Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 8 articles for you...
83
encryptionnational securityrisk assessmentChina: Cyberattack on Telecom Industry Raises Encryption Backdoor Risks
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies. This attack has reignited debate about encryption backdoors , an ongoing contention among security practitioners. . To help you understand this incident and the security implications of encryption backdoors, I'll discuss these recent attacks, lawmakers' reactions, the role of encryption backdoors in this threat, and why many security professionals—including us at LinuxSecurity.com —oppose their usage. Understanding This Hack Federal authorities have quickly investigated a cyberattack known as Salt Typhoon, linked to China-backed hackers. According to an anonymous U.S. official, these attackers targeted multiple U.S. telecommunications firms, including Verizon, AT&T, and Lumen Technologies. They compromised systems explicitly used by government intelligence collection capabilities such as wiretaps. The implications of this breach extend far beyond corporate walls, posing potential threats to national security. Chinese hackers compromised telecom systems and breached U.S. intelligence systems used for lawful surveillance, such as wiretapping. Investigators are meticulously studying the depth to which hackers have penetrated these networks and whether these criminals have extracted sensitive data. Lawmakers' Reaction to This Incident This incident has sparked significant concern among U.S. lawmakers, with Senator Ron Wyden of Oregon leading the charge by calling upon both the Justice Department and Federal Communications Commission (FCC) to implement stringent security standards for telecom companies' wiretapping systems. He specifically mentioned an outdated regulatory framework as he expressed disappointment over how the DOJ dealt with cyberattacks, which he considered negligent. Wyden suggested setting baseline cybersecurity standards that can be enforced through fines while conducting annual third-party cybersecurity auditsby an independent firm. He also advocated for full transparency regarding data breaches among Congress, investigators, and the public, holding negligent corporations responsible - an approach that signals a shift toward corporate accountability rather than prosecuting foreign hackers who rarely find justice in U.S. court systems. What Are Encryption Backdoors? Encryption backdoors are built into encrypted systems to give authorized authorities access to encrypted data for regulatory or national security reasons. Still, if discovered, they can potentially be exploited by malicious actors. Encryption is at the core of modern cybersecurity, protecting sensitive information from unintended access and modification. Robust encryption protocols also facilitate secure communications, safeguard individual privacy, and enhance national security. Examining the Pros & Cons of Encryption Backdoors Encryption backdoors offer both advantages and drawbacks. On one side, they can improve national security by aiding law enforcement with lawful surveillance operations and efficient investigations by providing necessary access to encrypted data. On the other hand, however, they could threaten national security. Encryption backdoors may help ensure compliance in critical infrastructure sectors like telecom and finance; however, their advantages come with potential drawbacks that should not be ignored. Backdoors introduce inherent vulnerabilities into systems, rendering them insecure without discriminating between good and bad actors. Unauthorized individuals could exploit them to access sensitive data. Recent hacks by China have illustrated how malicious actors can exploit backdoors to access data via backdoors, thus endangering national security and corporate confidentiality. Encryption backdoors can potentially erode public trust in cybersecurity and privacy efforts, discouraging users from adopting encryption technologies. Finally, exploited backdoors may lead to security breaches with substantial financiallosses, legal liabilities, and damage to corporate reputations. What Is the Security Community's Stance on Encryption Backdoors? Security experts have long opposed encryption backdoors as contrary to encryption's very purpose. China-backed hacks prove that backdoors can be dangerous. By exploiting backdoor access mechanisms, hackers can gain entry to systems considered secure by encryption. Leading cybersecurity experts advocate for solid encryption without any backdoors. Vital, unbreakable encryption is critical for protecting against sophisticated cyber threats, ensuring personal privacy, and maintaining national security systems' integrity. Responsible encryption involves designing systems to minimize risks without including backdoors. Our Final Thoughts: The Potential Risks of Encryption Backdoors Outweigh Their Advantages Recent attacks targeting U.S. telecom companies highlight the vulnerabilities posed by encryption backdoors. Although intended for national security and regulatory compliance purposes, backdoors present vulnerabilities that malicious actors can exploit—even state-sponsored hackers—looking for vulnerabilities they can use to breach national security and regulatory compliance. As digital ecosystems mature and cyber threats grow increasingly sophisticated, robust encryption without backdoors remains essential to safeguard sensitive information, maintain personal privacy, and fortify national security systems from unintended access. Instead of compromising encryption standards, policymakers should improve cybersecurity protocols, revise regulatory frameworks, and hold corporations accountable for their security practices. Encryption backdoors may seem beneficial regarding law enforcement and regulatory compliance, yet their inherent risks far outweigh their perceived advantages. This is demonstrated by China-backed hacks, such as those perpetrated against our digital infrastructures by hackers armed with access devices from China. Robust encryption without backdoorsmust be implemented for optimal digital security. . The U.S. investigation into hacking by Chinese operatives raises tensions, impacting corporate regulations, international alliances, and public trust in technology security.. Telecom Cybersecurity, Encryption Backdoors, Cybersecurity Legislation, National Security Issues. . Brittany Day
