Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 3 articles for you...
79
security advisoryrandom number generatorconfidential computingLinux 6.9 CoCo VMs Panic on Broken RdRand RNG: Security Impact
A significant change has been merged into the x86 fixes for Linux 6.9, requiring the seeding of RNG (Random Number Generation) with RdRand for CoCo (Confidential Computing) environments. The change focuses on CoCo virtual machines , designed to be as isolated as possible, assuming the VM host is untrusted. RdRand is critical as a hardware random number generator instruction for entropy to guest VMs. Security expert and WireGuard developer Jason Donenfeld authored this change. . What Changes Have Been Made? What Are the Implications for Confidential Computing? CoCo VMs will now panic if RdRand is broken, ensuring that the VMs do not continue to boot with limited or no entropy, which previously led to incomplete random number generation. Consequently, the change asserts that without proper seeding through RdRand, most cryptography within the CoCo VM will be compromised, which challenges the entire concept of confidential computing. RdRand is crucial in confidential computing and has the potential to impact Linux environments significantly. This move to require the seeding of RNG with RdRand for CoCo environments signifies a significant shift in the approach to handling security and entropy in virtual machines. One intriguing aspect of this change is the potential consequences of not seeding the RNG with RdRand, particularly in CoCo environments. It raises questions about how this change may affect the overall security posture of the Linux 6.9 release and whether it introduces any new vulnerabilities. Furthermore, the challenges posed by the existing threat model for CoCo must be acknowledged, where the VM host is considered untrusted and potentially adversarial. This prompts further consideration of how this requirement shapes the security assumptions and threat mitigation strategies for such environments. From a long-term perspective, this change may shift how Linux administrators and security professionals approach the design and deployment of CoCo environments. It prompts admins toconsider how this requirement aligns with their current security practices and whether it necessitates any adjustments in their security protocols. The implications of this change on the broader Linux and open-source security landscape also merit attention. As Linux 6.9 progresses, monitoring any feedback, challenges, or unforeseen impacts resulting from this requirement would be valuable. This requires a collective effort from the community to assess the practical implications of the change and provide feedback for refining its implementation. This change reminds security practitioners of the dynamic nature of security technologies and the continuous evolution of best practices. It urges them to stay informed about foundational changes and adapt their security strategies to align with emerging ecosystem requirements. Our Final Thoughts on These Changes in Linux 6.9 This pivotal change reverberates across the Linux and open-source security domains. By critically examining the implications of this requirement, security practitioners are equipped to navigate the evolving landscape of confidential computing and the associated security considerations in virtualized environments. . If RdRand fails, CoCo VMs might crash, jeopardizing entropy and cryptographic functions within Linux 6.9 secure contexts.. Confidential Computing, Random Number Generation, CoCo VMs, Linux Security. . Dave Wreski
Apr 08, 2024
•
Security Projects
67
performance improvementsecurity featureslinux kernelLinux 6.1 Update: RNG and Crypto Code Enhancements for Better Security
The random number generator "RNG" and crypto subsystem pull requests have already been submitted for the Linux 6.1 merge window. . Jason Donenfeld of WireGuard fame continues spending a lot of time working to clean-up Linux's RNG code. For Linux 6.1 the RNG code has seen a regression fix come around O_NONBLOCK that broke user-space some two years ago, a performance regression fix, using randomness from hardware RNGs earlier in the boot process, and a variety of other smaller changes to the RNG code that has been undergoing a lot of improvements as of late. The full list of RNG changes for Linux 6.1 can be found via The link for this article located at Phoronix is no longer available. . With the arrival of Linux 6.1, the RNG and encryption modules have undergone significant improvements, focusing on enhanced efficiency and bolstered security protocols.. Random Number Generator, Crypto Improvements, Linux Kernel Enhancements, System Performance. . LinuxSecurity.com Team
Oct 22, 2022
•
Cryptography
82
NSAbackdoorsecurity oversightNSA's Criticism On Dual_EC_DRBG Flaw and Its Cryptographic Implications
It was a mistake for the National Security Agency to support a critical cryptographic function after researchers presented evidence that it contained a fatal flaw that could be exploited by US intelligence agents, the agency's research director said.. The comments by NSA Director of Research Michael Wertheimer were included in an article headlined The Mathematics Community and the NSA published this week in a publication called Notices. The article responds to blistering criticism from some mathematicians, civil liberties advocates, and security professionals following documents provided by former NSA subcontractor Edward Snowden showing that the agency deliberately tried to subvert widely used crypto standards. One of those standards, according to The New York Times, was a random number generator known as Dual EC_DRBG, which was later revealed to be the default method for generating crucial random numbers in the BSAFE crypto toolkit developed by EMC-owned security firm RSA.. Concerns arise over NSA's endorsement of the compromised Dual EC_DRBG; essential insights on encryption and safeguarding strategies emerge.. NSA Support of Dual EC_DRBG,Cryptography Security Flaws,Encryption Policy Oversight,Random Number Generation Issues. . Dave Wreski
