Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Stay Ahead With Linux Security News

Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found 60 articles for you...
79

Linux 6.13 Update: Unveiling NVMe Features and Security Impacts

Linux 6.13 kernel development has unlocked promising storage technology advancements with numerous block subsystem improvements, particularly regarding NVMe (Non-Volatile Memory Express) support. These enhancements seek to boost performance, security, and manageability, so Linux administrators must stay abreast of and prepare for these updates.. I'll explain what you can expect in Linux 6.13, the security implications of these changes and additions, and how to upgrade your Linux kernels when this release becomes available. Understanding NVMe 2.1 Specification Compliance One major upgrade in Linux 6.13 is its kernel's compliance with the NVMe 2.1 specification, published last August and offering various features like live migration of PCIe NVMe controllers, enhanced security measures, and manageability improvements. By adhering to this standard, Linux stays at the forefront of storage technology while expanding its ability to support next-gen hardware. Compliance with NVMe 2.1 brings significant security improvements, especially by strengthening data protection and encryption mechanisms within NVMe storage devices. These enhancements are essential for administrators looking to protect sensitive information while taking advantage of high-speed storage solutions. Moreover, their implementation not only strengthens Linux's security framework but also ensures its ability to take full advantage of advanced storage technologies. Key Additions in Linux 6.13 NVMe & Their Implications The Linux 6.13 NVMe code introduces several notable features mandated by NVMe 2.1 specification that significantly affect system management and performance. Notably, integration of ID Namespace and Command Sets facilitates better organization of storage resources by giving administrators more granular control over configurations. This allows for more precise and efficient storage handling, improving system operations. Furthermore, the new support for rotational media ensures that the kernel accurately recognizesand manages storage devices like hard drives. This feature is especially beneficial in mixed storage environments because it enables optimal configuration of storage hierarchies to accommodate various storage types' performance and capacity needs. Optimized host and memory buffer allocation improves data transfers, giving systems running Linux 6.13 an edge in handling intensive workloads and large volumes of data. By optimizing memory buffer allocation, the kernel can significantly boost system performance and reliability, making it better equipped to deal with intensive workloads and volumes of data. These key additions collectively boost functionality and efficiency. Security Impact for Linux Administrators The advances introduced in the 6.13 kernel significantly strengthen the security posture of Linux systems. NVMe 2.1 compliance streamlines processes to increase productivity and includes advanced security protocols to safeguard against unauthorized data access or breaches . Features like Persistent Reservation and Tracing provide practical tools for upholding rigorous access controls and comprehensive audit trails, essential elements in systems requiring high-security compliance with data protection regulations. Volatile Cache Detection mechanisms within the kernel help mitigate data loss risks for systems engaged in continuous read/write operations, further strengthening security and reliability within Linux environments. Upgrading to Linux 6.13 Linus Torvalds' development pattern dictates a release schedule for the 6.13 kernel. As soon as these changes have been sent out, we should see it made available within several months, followed by the release of candidates. This gradual approach gives administrators ample time to prepare for this upgrade. Testing pre-releases in a controlled environment ensures compatibility and performance while helping identify potential problems before rolling them out in production environments. Additionally, it's essential to assess hardwaredependencies to see whether current setups can fully utilize NVMe 2.1 features and rotational media support, minimizing compatibility issues while ensuring a smooth transition. Finally, strategizing deployment timelines to coincide with business operations is critical. Proper planning ensures minimum downtime during upgrades, ensuring a seamless switch to Linux 6.13 for all stakeholders involved. Our Final Thoughts on NVMe Enhancements in the 6.13 Kernel The Linux 6.13 kernel update promises to significantly upgrade Linux administrators' experience, especially with its enhanced NVMe support, which will bring improved performance and increased security. By understanding and planning for these changes, administrators can ensure they benefit from this kernel release while protecting their systems and taking advantage of cutting-edge storage technology. What changes are you most excited about in this upcoming release? Connect with us @lnxsec and let us know! . Dive into the latest NVMe advancements in the Linux 6.13 kernel. Examine the new security features, performance enhancements, and strategies for upgrading your systems.. Linux Kernel 6.13,NVMe Enhancements,Storage Technology,Security for Administrators. . Brittany Day

