Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 5 articles for you...
77
encryptioninternet securitycybersecurity solutionCloudFlare: Free Universal SSL Improves Web Protection for All Customers
In a move that will essentially double the number of SSL-protected sites on the Web in the space of 24 hours, CloudFlare on Monday said that it was enabling SSL for all of its more than two million customers for free.. The new service is called Universal SSL, and the company is making it available to both its paid and free customers. Company officials said that the move is designed to play a part in preventing ISPs, governments and attackers from throttling or censoring the Internet. CloudFlare The link for this article located at ThreatPost is no longer available. . CloudFlare boosts safety measures by providing Universal SSL at no cost to all users, improving online security for countless websites.. Universal SSL, CloudFlare Security, SSL Protection, Cybersecurity Solutions, Free SSL Services. . LinuxSecurity.com Team
Sep 30, 2014
•
Server Security
83
user safetysite securityweb protectionWikipedia Users Beware of Malware Causing Fake Advertisements
Visitors to Wikipedia who see advertisements on the site have most likely fallen victim to a browser-based malware infection, Wikimedia Foundation, the organization operating the website, said on Monday. . "We never run ads on Wikipedia," said Philippe Beaudette, director of community advocacy for the Wikimedia Foundation, in a blog post. "If you're seeing advertisements for a for-profit industry ... or anything but our fundraiser, then your web browser has likely been infected with malware." The link for this article located at InfoWorld is no longer available. . Be cautious of harmful software generating advertisements on online platforms. The Wikimedia team emphasizes security measures and assures users that they do not display any advertisements.. Malware Prevention, Browser Security, Wikipedia Issues, Online Privacy, User Protection. . LinuxSecurity.com Team
May 16, 2012
•
Hacks/Cracks
67
web securitycyber threatencryption protocolSSLShading Enhances Web Security Against Cyber Threats Like Firesheep
Researchers have found a cheaper, faster way to process SSL/TLS with off-the-shelf hardware, a development that could let more Web sites shut down cyber threats posed by the likes of the Firesheep hijacking tool.. The technology, dubbed SSLShading, shows how SSL proxies based on commodity hardware can protect Web servers without slowing down transactions, according to a presentation scheduled at the USENIX Symposium on Networked Design and Implementation in Boston March 30 through April 1. SSL/TLS -- the cryptographic protocols used to protect online Web transactions -- encrypts traffic from visitors' machines all the way to Web servers. That makes it impossible to pick up data such as session cookies by preying on unencrypted wireless networks, which is what Firesheep does. The link for this article located at Network World is no longer available. . The advancement of TLSGuard technology illustrates the efficacy of budget-friendly TLS proxies in bolstering online protection from vulnerabilities such as Wireshark.. SSLProxy,CyberThreats,EncryptionTech,NetworkSecurity,WebPrivacy. . LinuxSecurity.com Team
Jan 26, 2011
•
Cryptography
78
cross site scriptingweb applicationsecurity enhancementMozilla Firefox Preview Builds: Boosting Security Through CSP Features
Mozilla on Wednesday posted preview builds of its Firefox browser with security enhancements designed to mitigate the risk of certain Web attacks. In a blog post, Brandon Sterne, security program manager for Mozilla, asks security researchers and server administrators to help test the changes by downloading a build appropriate for their operating system. . The preview versions of Firefox implement a specification called Content Security Policy (CSP), which is designed to protect against cross site scripting (XSS) attacks. CSP originally also addressed cross site request forgery (CSRF) attacks, but the anti-CSRF measures have been moved into a separate security specification called the Origin Header proposal. XSS and CSRF attacks have been used for data theft, Web site defacement, and malware distribution. They're typically made possible by Web application coding errors. In its specification, Mozilla acknowledges that the ideal solution would be creating Web applications without vulnerabilities. But real world security is a matter of layers so Mozilla feels justified in building a net to catch careless coding. The link for this article located at InfoWorld is no longer available. . Explore the latest Firefox experimental versions boasting improved defenses against online threats through Content Security Policy.. Firefox Security Enhancements, Content Security Policy, Web Application Protection. . LinuxSecurity.com Team
Oct 05, 2009
•
Vendors/Products
77
firewallsecurity guideconfiguration tipsTips For Securing Your Public Web Presence With ModSecurity
