Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 0 articles for you...
79
system resiliencearchitecture compatibilitysecurity proposalHuawei's Sandbox Mode: Enhancing Linux Kernel Memory Security
Chinese tech giant Huawei has proposed introducing a "SandBox Mode" for the Linux kernel , aimed at bolstering memory security. This mode would create an environment where native kernel code can be executed but with access restricted only to predefined memory addresses. . By isolating memory areas used for input and output, the proposed SandBox Mode aims to prevent vulnerabilities from being exploited and safeguard the rest of the kernel. Huawei has submitted a patch series for review to implement the necessary infrastructure and APIs for this mode. What Are the Security Implications of This Proposal? The introduction of a SandBox Mode for the Linux kernel by Huawei holds several implications for the security landscape. It addresses a crucial aspect of memory safety and offers a potential solution to minimize the impact of memory safety bugs in kernel code. One intriguing aspect of this proposal is using guard pages and arch hooks to enforce strong isolation. Guard pages protect against out-of-bounds accesses, and arch hooks leverage hardware paging facilities and CPU privilege levels to restrict memory access to predefined regions. This implementation could significantly enhance memory security, making it more difficult for attackers to exploit vulnerabilities and compromise the overall system. The proposal opens up questions regarding the scalability and compatibility of SandBox Mode across different architectures. Since the efficacy of this mode relies on the presence of arch hooks, it becomes essential to determine how widely supported these hooks are and whether they can be implemented consistently across various hardware platforms. Another significant aspect of the proposal is the potential for recovery from protection violations. If a violation occurs, SandBox Mode forcibly terminates the sandboxed environment and returns an error code to the caller, allowing execution to continue. This feature demonstrates an effort to balance security and system resilience. Securitypractitioners, Linux admins, infosec professionals, and sysadmins should closely follow the progress of this SandBox Mode proposal. If implemented successfully, it could lead to a substantial improvement in memory safety and offer greater protection against memory-based attacks. However, it is crucial to consider the long-term consequences, ensuring that potential trade-offs in performance, compatibility, and vulnerability disclosure are carefully evaluated. Our Final Thoughts on Huawei's Proposed “Sandbox Mode” Huawei's proposal to introduce SandBox Mode for the Linux kernel presents an opportunity to enhance memory security. By isolating memory areas and leveraging architectural hooks, the proposal aims to restrict memory access and mitigate the impact of memory safety bugs. While this proposal is promising, critical evaluation of long-term consequences, scalability, and compatibility are essential. Security practitioners should closely monitor the developments of this SandBox Mode as it has the potential to impact Linux security significantly. What are your thoughts on this proposal? We'd love to hear! Reach out to us on X @lnxsec and let us know. . Employing memory isolation through SandBox Mode can significantly mitigate threats targeting the Linux kernel, thereby strengthening the security of the entire system.. Huawei, Linux Kernel, Sandbox Security, Memory Protection. . Dave Wreski
Feb 15, 2024
•
Security Projects
67
certificate authoritySSL certificatecybersecurity solutionMoxie Marlinspike Proposes Convergence Solution For SSL Certificates
The SSL certificate authorities like Comodo that have had their security undermined by hackers shouldn't be trusted, and in fact, the way the entire SSL certificate industry of today works can and should be replaced with something better, says Moxie Marlinspike, a security expert who's come up with a plan he says will do that. . Marlinspike's plan, unveiled last August at the Black Hat Conference, is called "Convergence," and it's gaining some momentum, particularly after the shocking hacker attacks on DigiNotar, GlobalSign, Comodo and other SSL certificate authorities of late that resulted in fake certificates coming into use on the web, including a fake Google certificate, since revoked. The link for this article located at Network World is no longer available. . Marlinspike's plan, unveiled last August at the Black Hat Conference, is called 'Convergence,' and i. certificate, authorities, comodo, their, security, undermined, hackers, shoul. . LinuxSecurity.com Team
Oct 13, 2011
•
Cryptography
82
network threatssecurity proposalindustry regulationsRichard Clarke's Call For Stronger Cybersecurity Regulations After 9/11
