Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Ahead With Linux Security News

Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found 15 articles for you...
79

NVIDIA GPU Driver Nova: Red Hat's Secure Future for Linux

As a Linux security administrator, staying up-to-date with driver technology developments is critical for keeping systems secure. Red Hat recently unveiled Nova, their Rust-based successor to Nouveau for NVIDIA GPUs. Released last year, Nouveau was created to simplify the GPU driver stack while supporting a wide range of hardware, including starting with the RTX 2000 " Turing " series and beyond. Despite Nova's progress, Nouveau will coexist alongside Nova to cater to older NVIDIA GPU users, ensuring maximum flexibility and choice in driver selection options. . Recently, Red Hat employee Danilo Krummrich provided Nova's initial core component and project documentation , which will be included in Linux kernel 6.15. It should be noted that this current submission is just an early-stage test version and not meant for production use. Nonetheless, its approval marks an essential first step toward broader integration. Key advantages of Nova are enhanced memory safety due to Rust's implementation, potentially mitigating buffer overflows and null pointer dereferences. To help you better understand the significance of this initiative, let's examine Nova's potential security impact and its path to integration in the Linux kernel. A New Player in the GPU Driver Arena Understanding the role of the NOVA driver starts by placing it within context with existing solutions. NOVA is an open-source and Rust-based solution , intended to replace or complement Nouveau. While Nouveau has provided Linux users with support for numerous NVIDIA products over its tenure, NOVA promises to take up its reigns more aggressively by using Rust and simplifying GPU drivers - beginning with support for RTX 2000 "Turing" GPUs and improving performance and security over its predecessor. Red Hat , known for its enterprise-grade Linux offerings, supports NOVA's development. However, this new driver does not seek to displace its predecessor. Rather, it coexists with Nouveau to serve different segments of NVIDIAhardware users. Those running older GPUs will find Nouveau suitable, while users with more recent hardware will appreciate NOVA's advanced features. The Path to Integration NOVA's journey to becoming part of the Linux kernel began with its initial submission by Danilo Krummrich from Red Hat. This submission is a foundational step, setting the stage for the nuanced integration into the kernel's architecture. It's essential to understand that what has been submitted is a very basic version of the driver. This initial release is not yet highly functional for everyday users or enterprise environments, as it's more about establishing NOVA's presence and potential. As it stands, NOVA is in its early stages of development. This foundational release means administrators and developers should adjust expectations accordingly. Over time, the community can expect incremental updates as the driver matures, gradually encompassing more features and improved functionalities. Once achieved, the kernel inclusion process necessitates approval from Linus Torvalds and kernel maintainers, a step that will solidify NOVA's place in the broader Linux ecosystem. Security and Stability: Understanding Nova's Core Benefits Perhaps the most exciting promise of the NOVA driver resides in its potential to enhance security and system stability, cornerstones of any robust Linux environment. With Rust as the development language, the NOVA driver taps into inherent benefits scarcely accessible in drivers written in languages like C or C++. Rust is renowned for its emphasis on memory safety. It proactively prevents common memory-related issues, such as buffer overflows and null pointer dereferences. These vulnerabilities are frequently exploited in cyberattacks, putting systems at risk. By diminishing these risks, NOVA can significantly boost the security posture for systems using NVIDIA hardware and running on Linux. Enhancing system stability is another key area where NOVA shines. Memory corruption bugs often result insystem crashes and unpredictable behavior. By minimizing such vulnerabilities, NOVA contributes to a more stable operating environment, paving the way for uninterrupted performance, which is especially critical in enterprise and high-performance contexts. Shaping the Software Ecosystem Rust's integration into the Linux kernel isn't just technical; it marks an attempt to modernize kernel components' design and development. NOVA showcases Rust as a low-level programming solution and prompts other projects to consider its advantages. This inclusion exemplifies the software ecosystem's increasingly reliable, secure, and efficient nature. NOVA may be an enabler of wider Rust adoption, further strengthening its position in projects that demand high levels of safety and performance. Administrators should use this integration to familiarize themselves with Rust and encourage developers in their teams to explore Rust as a path for creating robust applications. These skills may prove invaluable as more systems and components transition toward Rust-based solutions. Our Final Thoughts on the Road Ahead As of now, NOVA's inclusion in the Linux kernel awaits approval. Once accepted, it will represent not just a powerful alternative to existing drivers but also a symbolic advancement in adopting more secure and stable programming paradigms within the kernel development sphere. The submission of the NOVA driver is more than a mere update to the Linux kernel roadmap. It signifies a more profound commitment to evolving with demands for better security features and developer-friendly environments. By embracing these changes, we Linux admins can enhance our systems’ security postures and lead our organizations toward innovative, reliable solutions for the future. As the NOVA driver progresses, it is crucial to understand its capabilities and potential. This will equip systems administrators with the knowledge necessary to leverage NOVA fully and ensure its successful integration into existing or new Linuxdeployments. By doing so, we can become not just users but key contributors to the ethos of an ever-advancing open-source security community. . Recently, Red Hat employee Danilo Krummrich provided Nova's initial core component and project docum. linux, security, administrator, staying, up-to-date, driver, technology, developments, critica. . Brittany Day