Nice article on better securing your public web presence. Does this article help you? We would love to hear from you whether this is the type of article you like to see on this site. Using ModSecurity is not easy. The complexity of your site, your use of PHP, MySQL and other scripting languages will make it more difficult to configure correctly. Basically, the more complex your site, the more time you will need to work out issues with rules. This tutorial will provide you with several important tips to get started with ModSecurity. . Tip #1: Develop A Basic Understanding of ModSecurity Go to the modsecurity.org website, download and read the documentation. Once that is done you need to know how to find a policy number. 1. Locate a Policy The rules will be located in the directory you create, probably named modsecurity, and in that directory will be a list of rules. These Core Rules provide generic protection from many unknown vulnerabilities. You will not want to modify the Core Rules, except to turn them on, as when you update you will erase your settings. There are two files that have been created to create custom rules. The first is the modsecurity_crs_15_customrules.conf which lists rules that have been tested for your site and are working effectively. The second is a bailout ruleset, in other words, if you cannot get something to work you can place it in the modsecurity_crs_65_temporary.conf until you can get it fixed. For example, if you need to run ModSecurity but cannot get a specific rule to work you can disable it in this file until you can get it working. The link for this article located at BeginLinux is no longer available. . Uncover vital strategies to boost your online visibility by employing effective ModSecurity setups and recommended techniques.. ModSecurity Guide, Web Application Protection, Firewall Configuration, PHP Security. . LinuxSecurity.com Team
May 18, 2009
•
Server Security
79
PHPpassive fingerprintingweb protectionExploring PHP Passive Fingerprinting Techniques with BrowserRecon
Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks. This implementation of client-side fingerprinting utilizes PHP to identify browsers by http requests. See how this application fares against other fingerprinting utilities that analyze header lines and values.. The link for this article located at Darknet.org is no longer available. . Explore the methodologies behind passive browser fingerprinting approaches and analyze various PHP frameworks to improve front-end security measures.. Passive Browser Fingerprinting, PHP Security Techniques, Client-Side Web Protection. . LinuxSecurity.com Team
May 14, 2008
•
Security Projects
74
security advisoryDoS attackopen sourceAkamai Linux Servers Protect Microsoft.com from DoS Attacks
Akamai's Linux-based servers to protect its Microsoft.com Web site and reduce the site's vulnerability to viruses, worms and denial of service attacks. Microsoft has been in turmoil over the past couple of weeks, after at least three significant worm and virus . . . . Akamai's Linux-based servers to protect its Microsoft.com Web site and reduce the site's vulnerability to viruses, worms and denial of service attacks. Microsoft has been in turmoil over the past couple of weeks, after at least three significant worm and virus attacks. The Microsoft.com Web site was also brought down on at least two separate occasions after a distributed denial of service (DoS) attack. Deploying Linux-based servers is significant because the open-source operating system is an arch-rival to Windows. The link for this article located at ZDNet is no longer available. . Explore the ways Akamai's Linux infrastructure protects Microsoft.com from threats such as Denial of Service attacks and minimizes exposure to risks.. Akamai Linux Servers, Microsoft Web Security, DoS Attack Protection, Open Source Defense. . Anthony Pell
Aug 29, 2003
•
Network Security
78
application securitysecurity solutionsecurity policyMagniFire TrafficShield: Advanced Protection For Web Applications
The Application Flow model may be best described as an automatic analysis of content. Based on how a user interacts with an application over time, policies are designed to allow the user leeway to accomplish their task. Generating policies of . . . . The Application Flow model may be best described as an automatic analysis of content. Based on how a user interacts with an application over time, policies are designed to allow the user leeway to accomplish their task. Generating policies of this nature would normally take an admin months of analyzing patterns and behaviors of not only the application, but also the usage of the application. Unlike other technologies on the market today, MagniFire is the first to protect web based applications and infrastructure with the same comprehensiveness and efficiency of a network firewall protecting the network infrastructure. MagniFire achieves this through a patent-pending technology known as the Application Flow Model. This maps each application to build a highly accurate model of the user interaction to automatically generate a granular security policy that is tailored to the individual application. MagniFire is the first to achieve true "positive security logic" in protecting web applications without time consuming and costly manual configuration. Because 70% of hack attacks come through the application layer, companies are beginning to realize that they have to do something to stop it, without blocking valuable customers from doing business. MagniFire's new approach to protecting web applications and infrastructure finally gives companies the ability to block known and unknown attacks without generating the false positives and false negatives that have plagued other solutions in the past. MagniFire highlights: Patent-pending technology identifies the inherent vulnerabilities in any application, "maps the app" and all legal user interaction, recommends a granular security policy that blocks all known and unknown threats Eliminates heavy manualconfiguration and set up costs, as well as the need to scan and patch applications, offering the lowest TCO solution on the market today Magnifire received $9.1 million in venture funding from JVP, Lucent and other top tier investors Headquarters in NY, R&D in Israel and sales offices in the UK Run by top executives and scientists from the security, software, enterprise and telecom industries Press Release MAGNIFIRE LAUNCHES, OFFERING COMPREHENSIVE NEW APPROACH TO PROTECTING WEB-BASED INFRASTRUCTURE AND APPLICATIONS MagniFire's Application Flow Model Eliminates the Need for