security specifications. Today, when full disk encryption is used on a PC, software-based approaches are the norm, with 85% of survey respondents saying that's their primary approach. According to the survey, however, 70% of IT professionals also think that self-encrypting drives would help their organization to protect data, but many worry about the related hardware cost. Perhaps counter-intuitively, 37% of respondents also said that they "would pay a premium" for related data security improvements, according to the study. The link for this article located at Information Week is no longer available. . Those findings come from a recent survey of 517 IT practitioners who are at least familiar with self. one-third, security, professionals, handle, encryption, don't, understand, self-encrypting. . LinuxSecurity.com Team

Calendar%202 May 10, 2011 User Avatar LinuxSecurity.com Team Cryptography
78

RSA Conference 2023: Pushing Integrated Security In Hardware & Software

The folks running the annual RSA Conference here this week will tell you that the show is bigger than ever and security is at the top of every CIO's list of concerns. And while all of that may well be true, if heavyweights such as Sun Microsystems, Cisco Systems and Microsoft have their way, enterprises soon will have little use for the wares that most of the security vendors here are hawking. . It's rare that those three vendors would all agree on anything, but in speeches and interviews this week, executives from all of them have said that it's time to build security into hardware and software from the ground up and stop trying to fix problems after the fact. The link for this article located at eWeek is no longer available. . Top executives advocate for unified safety measures within hardware and software to address urgent security challenges.. Security Integration, Enterprise Security, RSA Conference 2023. . LinuxSecurity.com Team

Calendar%202 Feb 17, 2006 User Avatar LinuxSecurity.com Team Vendors/Products
78

VIA Technologies Unveils PadLock SDK for Security Performance Boost

VIA Technologies, Inc, a leading innovator and developer of silicon chip technologies and PC platform solutions, today announced the release of the VIA PadLock SDK, a step by step programming guide designed for third party software developers who want to capitalize on the performance enhancing security features built into feature rich VIA processors. . . .. VIA Technologies, Inc, a leading innovator and developer of silicon chip technologies and PC platform solutions, today announced the release of the VIA PadLock SDK, a step by step programming guide designed for third party software developers who want to capitalize on the performance enhancing security features built into feature rich VIA processors. To combat the increasing reliance on security software programs that draw heavily on PC system resources and hamper overall performance, VIA developed the PadLock Hardware Security Suite to complement software programs by taking on much of the heavy lifting involved with information security applications. Featured in all VIA processors based on the C5P Nehemiah core, the VIA Hardware Security Suite offers quantum-based random number generation with the VIA PadLock RNG (Random Number Generator) and AES encryption at blistering speeds through the VIA PadLock ACE (Advanced Cryptography Engine). . VIA Technologies introduces the PadLock SDK, aiming to enhance efficiency for security application developers working with VIA chips.. PadLock SDK, VIA Technologies, Hardware Security Suite, Information Security. . LinuxSecurity.com Team

Calendar%202 Sep 10, 2004 User Avatar LinuxSecurity.com Team Vendors/Products
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200