Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 2 articles for you...
210
security advisoryLinux kernelpublic disclosureLinux Wi-Fi Flaw Management and Public Disclosure Risks
A serious Wi-Fi vulnerability has shown how Linux handles security in plain sight. Learn more about this security bug, as well as how the Linux kernel balances the risks of public bug disclosure: . Last month a serious Linux Wi-Fi flaw ( CVE-2019-17666 ) was uncovered that could have enabled an attacker to take over a Linux device using its Wi-Fi interface. At the time it was disclosed Naked Security decided to wait until a patch was available before writing about it. Well, it’s been patched , but the journey from discovery to patch provides some insights into how the Linux open-source project (the world’s largest collaborative software development effort) manages bug fixes and the risks of disclosure. The Linux community worked hard last month to patch a bug in one of the operating system’s wireless drivers. The bug lay in RTLWIFI, a driver used to run Wi-Fi chips produced by processor manufacturer Realtek. The link for this article located at Naked Security is no longer available. . The Linux kernel has a structured method to handle risks linked with revealing bugs, focusing on Wi-Fi vulnerabilities through systematic reviews and collaboration. Linux Security, Wi-Fi Vulnerability, Open Source Management. . Brittany Day
Nov 18, 2019
•
Security Vulnerabilities
78
phishinginformation exposuresecurity threatVeriSign Phishing Risk: Public Info Threatens Major Firms' Security
VeriSign and one of its partners have come under fire for publicly exposing webpages used to process customer security certificates, a practice a competitor claims puts some of the biggest names on the web at risk of serious targeted attacks.. According to Melih Abdulhayoglu, CEO of internet security firm Comodo, publicly accessible pages such as those here and here needlessly disclose sensitive internal information about VeriSign customers Bank of America and the Commonwealth of Massachusetts respectively. By exposing the email address of the organizations' security certificate managers and providing a comprehensive list of web addresses that use secure sockets layer protection, VeriSign puts them at risk of targeted phishing attacks, he said. What's more, Abdulhayoglu pointed to the availability of this page provided by VeriSign partner Getronics.nl of the Netherlands. It allows anyone in the world to search its database and pull up a wealth of information about the digital certificates of not only Bank of America but plenty of other companies, including VeriSign itself. The interface also points to dynamically generated pages like the one captured below, which provide buttons for revoking, renewing, and replacing the digital certificate. The link for this article located at The Register UK is no longer available. . Easily reachable websites allegedly reveal confidential data, heightening the chances of phishing schemes targeting prominent corporations.. VeriSign Certificates, Phishing Attacks, Digital Security Threats. . LinuxSecurity.com Team
Jun 25, 2010
•
Vendors/Products
77
web applicationdata analysisvulnerabilitySecurity Flaws Overview: 2005 Trends And Data Analysis Challenges
After three years of modest or no gains, the number of publicly reported vulnerabilities jumped in 2005, boosted by easy-to-find bugs in web applications. Yet, questions remain about the value of analyzing current databases, whose data rarely correlates easily. A survey of four major vulnerability databases found that the number of flaws counted by each in the past five years differed significantly. However, three of the four databases exhibited a relative plateau in the number of flaws publicly disclosed in 2002 through 2004. And, every database saw a significant increase in their count of the flaws disclosed in 2005. . A few common themes emerged from the data as well. In 2005, easy-to-find flaws in web applications were likely responsible for the majority of the increase, the database managers said in interviews with SecurityFocus. However, some of the increase came from a doubling in the number of flaws released by large software companies. The link for this article located at TheRegister.co.uk is no longer available. . The rising number of documented flaws underscores patterns in software security gaps following an extended period of consistency.. Public Vulnerabilities Trends, Web Application Bugs, Vulnerability Data Analysis. . LinuxSecurity.com Team
Jan 11, 2006
•
Server Security
77
kernel securitysecurity flawsprocess securityExploring Linux Process Security and Public Vulnerability Disclosure
In his latest entry, Dana asks whether the Linux process is insecure, because it’s not possible to warn the "vendor" before warning the general public about security flaws in Linux. He also notes that "Microsoft has theoretical control of this situation." There are several problems with this line of reasoning. I’m not going to argue that the open source model of development is perfect, but it offers several advantages over the proprietary model. Let’s start with the most obvious. . Yes, if I discover a vulnerability in the Linux kernel — or any other open source project that does development on public lists and completely out in the open — when I reveal the problem on the development mailing list, I reveal it to the public. It’s worth noting that some open source projects, like Mozilla Foundation, have systems that allow developers to file bugs and security issues without disclosing details to the public at large. The link for this article located at ZDNet is no longer available. . Explore the way Linux addresses security flaws transparently, highlighting differences with closed-source approaches and their announcement strategies.. Linux Process Security, Open Source Vulnerabilities, Public Disclosure Protocol. . LinuxSecurity.com Team