Calendar%202 Nov 21, 2024 User Avatar Brittany Day Security Projects
79

Evaluating the Benefits and Drawbacks of TPM Bus Encryption in Linux 6.12

Linux Kernel 6.10 introduced an impressive feature to strengthen the security of the Trusted Platform Module (TPM) . Bus encryption and integrity protection safeguard it against potential interposers or sniffing attacks against TPM. Due to performance bottlenecks associated with this feature, the Linux 6.12 update introduced an option to disable its protection . The tpm.disable_pcr_integrity= kernel command line parameter was added to disable PCR integrity protection. PCR integrity protection is enabled by default for Linux x86_64 systems. . In this article, I'll explore the benefits and drawbacks of TPM bus encryption and integrity protection and weigh the pros and cons of opting out, helping you balance security and performance for your Linux systems. Advantages of TPM Bus Encryption and Integrity Protection Source: Phoronix Implementing TPM bus encryption and integrity protection offers numerous benefits, primarily increased security. Encrypting data transmitted between a TPM and the system bus makes it much more difficult for malicious entities to intercept and manipulate this sensitive data. Encryption and integrity checks protect against TPM sniffing attacks involving intercepting and analyzing signals on the TPM bus to retrieve sensitive information. Integrity protection ensures that any attempts at altering data are detected, further fortifying the system against threats like theft of sensitive information or compromise by hackers. Likewise, TPM plays an instrumental role in attesting the integrity of systems by securely recording measurements ( PCR extend operations ). Integrity protection ensures that measurements taken are reliable and undisturbed by third parties, thus maintaining trustworthiness for an entire security architecture. Drawbacks of TPM Bus Encryption and Integrity Protection One major drawback of TPM bus encryption and integrity protection lies in its performance bottlenecks. Integrating TPM and IMA can create performance issues due to additionaloverhead for encryption and integrity checks, especially during PCR extend operations. It is crucial for maintaining system integrity but is often performed more frequently due to encryption/integrity checks than expected. Furthermore, implementation can significantly increase resource consumption - potentially burdensome on systems with limited processing power or already near their peak capacity. Benefits of Opting Out of TPM Bus Encryption and Integrity Protection Opting out of TPM bus encryption and integrity protection offers significant performance gains for systems. By disabling this feature, performance bottlenecks associated with Integrity Measurement Architecture (IMA) are eliminated, leading to faster and more efficient PCR extend operations - especially helpful when used heavily for integrity measurements. Furthermore, disabling encryption and integrity protection reduces additional computational burden, freeing up system resources for other crucial operations. Risks Associated With Opting Out of TPM Bus Encryption and Integrity Protection Opting out of TPM bus encryption and integrity protection increases the risk of attacks, particularly TPM sniffing attacks. Without encryption and integrity checks, data transmitted between the TPM and system bus becomes more vulnerable to being intercepted and altered by malicious entities. Disabling integrity protections may compromise system measurements, as the absence of these protections creates the risk of undetected tampering, which could compromise security measures in place. Specific industries and regulatory frameworks also mandate stringent security measures, such as TPM bus encryption and integrity protection. Skipping out could result in noncompliance with such regulations, potentially leading to legal or financial repercussions. Our Final Thoughts on the Pros & Cons of Opting Out of TPM Bus Encryption and Integrity Protection Linux Kernel 6.10 introduced TPM bus encryption and integrity protection, providing significant securitybenefits by protecting systems against TPM sniffing attacks while maintaining the trustworthiness of system measurements. Unfortunately, due to performance bottlenecks associated with this feature, an opt-out option had to be included in Linux Kernel 6.12. While disabling TPM bus encryption and integrity protection may help boost system performance and reduce resource overhead, it increases vulnerabilities to attacks and risks to regulatory requirements. Linux admins must carefully consider these factors when deciding whether or not to turn this feature off. What are your thoughts on this Linux kernel update? Will you be disabling TPM bus encryption? Connect with us @lnxsec and let us know! . Explore TPM bus encryption pros and cons, evaluating security benefits against performance impacts for Linux systems.. linux, kernel, introduced, impressive, feature, strengthen, security, trusted, platfor. . Brittany Day

