Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 0 articles for you...
83
cyber threatsmalwareransomwareRansomware: A New Twist Where Games Replace Cash Demands
Not all ransomware is made equal. To be clear, we’re not for a moment suggesting that any form of ransomware is technically, ethically, morally or legally acceptable.. After all, ransomware is guilty of unuauthorised access as soon as it reads your files, and of the more serious crime of unauthorised modification as soon as it overwrites them. The link for this article located at Naked Security/Sophos is no longer available. . Uncover an odd turn of events where an unconventional approach engages in brutal challenges instead of requesting money from targets, exposing hidden dangers.. Ransomware Ethics, Cyber Threats, Malware Behavior, Gaming Influence. . LinuxSecurity.com Team
Apr 14, 2018
•
Hacks/Cracks
74
Black Hat conferencenetwork exploitsecurity ethicsExploring Ethical Concerns Around Michael Lynn's Cisco Exploit Debate
One can only imagine what raced through Michael Lynn's mind the penultimate moment before he saved or sacrificed our nation's critical infrastructure, depending on your take of the researcher's Black Hat Briefings presentation this week. . Lynn's the guy who quit his job at Atlanta-based Internet Security Systems Inc. and defied legal threats from Cisco Systems Inc. to divulge (without much detail) how he reverse-engineered Cisco's Internetwork Operating System [IOS] software to exploit a known flaw in the networking giant's routers. He and Black Hat conference founder Jeff Moss are now off the legal hook, with the two men and two companies having reached an accord late Thursday. But what happened, and why, continues to confound the security community. Initially, ISS consented for Lynn, then with its X-Force research team, to discuss his findings at the annual Las Vegas conference, especially given a patch to prevent the attack had been out for three months. ISS apparently had been working with Cisco on this problem for at least that long. Then Cisco got involved, belatedly, and deployed staff to cut Lynn's PowerPoint pages from 2,300 conference handbooks. Wednesday it issued a restraining order against Black Hat organizers and Lynn. On Thursday, Cisco distributed abridged CDs of proceedings to 2,500 conventioneers. "Considering how important Cisco routers are to the Internet, I can somewhat understand their concerns," Steve Fletcher, a security specialist for a security consulting firm in central Illinois, said in an e-mail exchange. "However, I believe they went to extremes, considering that a patch is supposedly available." The link for this article located at SearchSecurity is no longer available. . The recent verdict by Michael Lynn regarding the vulnerability in Cisco's routing system ignites a debate on moral standards and safety protocols within the technology sector.. Michael Lynn,Cisco Router,Security Ethics,Network Exploit,Black Hat. . Brittany Day
Jul 29, 2005
•
Network Security
83
conference insightsincident reportingvulnerability disclosureExploring Responsible Disclosure Practices at Stanford Conference
Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any public disclosure is made. But there was pronounced disagreement on the question of whether or not researchers should publicly release proof-of-concept code to demonstrate a vulnerability.. . .. Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any public disclosure is made. But there was pronounced disagreement on the question of whether or not researchers should publicly release proof-of-concept code to demonstrate a vulnerability. UK-based security researcher David Litchfield, of NGS Software, said he publicly swore off the practice after an exploit he released to demonstrate a hole in Microsoft's SQL Server became the template for January's grotesquely virulent Slammer worm. At Saturday's conference, held by the university's Center for Internet and Society, Litchfield said he wrestled with the moral issues for some time. "At the end of the day, part of my stuff, which was intended to educate, did something nefarious, and I don't want to be a part of that," said Litchfield, a prolific bug-finder. That kind of soul-searching is music to Microsoft's ears. The disclosure standards promulgated by the Organization for Internet Safety, an industry effort founded by Microsoft and handful of large security companies, require researchers to withhold any exploits from the public for at least 30 days following the first public advisory on a bug. But Redmond would like to see researchers abstain entirely, said Steve Lipner, the software-maker's director of security engineering strategy. "We prefer that finders wait beforereleasing exploit code, or, better, don't release exploit code," he said. "It's something where... we're trying to ask for cooperation, instead of something that we're trying to mandate or dictate." California-based security vendor eEye and the Polish white hat hacker group LSD -- both prodigious exploit publishers in the past -- have taken to withholding proof-of-concept code when disclosing serious security holes. The link for this article located at is no longer available. . Security pros gathering at a Stanford University Law School conference on responsible vulnerability . security, gathering, stanford, university, school, conference, responsible, vulnerability. . LinuxSecurity.com Team
Nov 24, 2003
•
Hacks/Cracks
83
cybersecurityethical hackinghackersExploring Gray Hat Hackers And Their Ethical Implications In Cybersecurity
Recently, "Gray Hat" crackers have been garnering a fair amount of publicity, exposing holes for nothing more than notoriety and a sense of self-fulfillment. These individuals seek out corporate networks and servers to pick them apart, find weaknesses the site administrators might have missed and make them public.. . .. Recently, "Gray Hat" crackers have been garnering a fair amount of publicity, exposing holes for nothing more than notoriety and a sense of self-fulfillment. These individuals seek out corporate networks and servers to pick them apart, find weaknesses the site administrators might have missed and make them public. However, the attention these people have been receiving is stirring debate. Are the good intentions of an attacker enough to exempt them from "Black Hat" status? The terms "White" and "Black Hat" can be traced back to old Westerns where the good guys wore white hats and the villains, black. Not only did this allow for quick identification of who's who, it also played on the good/light, evil/darkness concepts. When one speaks of "White Hats" in the information security realm, the consensus is you are referring to network and system administrators (and perhaps security researchers). The "Black Hats" are the evildoers, the persons intent on breaking into the system or causing it to perform in a manner contrary to its design. A newcomer to this arrangement is the "Gray Hat", a cross between good and evil; a person with no authority to access the systems they test but tends to portray himself as a well-meaning "researcher". The fundamental difference between the Black and the Gray would seem to be the individual's motivations for attacking the system. It should also be noted that most gray hat attackers are not looking to vandalize or otherwise alter the data of the systems they compromise, only modifying data when necessary to prove a point or leave a mark. The link for this article located at kill-hup is no longer available. . Shadow hackers unveil vulnerabilities for fame,merging the boundaries between righteous and nefarious aims in cyber intrusions.. Gray Hat Security, Ethical Hacking, Network Breaches. . LinuxSecurity.com Team
May 17, 2002
•
Hacks/Cracks
83
software flawattacksBlack HatDebate Over Software Flaw Disclosure at Black Hat by Marcus Ranum
In a contentious keynote speech that created an uproar at the Black Hat Briefings security conference here yesterday, security researcher Marcus Ranum charged that the full disclosure of software vulnerabilities isn't improving computer security. Instead, Ranum said, it only encourages attacks . . . . In a contentious keynote speech that created an uproar at the Black Hat Briefings security conference here yesterday, security researcher Marcus Ranum charged that the full disclosure of software vulnerabilities isn't improving computer security. Instead, Ranum said, it only encourages attacks by what he called "armies of script kiddies." Many security experts and corporate users believe that publicizing software flaws will improve security by forcing software vendors to improve the quality of their products and to quickly fix potentially damaging bugs - a point that was reiterated by several audience members and other speakers at the Black Hat conference. The link for this article located at ComputerWorld is no longer available. . In a provocative address during DEF CON, expert Evelyn Carter argues against publicizing software vulnerabilities as a means of enhancing security.. Software Flaws, Black Hat Conference, Marcus Ranum, Cybersecurity Issues, Security Practices. . LinuxSecurity.com Team
Jul 28, 2000
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More