Oct 16, 2024
•
Hacks/Cracks
82
corporate securitydata sharingcybersecurity billCongress Approves Protecting Cyber Networks Act For Data Sharing
Congress is hellbent on passing a cybersecurity bill that can stop the wave of hacker breaches hitting American corporations. And they. On Wednesday the House of Representatives voted 307-116 to pass the Protecting Cyber Networks Act, a bill designed to allow more fluid sharing of cybersecurity threat data between corporations and government agencies. The link for this article located at Wired is no longer available. . Congress has approved legislation aimed at enhancing information exchange regarding cybersecurity between private firms and federal entities.. Data Sharing, Cybersecurity Bill, Threat Intelligence, Corporate Security. . Dave Wreski
Apr 24, 2015
•
Government
82
data protectionbreach notificationsecurity legislationNew Data Security Act: Strengthening Protection Standards for Data
A bill introduced yesterday by Sen. Bob Bennett (R-Utah) and Sen. Tom Carper (D-Del.) both of whom serve on the Senate Banking Committee, joins a growing list of data security measures now pending before Congress. The proposed Data Security Act of 2006 seeks to create a national data protection and breach notification standard. . "This bill would require all financial institutions, retailers and government agencies to maintain strong internal safety protections for the data they hold," Carper said in a statement. It would also require them to "quickly investigate" security breaches and to notify law enforcement, regulators and customers when there is a real risk of harm, he said. The proposed bill would expand the reach of current laws that require only financial institutions to protect the security and confidentiality of customer information, Bennett said in a separate statement. The link for this article located at ComputerWorld is no longer available. . New bill proposed to reinforce cybersecurity measures within banks and public sector organizations.. Data Protection Act, Security Standards, Breach Notification. . Benjamin D. Thomas
Jun 28, 2006
•
Government
82
data protectionconsumer rightsidentity theftCongress Fails to Enact Key Data Security Measures Amid Rising Data Threats
Despite the seemingly unending torrent of citizens' data pouring into the hands of identity thieves, Congress is unlikely to pass any data-security bills by the end of the year, according to Hill watchers. After the nationwide uproar when ChoicePoint admitted it sold 145,000 dossiers to Nigerian identity thieves, 20 states followed California's lead and passed laws requiring companies to notify citizens when their data had been compromised. . Now, companies are already acting as if the country had a national notification law, said Gail Hillebrand, a senior attorney at Consumers Union. In addition, Hillebrand said the strict state laws are more consumer-friendly than any proposals in Congress. "I would rather see Congress fail to act than pass a weak federal bill that gives less notice than consumers are already getting due to stronger state laws," Hillebrand said. The link for this article located at Wired News is no longer available. . Now, companies are already acting as if the country had a national notification law, said Gail Hille. despite, seemingly, unending, torrent, citizens', pouring, hands, identity, thieves. . Benjamin D. Thomas
Nov 11, 2005
•
Government
82
data protectiondata breachinformation theftProposed Data Protection Laws: Major Concerns for Webmasters
Our esteemed leaders in the U.S. Congress are vowing to enact new laws targeting data thieves, backup-tape burglars and other information-age miscreants. We should be worried. . Any reasonable person, of course, should agree that such thefts must be punished and data warehouses should let us know if our information falls into the hands of criminals. But a bill announced last week by Sens. Arlen Specter, R-Penn., and Patrick Leahy, D-Vt., goes far beyond reasonable data security precautions. It amounts to a crackdown on individuals, bloggers and legitimate e-mail list moderators. Anyone who runs a Web site with registered users and receives income from it (Blogads and Google Ads count) should be concerned. The Specter-Leahy bill says that if that site's list of user IDs or e-mail addresses is compromised, each registered user must be notified via U.S. mail or telephone. Refusal to do so can be punished with $55,000-a-day fines and prison time of up to five years. That's remarkable but not as extreme as the second requirement: The Web master or mailing list operator might have to "cover the cost" of 12 monthly credit reports of each person whose e-mail addresses was lost or purloined. For a popular site with 10,000 registered users, that would be a princely sum. If monthly credit reports cost $15 a person, that's $1.8 million over a year.. Any reasonable person, of course, should agree that such thefts must be punished and data warehouses. esteemed, leaders, congress, vowing, enact, targeting, thieves, backu. . Brittany Day
Jul 05, 2005
•
Government
82
law enforcementprivacy concernsinternet service providerU.S. Initiative: Addressing ISP Data Retention and Privacy Concerns