Calendar%202 Nov 18, 2024 User Avatar Brittany Day Security Projects
79

AppArmor IO_uring Support and Performance Upgrades in Linux 6.7

The AppArmor Linux security system has picked up a few improvements and new features with the in-development Linux 6.7 kernel. . Performance optimizations are always welcome, especially in areas like AppArmor overhead. The IO_uring mediation is interesting although Linux 6.7 is limited to sqpoll and override_creds interfaces. Historically IO_uring has been the source of some security vulnerabilities while since Linux 6.6 it's been made easier to disable IO_uring system-wide. The IO_uring security woes have mostly been with older kernels but in any event for those using AppArmor there is now IO_uring mediation available for those interested. This IO_uring support was added by Canonical engineers. The link for this article located at Phoronix is no longer available. . Investigate the recent advancements in AppArmor's efficiency and the integration of IO_uring mediation, elevating both security and performance in Linux kernel version 6.7.. AppArmor, Performance Optimization, IO_uring Support, Linux 6.7, Security Features. . LinuxSecurity.com Team

Calendar%202 Nov 05, 2023 User Avatar LinuxSecurity.com Team Security Projects
81

Firefox 119: New Security Tools and Expanded View Features

Mozilla has rolled out Firefox 119.0 , the latest version of its open-source, Gecko-powered web browser for Windows, Mac, Linux and Android. . The new release offers two notable new features -- a major expansion of its Firefox View tab’s content, plus additional PDF editing tools along with a slew of security and privacy enhancements. Firefox 119.0 opens by adding more content to the Firefox View tab, which turned a year old this month. It now displays all open tabs -- including from other windows and synced devices. A browser history option has also been added, along with sort options by date or by site. The browser also implements improvements to its PDF viewing tool that will extend its editing capabilities to allow users to add both images and alt text captions. Both features may not appear immediately as they’re being rolled out across the user base. . The latest update introduces two remarkable enhancements, featuring a major upgrade to the Chrome Overview and improved document editing capabilities.. Firefox Features, Open-Source Browser, PDF Tools, Mozilla Privacy, Browser Update. . LinuxSecurity.com Team

Calendar%202 Oct 25, 2023 User Avatar LinuxSecurity.com Team Privacy
81

Elementary OS 7.1 Review: A Privacy-Focused Linux Distribution

If you're interested in an operating system that takes your privacy seriously without preventing you from getting things done, try Elementary OS. . Once upon a time, Elementary OS was my go-to Linux distribution . I found it to be as user-friendly as it was elegant. With the release of version 7.1, the team has proven it's serious about keeping both the aesthetic and the experience front and center. However, this time around, they're going all in on privacy. With this new release, the OS will alert users any time an app attempts to: Read location. Send notifications. Auto start and run in the background without permission. Access system or home folders. Read and write system settings. Attempt to escape the sandbox and gain heightened permissions. . Elementary OS 7.1 focuses on user privacy and functionality, incorporating features that reduce data collection during installation and simplify privacy settings management. Elementary OS, Privacy Focus, Linux Distribution, User Experience, Security Features. . LinuxSecurity.com Team