Calendar%202 Mar 12, 2025 User Avatar Brittany Day Security Projects
79

Linux 6.13: Intel TDX Enhancements and Security Considerations

Linux 6.13 features significant enhancements in Intel Trust Domain Extensions (TDX) code that aim to provide robust hardware-based security protections for virtual machines (VMs) on recent Xeon processors. As virtualization becomes an indispensable part of modern IT infrastructures, such advancements, as seen in Linux 6.13, are becoming more crucial. . In this article, I'll explore the security impact of these changes and why they will not be exposed by default. Overview of Intel Trust Domain Extensions (TDX) Intel TDX provides virtual machines with hardware-level isolation. This helps ensure that even if an underlying hypervisor is compromised, the integrity and confidentiality of any VMs hosted remain secure. Trust Domain Extensions use secure enclaves to create a Trusted Execution Environment for these VMs - protecting against potential attack vectors that might exploit hypervisor vulnerabilities. Critical Updates in Linux 6.13 Source: Phoronix Linux 6.13 features key improvements in managing Intel TDX functions more effectively. Updates primarily target improving interactions between TDX guests and virtual machine monitors by implementing new infrastructure for handling metadata. This change provides developers with more granular control. One of the key enhancements in this update is the capability of disabling runtime injection of #VE (Virtualization Exception) exceptions from virtual machines at runtime. Before now, control of #VE exception injections was handled via static switches. Any misconfiguration on the guest side could cause panic and downtime. However, runtime control features provide administrators more flexibility and finer control mechanisms to handle exceptions efficiently and ensure maximum stability and security for their systems. Linux 6.13 also introduces an enhancement that enables TDX guests to opt in to access topology CPUID leaves. Previously, accessing such information would trigger a #VE, disrupting VM performance and operationalinsights for workload management. With these changes, Linux 6.13 marks a significant step in optimizing and managing TDX functionalities, ensuring greater control, stability, and performance for virtualized environments. Examining the Security Implications of These Changes Linux 6.13's advancements significantly enhance Intel TDX security measures. By providing runtime control for #VE exception handling, the new kernel version minimizes disruptions and potential attack surfaces caused by misconfiguration or malicious use. Increased access to topology CPUID data without setting off exceptions also helps protect against unintended downtime and improve resource management. Runtime control features enhance security by enabling dynamic adjustment of #VE exceptions, providing more responsive and adaptive security management. Furthermore, permitting guests to access CPUID topology data without triggering #VEs ensures operational resilience and efficient resource allocation, making virtualization environments secure and performant. Constraints on Default Exposure Though their benefits are readily apparent, these enhancements will not appear by default. This is due to compatibility issues between Linux and other operating systems. Retaining "legacy behavior" for compatibility reasons recludes making these features default behaviors. The pull request explains: "For both cases, it would have been easiest to change the default behavior simply; however, certain 'other' OSes require keeping their legacy behavior. This statement implies a reference to Microsoft Windows but more broadly illustrates the considerations kernel developers must account for when developing software. If new behaviors were enabled automatically, they could cause compatibility issues that cause virtual machines running legacy or non-compliant operating systems to crash. Keeping compatibility intact ensures broad stability and usability but will require manual opt-in for environments ready to utilize these new features. Do youagree with these constraints? We'd love to hear your opinion! Connect with us @lnxsec , and let's have a discussion. Our Final Thoughts on the Significance of These Security Improvements Intel TDX advancements for Linux 6.13 represent an essential advance in secure virtualization. Improving exception management and data access protocols boosts the performance and security of systems employing Intel's latest Xeon processors. Compatibility requirements across various operating systems necessitate restrained default exposure to guarantee stability and broad applicability. While Linux 6.13's developments can significantly enhance virtualization security and efficiency, administrators must carefully weigh these features against compatibility concerns for broader virtual machines (VMs) deployments. As virtualization evolves, such incremental yet essential advances demonstrate how far open-source communities have come toward providing secure computing paradigms. . Intel TDX in Linux 6.13 significantly enhances virtualization security, but it requires careful configuration and management to prevent vulnerabilities. Intel TDX Enhancements, Linux Security Updates, Virtual Machine Protocols, Exception Management, Hardware Isolation. . Brittany Day