Application Scanning and Patching Company Targets Financial Services and Announces First Banking Customer Among its Client Roster NEW YORK, August 11, 2003 -A leading group of international technology and business professionals from the security, software, enterprise and telecom industries announced today the launch of MagniFire Websystems, Inc., a company that develops comprehensive web infrastructure security solutions for the enterprise. MagniFire's flagship platform, TrafficShield(tm), uses positive security logic to protect web applications and the web infrastructure behind them from both known and unknown attacks. With MagniFire, companies can conduct business as usual, while protecting their most critical data, applications and customer relationships. "Our approach is a dramatic departure from other products on the market today in terms of its ability to extend positive security logic all the way from the network layer to the application layer," said CEO Eitan Bauch. "MagniFire's technology is designed to offer the highest levels of protection to our clients' web-based applications and promises to be a boon for a wide variety of enterprises conducting business over the Internet." MagniFire is rapidly growing to meet customer demand in the financial services sector and currently has installations at a dozen major institutions, including the Bank of Jerusalem and several leading financial servicesfirms in the United States. Analysts estimate the market for web application security products and services will grow to over $1.7 billion by 2007. "The application layer is the most vulnerable part of the Internet and online business today," said Richard Stiennon, vice president of research at Gartner, Inc. "The market is looking for visionary companies that can provide easy-to-deploy, comprehensive web infrastructure security that can deny all except that which is allowed, without blocking important enterprise customers from doing business." MagniFire is the first platform able to offer true positive security logic for Web applications, ensuring that any customer interaction not specifically known to be legal is blocked immediately. Unlike solutions of the past, MagniFire is able to automatically create an accurate policy of every legal user interaction with the website, denying everything else. "What we've done is taken a very difficult problem and turned it on its head," said Bauch. "Because we can automatically generate very accurate policies, we can turn the impossible problem of identifying attacks into a relatively simple problem of protocol enforcement." The key to MagniFire's unique capability is its patent-pending Application Flow Model(tm), a map of every legitimate interaction of the user with the website. The Application Flow Model includes all possible requests from a given page, including objects that are dynamically generated. In addition, it traces the 'flow' of a user's activity through a website, linking from one page to another. This entire model is generated automatically and dynamically, requiring very little configuration and almost no ongoing maintenance. MagniFire's exclusive ability to "map the app" translates into low total cost of ownership for the enterprise, as well as cost savings on other security procedures. For instance, companies can reduce or eliminate the resources dedicated to application vulnerability scanning, IDS log inspection and patch maintenance. With TrafficShield, web infrastructure is secure, thereby reducing the burden on other lines of enterprise defense as well as the cost of damage control Executive Team & Advisors MagniFire has received over $9M in venture capital funding to date from JVP, Lucent Capital Partners and other seed investors and has assembled a management team from the security, software, enterprise and telecom industries to lead its New York headquarters, R&D facilities in Israel and sales offices in the UK. Eitan Bauch, CEO, has over 20 years of experience in running highly successful international technology companies. Previously he served as CEO of Tundo, a leading supplier of IP-based telephony switching and service creation platforms for the enterprise and carrier markets. Prior to Tundo, Eitan held a variety of senior positions in Pacer/CATS Corporation, the worldwide leader in admission and management systems and is a wholly owned subsidiary of Ticketmaster. Dr. David Movshovitz, CTO, has led security-related research and development in the Israeli Defense Forces for more than ten years and was awarded the Israeli Defense Award, Israel's most prestigious acknowledgment for contributions to national security. David served as R&D manager at Elscint Ltd., as vice president of R&D at Algotec Systems Ltd., as a founder and CTO of NetAccess Ltd., and as VP of Product Development in the Taldor Group. Rich D'Angelo, SVP Worldwide Sales, joins MagniFire from Teros, where he served as the head of worldwide sales. With more than 30 years of experience in tech sales and field operations, for companies like Accrue Software and Moai Technologies, Rich brings extensive expertise in direct enterprise sales and indirect channel distribution in Asia Pacific, Latin America and Europe. Mark Shahaf, Co-Founder and VP R&D, brings 18 years of experience in networking and computer systems to MagniFire. Before founding the company, Mark fulfilled leadingengineering roles in several computer network, network services and wireless network companies. . Explore how MagniFire's Workflow Framework enhances the automation of security measures for web applications, efficiently reducing potential threats.. Application Security, Web Infrastructure, Traffic Protection, Cybersecurity Solutions. . LinuxSecurity.com Team
Aug 12, 2003
•
Vendors/Products
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More