Calendar%202 Oct 15, 2023 User Avatar LinuxSecurity.com Team Privacy
78

Ubuntu 23.10 Introducing Restricted User Namespaces for Improved Security

This has the potential to improve Linux desktop and container security significantly. . On October 12, 2023, Canonical will be releasing Ubuntu 23.10 . This new version of Ubuntu Linux is already looking good . One new security feature, however, hasn't gotten much attention: Restricted unprivileged user namespaces , It should. This has the potential to significantly improve Linux desktop and container security. But, what are "restricted unprivileged user namespaces," you ask? Well, let me start by explaining what "unprivileged user namespaces" are. They're a Linux kernel feature that was introduced in the Linux 3.8 kernel in 2019. The idea was to avoid the security problem caused by the Linux permission privilege model, which divides users into two groups: Normal users and superusers, aka root users. The problem is that when acting as a superuser, there's nothing you can't do. Burn the system to the ground? Sure! Go for it. There are ways around this problem in this model, but the unprivileged user namespaces were an attempt to secure Linux by enabling administrators to set up sandboxes or containers where a normal user could act as a superuser inside a container to perform administrative tasks without being root on the master Linux system. . Ubuntu 23.10 is set to debut on October 12, 2023, introducing enhanced security measures for both Linux workstations and container environments.. User Namespaces, Ubuntu Security, Linux Desktop, Container Architecture, Security Features. . LinuxSecurity.com Team

Calendar%202 Oct 11, 2023 User Avatar LinuxSecurity.com Team Vendors/Products
79

Linux 6.3 Releases Enhanced Security Features And Multi-Actuator Support

The latest version of Linux , Linux 6.3, has been released following a "nice, controlled release cycle," according to project boss Linus Torvalds . The release cycle required seven release candidates, which were supported by helpful developer behavior. . However, Torvalds cautioned that "something nasty couldn't have been lurking all these weeks," urging real-world testing to ensure the release is ready for prime-time consumption. Despite not being a long-term support (LTS) release, Linux 6.3 includes some interesting features that will be beneficial for users. One of the most significant is improved support for multi-actuator hard disk drives. This is becoming increasingly important as more hyperscale cloud operators adopt these drives, which feature a second set of read/write heads that enable faster performance. With Linux 6.3, the kernel is now better equipped to handle these drives, providing users with improved functionality. Linux 6.3 also includes support for Kernel Address Space Layout Randomization on China's Loongson RISC-V processors. This security feature allows the kernel to load into different areas of memory each time it boots, making it more difficult for attackers to target specific areas. The link for this article located at ghacks.net is no longer available. . Linux version 6.3 brings forward advanced security enhancements and multi-actuator capabilities, pushing for practical evaluations to ensure dependability.. Linux 6.3, Multi-Actuator Support, Security Feature, Kernel Enhancement. . LinuxSecurity.com Team

Calendar%202 May 01, 2023 User Avatar LinuxSecurity.com Team Security Projects
79

SELinux 6.4: No Runtime Disabling Support For Enhanced Security

After being deprecated for several years, Security Enhanced Linux "SELinux" beginning with the Linux 6.4 kernel can no longer be run-time disabled. . For a while now SELinux deprecated run-time disabling for turning off SELinux via its config file or sysfs. By getting rid of the run-time disabling support, SELinux developers can make various improvements currently blocked by this code. Those wishing to disable SELinux support can still do so via the selinux=0 boot time option or when building the Linux kernel toggling the "CONFIG_SECURITY_SELINUX_DISABLE" Kconfig switch. The SELinux run-time disabling removal is made as part of this pull request pending for the newly-opened Linux 6.4 merge window. The link for this article located at Phoronix is no longer available. . The removal of run-time disabling for SELinux in Linux 6.4 impacts security protocols significantly, requiring admins to adapt their strategies for compliance.. SELinux Enhancements, Linux Kernel Changes, Security Features, Runtime Support. . LinuxSecurity.com Team

Calendar%202 Apr 24, 2023 User Avatar LinuxSecurity.com Team Security Projects
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200