May 19, 2005
•
Server Security
82
cybersecuritycritical infrastructurepublic disclosureUS Department of Homeland Security Advocates Network Outage Secrecy
"Giving the public too many details about significant network service outages could present cyberterrorists with a "virtual road map" to targeting critical infrastructures, according to the US Department of Homeland Security, which this month urged regulators to keep such information secret." Ah, this must be more of the "increased security through decreased transparancy" theory. It meshes well with the "Terrorists are smart enough to look into telecom outage reports and expert enough to know how to use them, but somehow cannot otherwise determine what parts of our information infastructure might be vulnerable" theory. Two words, DoHS: "Root Servers". And I didn't even read one of those outage reports! . . .. Giving the public too many details about significant network service outages could present cyberterrorists with a "virtual road map" to targeting critical infrastructures, according to the US Department of Homeland Security, which this month urged regulators to keep such information secret. At issue is an FCC proposal that would require telecom companies to report significant outages of high-speed data lines or wireless networks to the commission. The plan would rewrite regulations that currently require phone companies to file a publicly-accessible service disruption report whenever they experience an outage that effects at least 30,000 telephone customers for 30 minutes or more. Enacted in the wake of the June 1991 AT&T long-distance crash, the FCC credits the rule with having reversed a trend of increased outages on the phone network, as telecom companies used the disclosures to develop best practices and learn from each others' mistakes. The link for this article located at TheRegister is no longer available. . Significant disruptions in communication networks raise concerns about the vulnerabilities in essential systems and the potential for cyberattacks stemming from a lack of transparency.. Network Outages, Cybersecurity Regulation, Critical Infrastructure, Information Secrecy. . Anthony Pell
Jun 24, 2004
•
Government
83
security advisorypublic disclosurehacker incidentUnix Flaws and Kerberos Exposed: Security Advisory Leak by Hacker
A hacker claims to have stolen three security advisories from a corporate computer and posted them on a public mailing list, creating fresh dilemmas for users and software makers. A self-proclaimed hacker claims to have stolen three unreleased security advisories . . . . A hacker claims to have stolen three security advisories from a corporate computer and posted them on a public mailing list, creating fresh dilemmas for users and software makers. A self-proclaimed hacker claims to have stolen three unreleased security advisories from a corporate computer and posted them to a public mailing list. The online vandal, who uses the monicker "Hack4Life", said on Wednesday that he stole advisories detailing flaws in a common set of Unix code, the Kerberos authentication system and some implementations of encryption for Web sites. He claims to have stolen them from a firm that had been working with the Computer Emergency Response Team (CERT) Coordination Center, a clearinghouse for security information. The link for this article located at ZDNetUK is no longer available. . A hacker claims to have stolen three security advisories from a corporate computer and posted them o. hacker, claims, stolen, three, security, advisories, corporate, computer, posted. . LinuxSecurity.com Team
Mar 20, 2003
•
Hacks/Cracks
82
data breachcorporate securitygovernment securityCalifornia Law Mandates Data Breach Disclosure For Security Awareness
California law now demands that the public be informed when government or corporate databases are breached. It's about time. In April, 2002, hackers broke into the payroll database for the state of California. For more than a month, cybercriminals rooted around in the personal information of 265,000 Golden State employees, ranging from Governor Gray Davis to maintenance workers and clerks. . .. California law now demands that the public be informed when government or corporate databases are breached. It's about time. In April, 2002, hackers broke into the payroll database for the state of California. For more than a month, cybercriminals rooted around in the personal information of 265,000 Golden State employees, ranging from Governor Gray Davis to maintenance workers and clerks . Worse, the California Controller's Office, which ran the database, failed to notify state employees for more than two weeks after the breach was discovered. Although officials with the Controller's office insisted the break-in probably hadn't resulted in any significant harm, the incident enraged Golden State pols and employees, whose Social Security numbers, bank account information, and home addresses were fair game for the hackers. This lapse sparked what may mark a dramatic shift in legal policy toward cybersecurity. Over strenuous objections from the business lobby, on Sept. 26 California enacted a sweeping measure that mandates public disclosure of computer-security breaches in which confidential information may have been compromised. The law covers not just state agencies but private enterprises doing business in California. Come July 1, 2003, those who fail to disclose that a breach has occurred could be liable for civil damages or face class actions. The link for this article located at SecurityFocus is no longer available. . California law now demands that the public be informed when government or corporate databases are br. california, demands, public, informed, government, corporate, databases. . Anthony Pell
Nov 11, 2002
•
Government
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More