Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 18 articles for you...
78
malware protectionsoftware flawsvulnerability disclosureFireEye Vs ERNW: Malware Protection Flaw Dispute Revealed
A spat between two security companies shows just how sensitive reporting software vulnerabilities can be, particularly when it involves a popular product. The kerfuffle between FireEye and ERNW, a consultancy in Germany, started after an ERNW researcher found five software flaws in FireEye's Malware Protection System (MPS) earlier this year. . One of the flaws, found by researcher Felix Wilhelm, could be exploited to gain access to the host system, according to an advisory published by ERNW. As is customary in the industry, ERNW contacted FireEye in early April with details of the problems. . Concerns emerge regarding the disclosure of weaknesses in the Malware Defense System between CrowdStrike and CERT over issues in threat assessment.. Malware Protection System, FireEye, Ethical Disclosure, Software Flaws, Cybersecurity. . LinuxSecurity.com Team
Sep 14, 2015
•
Vendors/Products
76
software flawshacker contestbrowser issuesPwn2Own 2013 Highlights Major Software Failures In Browsers And OS
Over the past few years, the Pwn2Own hacker contest has become an important fixture in the world of testing the security of software applications, operating systems and hardware devices. This year, HP TippingPoint, a sponsor of Pwn2Own, made clear that it was expanding the focus of the competition beyond browsers. . Pwn2own 2013 also includes more than $560,000 in prize money for demonstrations of exploits in the major web browsers, Adobe Reader, Adobe Flash or Oracle Java. And now, with the Pwn2Own contest underway, participants at the Canadian hacking showcase (which is always held in conjunction with the CanSecWest security conference) have found holes in Windows 8, Java and every major browser. Here is more on how the exploits just keep comin'. The link for this article located at OStatic is no longer available. . Pwn2Own 2023 featured a staggering $600,000 in rewards for showcasing vulnerabilities across key systems, encompassing web browsers and operating systems.. Pwn2Own 2013, security exploits, hack contest, browser vulnerabilities. . Anthony Pell
Mar 08, 2013
•
Organizations/Events
79
software developmentsecurity best practicessoftware flawsBest Practices For Securing Software Development Lifecycle
Just as software is everywhere, flaws in most of that software are everywhere too. Flaws in software can threaten the security and safety of the very systems on which they operate. The best way to prevent such vulnerabilities in software is to proactively incorporate security and other non-functional requirements into all phases of Software Development Lifecycle (SDLC).. Drawing on the best practices from our book Secure and Resilient Software Development this article summarizes some key activities required for integrating security into your SDLC and offers some recommendations and advice for implementing your own secure software development program. The link for this article located at CSO Online is no longer available. . Strengthen your Software Development Life Cycle (SDLC) by implementing secure software development best practices that proactively address vulnerabilities during development.. Secure Development, Security Integration, SDLC Best Practices. . LinuxSecurity.com Team
Sep 27, 2010
•
Security Projects
79
security threatsprogramming errorsIT securityTop 25 Programming Errors Impacting IT Security According to SANS
When it comes to programming errors, some are more common than others. A new report from the SANS Institute identifies the top 25 programming errors that have led to nearly every type of IT security threat over the last year. The report draws on the input of 28 different groups including those in government and the private sector and leverages the CWE (Common Weakness Enumeration) numbering system to label vulnerabilities.. The report follows one done by SANS on the same topic for 2009, and provides similar findings this time around. But while the SANS lists attempt to identify the top programming errors, there is some disagreement when it comes to the top programming errors that Linux developers face. "The takeaway from this list isn't so much that there is anything here that is particularly new or surprising at all," Alex Horan, director of product management at Core Security, said in a e-mail to InternetNews.com. "In fact, what it reinforces is that most organizations, and software/Web app developers, continue to struggle with the same types of security issues that they've been dealing with for years." The 2010 SANS list is structured differently than the 2009 list which provided the top 25 in a list broken down by three categories. For 2010, SANS has also provided a general ranking of the top 25 with Cross Site Scripting (XSS) The link for this article located at CodeGuru is no longer available. . Highlighting the top programming errors from SANS Institute's latest report and their impact on IT security.. programming errors, IT security, software vulnerabilities, SANS report. . LinuxSecurity.com Team
Feb 19, 2010
•
Security Projects
79
security advisorysecurity concernsystem integrityAlcotest 7110 MKIII-C Advisory: Significant Software Flaws Uncovered
This is an excellent lesson in the security problems inherent in trusting proprietary software: After two years of attempting to get the computer based source code for the Alcotest 7110 MKIII-C, defense counsel in State v. Chun were successful in obtaining the code, and had it analyzed by Base One Technologies, Inc. Draeger, the manufacturer maintained that the system was perfect, and that revealing the source code would be damaging to its business. They were right about the second part, of course, because it turned out that the code was terrible.. The link for this article located at is no longer available. . Analysis of vulnerability concerns within closed-source applications and defects discovered in Alcotest 7110 MKIII-C's codebase.. Alcotest Security Flaws, Proprietary Software Issues, Source Code Analysis. . LinuxSecurity.com Team
May 14, 2009
•
Security Projects
78
security practicescybercrimesecurity analysisInvestigating Software Flaws in Forensics: Insights from DefCon