After Sept. 11, 2001, cybersecurity czar Richard Clarke crisscrossed the country berating technology companies for failing to do enough to shore up the Net against potential terrorist attacks. In unveiling a highly anticipated White House cybersecurity proposal on Wednesday, however, . . . . After Sept. 11, 2001, cybersecurity czar Richard Clarke crisscrossed the country berating technology companies for failing to do enough to shore up the Net against potential terrorist attacks. In unveiling a highly anticipated White House cybersecurity proposal on Wednesday, however, Clarke left his firebrand at home. Rather than target specific industry segments and require that they secure themselves by recommending tough new laws and regulations, the administration's plan recommends that industry and individuals simply take greater care. "It has no teeth," said Steven Kirschbaum, CEO of Secure Information Systems, a small Fremont, Calif.-based security consulting firm. "It has no enforcement. The first rule of having any security policy is you have to have enforcement. Without it, it's just a nice press release." Nearly a year after President Bush sent Clarke out to stump for tougher security, experts say little has been done to address many of the fundamental causes that lead to persistent vulnerabilities that expose Net users to myriad threats, from Web site defacements to viruses to denial of service attacks. The link for this article located at news.com is no longer available. . In the aftermath of the September 11 attacks, Richard Clarke criticized technology firms for inadequate cybersecurity measures and called for stricter regulatory frameworks.. Richard Clarke Cybersecurity,Cybersecurity Weaknesses,Network Security Concerns. . Anthony Pell
Sep 19, 2002
•
Government
81
security proposalnational idterrorism preventionLarry Ellison Advocates National ID System For U.S. Citizens
CHAIRMAN and Chief Executive Officer Larry Ellison has called for a national identification (ID) card to be issued to all U.S. citizens in an effort to help prevent future terrorist attacks. To help build such a system, Ellison has reportedly offered . . . . CHAIRMAN and Chief Executive Officer Larry Ellison has called for a national identification (ID) card to be issued to all U.S. citizens in an effort to help prevent future terrorist attacks. To help build such a system, Ellison has reportedly offered to give the necessary software to the U.S. government for free. In an interview with a San Francisco television station, KPIX, broadcast on Friday, Ellison said the U.S. government should issue a national ID card that contains a photograph and digitized thumbprint for each U.S. citizen, according to a transcript of the interview. When presented to airport security officials, the information contained in the ID cards would be verified with information stored on a centralized database, insuring the accurate identification of airline passengers, Ellison said, according to the San Jose Mercury News newspaper. The link for this article located at InfoWorld is no longer available. . CHAIRMAN and Chief Executive Officer Larry Ellison has called for a national identification (ID) car. chairman, chief, executive, officer, larry, ellison, called, national, identification. . LinuxSecurity.com Team
Sep 24, 2001
•
Privacy
81
cybercrimecybersecuritynational securityShifting Anonymity for Enhanced Internet Security Against Cybercrime
If you want a secure Internet, you can't be nameless and faceless in cyberspace anymore. It's just that simple, although my friend and colleague Charlie Cooper, doesn't see it that way. He's wrong and I'm right, so I thought I would . . . . If you want a secure Internet, you can't be nameless and faceless in cyberspace anymore. It's just that simple, although my friend and colleague Charlie Cooper, doesn't see it that way. He's wrong and I'm right, so I thought I would skip a private talk and just debate the issue here. Coop and I are reacting to an idea -- I'm not sure you can call it a proposal yet -- being floated by the Clinton administration. Last week, one of the President's chief national security advisors said we should create a second, separate Internet. It would protect your privacy, yet allow authorities to track who passed information from one place to another. Along with preventing cybercriminals from fading into the cloak of anonymity they enjoy today, it would also be designed to prevent most common security problems. The benefits of this proposal should be obvious: The link for this article located at ZDNet is no longer available. . A safe online environment demands that individuals relinquish their disguise in the digital realm to bolster protection and combat online offenses.. Internet Security, Cybercrime Prevention, National Security Policies. . LinuxSecurity.com Team
Dec 17, 2000
•
Privacy
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More