Calendar%202 Nov 26, 2024 User Avatar Brittany Day Security Projects
78

The Influence of SELinux on Performance in Fedora 31 Systems

Followingthe recent AppArmor performance regression in Linux 5.5(since resolved), some Phoronix readers had requested tests out of curiosity in looking at the performance impact of Fedora's decision to utilize SELinux by default. Here is how the Fedora Workstation 31 performance compares out-of-the-box with SELinux to disabling it. . By default Fedora runs with SELinux enabled in an enforcing and targeted mode. But by booting with selinux=0 as a kernel parameter or editing /etc/selinux/config it's possible to outright disable the Security Enhanced Linux functionality or change its operating mode. The link for this article located at Phoronix is no longer available. . Discover the effects of SELinux on performance within Fedora 31, focusing on its default configurations.. SELinux Performance, Fedora Security Settings, System Performance Testing. . LinuxSecurity.com Team

Calendar%202 Jan 20, 2020 User Avatar LinuxSecurity.com Team Vendors/Products
82

Government's Role in Cybersecurity: Insights from Black Hat Conference

At the DarkReading News Desk, live from Black Hat, industry experts Dan Kaminsky, Richard Bejtlich, Katie Moussouris, Paul Kurtz, and Rod Beckstrom talked about how government is hurting and could be helping infosec. . Last week we debuted the Dark Reading Video News Desk, streaming live from Black Hat, featuring over 30 interviews with speakers, trainers, and sponsors from the conference. Over the coming weeks, all the individual interviews will be posted here on Dark Reading. . Last week we debuted the Dark Reading Video News Desk, streaming live from Black Hat, featuring over. darkreading, black, industry, experts, kaminsky, richard, bejtlich. . Pooja Shah

Calendar%202 Aug 17, 2015 User Avatar Pooja Shah Government
83

Trustwave: 1.58M Stolen Credentials from Facebook, Google, and More

Researchers have unearthed an online database full to the brim of stolen account information from popular services including Facebook, Yahoo, Twitter and Google. . On Tuesday, the security team at Trustwave's Spider Labs revealed in a blog post that 1,580,000 usernames and passwords on the server are website accounts, including 318,121 Facebook login credentials, 21,708 Twitter accounts, 54,437 Google-based accounts and 59,549 Yahoo accounts. 320,000 email account credentials were also stolen, and the remaining number of compromised accounts on the server are FTP accounts, remote desktop details and secure shells. The link for this article located at ZDNet Blogs is no longer available. . On Tuesday, the security team at Trustwave's Spider Labs revealed in a blog post that 1,580,000 user. researchers, unearthed, online, database, stolen, account, information. . LinuxSecurity.com Team