Jan 15, 2015
•
Government
67
security advisoryrandom number generatorcryptographic flawRSA BSAFE Toolkit Advisory: Decryption Risk From Weak RNG Influence
Security provider RSA endowed its BSAFE cryptography toolkit with a second NSA-influenced random number generator (RNG) that's so weak it makes it easier for eavesdroppers to decrypt protected communications, Reuters reported Monday. . Citing soon-to-be-published research from several universities, Reuters said the Extended Random extension for secure websites allows attackers to work tens of thousands of times faster when breaking cryptography that uses the Dual EC_DRBG algorithm to generate the random numbers that populate a specific cryptographic key. . Investigations show that the BSAFE toolkit from RSA relies on a weak RNG influenced by the NSA, jeopardizing the integrity of secure communications.. BSAFE Cryptography, Random Number Generation, Security Flaw, Decryption Risk. . LinuxSecurity.com Team
Apr 03, 2014
•
Cryptography
67
security advisorydata securityencryptionRSA Advisory on NSA's Dual_EC_DRBG Random Generator - Security Risk
Security biz RSA has reportedly warned its customers to stop using the default random-number generator in its encryption products - amid fears spooks can easily crack data secured by the algorithm.. All encryption systems worth their salt require a source of virtually unpredictable random values to create strong cryptographic keys and similar things; one such source is the NSA-co-designed pseudo-random-number generator Dual_EC_DRBG, or the Dual Elliptic Curve Deterministic Random Bit Generator, which is well known for being cryptographically weak: six years ago it was claimed that someone had crippled the design, effectively creating a backdoor [PDF] so that encryption systems that relied on it could be easily cracked. The link for this article located at The Register UK is no longer available. . RSA cautions users about relying on the NSA's compromised random-number generator, essential for maintaining strong encryption measures.. RSA Encryption, Dual_EC_DRBG, Cryptographic Security, Random Number Generation, Secure Algorithms. . LinuxSecurity.com Team
Sep 27, 2013
•
Cryptography
81
security advisoryencryptioncryptographyRSA Security Advisory: NSA Encryption Weakness Identified
A major American computer security company has told thousands of customers to stop using an encryption system that relies on a mathematical formula developed by the National Security Agency (NSA).. RSA, the security arm of the storage company EMC, sent an email to customers telling them that the default random number generator in a toolkit for developers used a weak formula, and they should switch to one of the other formulas in the product. The link for this article located at The Guardian is no longer available. . RSA, the security arm of the storage company EMC, sent an email to customers telling them that the d. major, american, computer, security, company, thousands, customers, using, encrypti. . LinuxSecurity.com Team
Sep 23, 2013
•
Privacy
79
security advisoryprivacy issueLinux distributionIdentifying Flaws in Linux Random Number Generator Affecting Security
his new paper which is about to appear later this month (May, 2006) on the IEEE security and privacy conference describes holes in Linux's random number generator, as well as a clear description of the Linux /dev/random. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence numbers, and file system and email encryption. Although the generator is part of an open source project, its source code (about $2500$ lines of code) is poorly documented, and patched with hundreds of code patches. . The link for this article located at Securiteam.com is no longer available. . Exploring the vulnerabilities within Linux's entropy pool and their implications on cryptographic systems.. Random Number Generator, Linux Security, Cryptography Issues. . LinuxSecurity.com Team
May 15, 2006
•
Security Projects
67
security advisoryVPNdigital signatureBell Labs DSA Flaw Affects Secure Transactions and VPN Integrity
A SCIENTIST AT Bell Labs, the research and development wing of Lucent Technologies, has discovered a flaw in the Digital Signature Algorithm (DSA) that could affect the integrity of secure transactions on the Internet and adversely impact VPNs (virtual private networks), . . . . A SCIENTIST AT Bell Labs, the research and development wing of Lucent Technologies, has discovered a flaw in the Digital Signature Algorithm (DSA) that could affect the integrity of secure transactions on the Internet and adversely impact VPNs (virtual private networks), online shopping, and online financial transactions. Daniel Bleichenbacher, a member of Bell Labs' Information Sciences Research Center, discovered a glitch in the random number generation technique used with the DSA, according to the company in a statement. He learned that the DSA's random number generator was biased and was twice as likely to pick a set of numbers from one range than from another. The U.S. National Security Agency designed DSA and it is one of three authentication algorithms approved for generating and verifying digital signature under the Digital Signature Standard. Digital signatures allow software at the end of an electronic transaction to confirm the identity of the party initiating the transaction and to verify the integrity of the information received. The link for this article located at InfoWorld is no longer available. . Research Institute uncovers a significant vulnerability in the RSA Encryption Protocol jeopardizing data security and online privacy.. Digital Signature Algorithm, Bell Labs Security, VPN Integrity, Cryptographic Flaws. . LinuxSecurity.com Team
Feb 06, 2001
•
Cryptography
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More