The U.S. Department of Justice is quietly shopping around the explosive idea of requiring Internet service providers to retain records of their customers' online activities. Data retention rules could permit police to obtain records of e-mail chatter, Web browsing or chat-room activity months after Internet providers ordinarily would have deleted the logs--that is, if logs were ever kept in the first place. No U.S. law currently mandates that such logs be kept. . In theory, at least, data retention could permit successful criminal and terrorism prosecutions that otherwise would have failed because of insufficient evidence. But privacy worries and questions about the practicality of assembling massive databases of customer behavior have caused a similar proposal to stall in Europe and could engender stiff opposition domestically. In Europe, the Council of Justice and Home Affairs ministers say logs must be kept for between one and three years. One U.S. industry representative, who spoke on condition of anonymity, said the Justice Department is interested in at least a two-month requirement. Justice Department officials endorsed the concept at a private meeting with Internet service providers and the National Center for Missing and Exploited Children, according to interviews with multiple people who were present. The meeting took place on April 27 at the Holiday Inn Select in Alexandria, Va.. Regulations on data storage could permit law enforcement to obtain digital footprints of users for probes, prompting worries about individual privacy.. Internet Privacy, Data Retention Laws, ISP Monitoring. . Brittany Day
Jun 17, 2005
•
Government
81
anti-spamemail compliancespam regulationAnalysis of CAN-SPAM Act Compliance Dramatically Decreased
LS: Some of you may remember that we at LinuxSecurity confidently predicted that the CAN-SPAM act was bound to fail. We might congratulate ourselves for this foresight, if only it weren't so obvious. No serious security or privacy expert thought that it stood a chance of reducing the volume of spam. Our question still remains: was CAN-SPAM really just a cover for Congress, so that they could pretend to be legislating against spam while instead doing the bidding of the Direct Marketing lobbyists? . . .. The numbers don't lie: CAN-SPAM is a bust. Compliance with CAN-SPAM has fallen to a new low, according to recent data collected by MX Logic. In July, compliance fell for the first time under one percent to a measly 0.54 percent of all unsolicited commercial mail the company sampled during the month. The Denver-based firm has been tracking compliance with CAN-SPAM since the federal law went on the books in January. Through April, MX Logic's numbers remained stable, with about three percent of spam messages complying with the law's requirements, which range from verifiable return addresses to measures consumers and businesses can use to opt out of mailing lists. In May and June, however, the number slipped to one percent. "Now it's been halved," said Steve Ruskin, a senior analyst at MX Logic. "No one's really sure what's going on, but it's clear that CAN-SPAM isn't a threat to spammers. They're just ignoring it." Although hardcore spammers -- the relatively small number who account for the bulk of the world's spam -- were never likely to toe the line, said Ruskin, it's possible that some spammers who were complying have stopped. The blame, he said, could be laid on law enforcement, which hasn't exactly been successful in tracking down on spammers. Some individuals have been stymied -- most recently a Boca Raton resident whose assets were frozen by the courts -- but enforcement is the exception rather than the rule. The link for this article located at techweb.com is no longer available. . The numbers don'tlie: CAN-SPAM is a bust.Compliance with CAN-SPAM has fallen to a new low, accordin. remember, linuxsecurity, confidently, predicted, can-spam. . LinuxSecurity.com Team
Aug 06, 2004
•
Privacy
82
information securitynational securityinfrastructure protectionExploring Information Security Laws Impacting Public Sector Operations
This is the last article in a four-part series looking at U.S. information security laws and the way those laws affect the work of security professionals. This installment continues the discussion of information security in the public sector and provides an . . . . This is the last article in a four-part series looking at U.S. information security laws and the way those laws affect the work of security professionals. This installment continues the discussion of information security in the public sector and provides an overview of national security law in the United States as it pertains to information security. It is easy to think of "national security" as meaning the security provided by military and intelligence gathering capabilities, and in certain specific legal contexts, that specific definition is both accurate and complete [1]. But as the threat of terrorism became clear, even before the attacks of September 11, 2001 national security came to mean, in additional to national defense, the protection of the public and private sector facilities essential to delivering the goods and services that maintain the quality of life in the United States, or as officially defined, the nation's "critical infrastructure." [2] Executive Order No. 13231 [3] , entitled, Critical Infrastructure Protection in the Information Age, issued by the President five weeks after the September 11, 2001 attacks, addressed itself to the information technology systems that form part of the nations' critical infrastructure. The Executive Order noted that information technology had "changed the way business is transacted, government operates, and national defense is conducted. Those three functions now depend on an interdependent network of critical information infrastructures." The order went on to authorize "continuous efforts to secure information systems for critical infrastructure." As we begin the discussion of the law in this area, it is useful to understand that the information technology we are talking about operates in threegeneral arenas: (1) the business environment, (2) the environment for the delivery of government services, and (3) national defense. The link for this article located at SecurityFocus is no longer available. . Explore the impact of federal privacy regulations on governmental cyber defense experts in the concluding episode of our series.. Information Security, Security Laws, Public Sector Operations. . Anthony Pell
Jul 09, 2003
•
Government
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More