Those of you familiar with CSI (or have surely heard of it) are all too familiar with the process they use to catch the criminals - scientific analysis, forensics, gadgetry, and smarmy head investigators. Reoccurring themes include DNA analysis or other types of human-related evidence. However, in the information world, catching a criminal after the crime is in another league of its own. This article presents an account of a recent DefCon presentation which focused on breaking the actual forensics software used to analyze compromised systems. The most interesting line in the article referred to the weaknesses in one of the most popular forensics tools - "Most of these can and will be fixed in the near future, but at least one is a design flaw, not a bug.". Read on to find out how your forensics tools are only as good as the makers of them, and how it can result in a perfect getaway. . The link for this article located at The Inquirer is no longer available. . Disruption in forensic software can severely affect digital investigations. If data recovery tools fail, it risks the integrity of evidence, leading to errors and misjudgments. Forensics Tools, Security Analysis, Digital Forensics, Cybersecurity Techniques, Software Vulnerabilities. . LinuxSecurity.com Team
Aug 10, 2007
•
Vendors/Products
83
security researchsoftware flawsbug bountyExploring the Rise of Bug Bounties and Vulnerability Sales in Security
The co-founder of security group Secure Network Operations Software (SNOSoft), Desautels has claimed to have brokered a number of deals between researchers and private firms--as well as the odd government agency--for information on critical flaws in software. Last week, he bluntly told members of SecurityFocus's BugTraq mailing list and the Full-Disclosure mailing list that he could sell significant flaw research, in many cases, for more than $75,000. "I've seen these exploits sell for as much as $120,000," Desautels told SecurityFocus in an online interview. It's a statement that underscores the increasing acceptance of the sale of vulnerability information. Once a frowned-upon practice, the sale of such information is taking off. Flaw bounty programs such as TippingPoint's Zero-Day Initiative (ZDI) and iDefense's Vulnerability Contributor Program (VCP) have added legitimacy to the practice, even if they remain controversial. Software vendors have had to increasingly get used to dealing with third parties reporting security flaws that were bought from anonymous researchers. Microsoft, for example, patched at least 17 flaws reported by the two programs in 2006, up from 11 reported in 2005. . Desautels, now the chief technology officer for boutique security firm Netragard, highlighted the trend by announcing a program on Wednesday whereby the security company would act as a broker to any researcher with a critical flaw to sell. The program could be a more lucrative option for freelance researchers aiming to sell information on software vulnerabilities. In many ways, the push by researchers for greater returns on their research efforts is part of the ebb and flow of the debate over the proper way to disclose information about software vulnerabilities. In 2000, a researcher known as Rain Forest Puppy released a basic framework, dubbed the RFPolicy, for disclosing vulnerabilities in a way that seemed fair to responsible software makers. In 2002, two security researchers further refined the guidelinesand submitted them to the Internet Engineering Task Force (IETF), but the technical standards body decided that setting disclosure policy was outside of its jurisdiction. Over the past few years, software makers, and Microsoft in particular, have focused on holding researchers to the guidelines, calling such disclosure "responsible." It's been an uneasy truce, and one that has fractured in many places. In 2005, a researcher attempted to auction off information about a flaw in Microsoft Office. Other flaw finders have decided to just release details of vulnerabilities they have found as a punishment for, what they believe to be, irresponsible behavior on the part of the software vendor. In the last six months, for example, a number of researchers have collected advisories on potential security issues into month-long releases of daily bugs. The trend started with the Month of Browser Bugs in July and continues with the latest Month of Apple Bugs this month. Now, flaw finders fed up with software vendors are increasingly turning to third parties to buy their research. "One of the reasons why the hacking community is so frustrated with large corporations is because these corporations are making a killing off their research and they are not seeing fair value for their work," Desautels said in an online interview with SecurityFocus. Software makers typically do not pay for vulnerability information, with the notable exception of the Mozilla Foundation. The well-known public bounty programs typically pay thousands of dollars for original vulnerabilities, while lesser-known private deals can net a researcher tens of thousands of dollars, according to security experts. The amounts quoted by Desautels are not excessive, according to experts interviewed by SecurityFocus. In September, for example, a private buyer approached noted security researcher HD Moore and offered between $60,000 and $120,000 for each client side vulnerability found in Internet Explorer, the founder of the Metasploit Projectsaid. Moore declined to pursue the offer, but said that such prices are typical of high-level private purchases, while information on serious flaws in generic enterprise-level applications can be sold to safe buyers--such as 3Com's ZDI program and VeriSign's VCP program--for between $5,000 and $10,000. "The ZDI and (VCP) programs are definitely the easier way to sell a vulnerability, but at the 5x or 10x multipliers you see from a private buyer, it's usually worth the effort," Moore told SecurityFocus in an e-mail interview The link for this article located at Security Focus is no longer available. . Emerging patterns indicate increased rewards for tech flaws, mirroring shifts in the ways experts exchange data.. Bug Bounty Programs, Exploit Trading, Vulnerability Economics. . LinuxSecurity.com Team
Jan 24, 2007
•
Hacks/Cracks
77
security advisorysecurity issuesemail protocolSendmail Security Flaws: A Historical Overview and Context
As far as software goes, Sendmail is ancient, dating all the way back to 1981. Sendmail 8 itself is well over 10 years-old. To put it nicely, its security track record is less than stellar. However, the last big show stoppers in Sendmail were found about three years ago – Zalewski's prescan() bugs reported in September and March of 2003, and crackaddr(), also in March of 2003. The crackaddr() bug was also discovered by Mark Dowd. . The link for this article located at TheRegister.co.uk is no longer available. . Sendmail, once a leader in email transfer, now faces significant vulnerabilities and inefficiencies due to its outdated architecture and antiquated design practices. Sendmail Software, Email Security, Protocol Flaws, Security Issues. . LinuxSecurity.com Team
May 11, 2006
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More