Calendar%202 Dec 04, 2013 User Avatar LinuxSecurity.com Team Hacks/Cracks
81

Lessons From WikiLeaks: Security Practices and Data Handling Risks

IT and security professionals routinely use USBs, smartphones, and tablets to move and back up confidential files, yet their organizations haven't made changes in the wake of the WikiLeaks leaks.. Maybe the massive disclosure of diplomatic memos from the U.S. State Department by WikiLeaks didn't serve as much of a cautionary tale for preventing the leak of sensitive data after all: Most IT and security professionals say they use USBs, smartphones, and tablets to move and back up confidential files, and 65 percent say they don't have a handle on what files and data leave the enterprise, a new survey says. The survey of 200 IT and security pros at the RSA Conference last month in San Francisco revealed some risky practices by users who theoretically should know better -- including 77 percent saying that they send payroll, customer data, financial, and other classified information via unsecured email monthly. "One thing we know is that people do what they need to do to be productive, and they find their own mechanisms to do this better. This is not malicious, but it puts companies at risk," says Hugh Garber, product marketing manager for Ipswitch, which conducted the survey. "If there's not a tool, they use their own stuff -- a lot are turning to USB drives, file-sharing sites, and their personal email [if corporate email restricts file-size attachments, for instance]. And that just enforces lower visibility to IT and brings more risk." The link for this article located at Dark Reading is no longer available. . Maybe the massive disclosure of diplomatic memos from the U.S. State Department by WikiLeaks didn't . security, professionals, routinely, smartphones, tablets, confi. . LinuxSecurity.com Team

Calendar%202 Mar 09, 2011 User Avatar LinuxSecurity.com Team Privacy
83

PlayStation 3 Root Key Discovery: Risks and Implications of Full Access

A hacker has published what he claims to be the root key of the PlayStation 3, leading to what some have speculated could be full root access to the game console without the need for external media.. The key, published by an individual calling himself or herself "geohot," is accompanied by a "hello world" piece of code. At press time, Sony representatives said that they were still awaiting confirmation or a denial from within the company. As gaming blog Kotaku noted, the hack may be tied to the fail0verflow group, which develops for the PS3 homebrew scene. "Homebrew" modifications to the console are akin to "rooting" a phone, where the user installs his or her own operating system, usually for the purpose of adding custom software. Doing so, however, usually voids the device's warranty. The link for this article located at PC Magazine is no longer available. . An individual named 'geohot' claims to have found the main encryption key for the PlayStation 3, providing possible unrestricted access to the system without external media. Game Console Hack, Homebrew Modifications, PlayStation 3 Root Key. . LinuxSecurity.com Team

Calendar%202 Jan 04, 2011 User Avatar LinuxSecurity.com Team Hacks/Cracks
79

Research on DoS Attacks and Their Effects on Internet Security

Joseph Idziorek, graduate in electrical and computer engineering, has been researching computer security. The study conducts research on sites that have been experiencing denial of service attacks, in which hackers try to get unauthorized access and hinder them.. An example of this is WikiLeaks, where the site was hacked after releasing documents of U.S. State Department cables that were considered classified information. "The purpose of such an attack is to bring down the website so nobody can use it," Idziorek said. "These have been quite prevalent throughout the Internet for the last 15 years since the Internet has been around." The link for this article located at iowa State Daily is no longer available. . The growing threat of cyber attacks, especially Denial of Service (DoS), jeopardizes internet security and the reliability of crucial information platforms. DoS Attack, Internet Threats, Cybersecurity Research. . LinuxSecurity.com Team

Calendar%202 Dec 17, 2010 User Avatar LinuxSecurity.com Team Security Projects
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200