Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  (Dec 26)
 

Once a user completes the SSL Certificate purchase process, the very next step is to generate the CSR (known as Certificate Signing Request) and private key. The main purpose of generating CSR is, it turns the information of the website (which is being encrypted) into encrypted form and the private key is used when the Certificate is being installed.
  (Dec 27)
 

Containers were big news in 2017, on Opensource.com and throughout the IT infrastructure community. Three primary storylines dominated container news over the past year:
  (Dec 26)
 

The year is closing, so it is time to review Linux security. Like last year, we look at the state of Linux security. A collection of the finest moments. Did we forget something important? Let us know in the comments. This post will remain updated in the upcoming weeks.
  (Dec 28)
 

With IoT botnets added to their roadmap, the hackers are now looking to supercharge it by exploiting Linux. Many IoT devices use inexpensive embedded Linux systems, which are notorious for having insecure defaults. By creating just a little malware code, these hackers think they can double their botnet power.
  (Dec 28)
 

The USB over IP kernel driver allows a server system to export its USB devices to a client system over an IP network via USB over IP protocol. Exportable USB devices include physical devices and software entities that are created on the server using the USB gadget sub-system.
  (Dec 28)
 

While Open Source prides itself on open transparency, there are certain things that must be kept secret like team credentials or personal information. GNU's OpenPGP (GPG) encryption tool set coupled with git-crypt can be invaluable for sharing such information privately with colleagues.
  (Dec 26)
 

I am setting up my first Node.js server on a cloud Linux node and I am fairly new to the details of Linux admin. (BTW I am not trying to use Apache at the same time.)
  (Dec 28)
 

A key feature of the new LinuxONE Emperor II, IBM Secure Service Container is an exclusive LinuxONE technology that represents a significant leap forward in data privacy and security capabilities. Last year, more than four billion data records were lost or stolen, a 556 percent increase over 2015 1.
  (Dec 26)
 

Gaps in software systems are slowing down security teams who are estimated to spend 10 hours a week dealing with the inefficiencies.
  (Dec 29)
 

Justin Trudeau, the Canadian prime minister, certainly raised the profile of quantum computing a few notches last year, when he gamely--if vaguely1--described it for a press conference. But we've heard a lot about quantum computers in the past few years, as Google, I.B.M., and N.A.S.A., as well as many, many universities, have all been working on, or putting money into, quantum computers for various ends.
  (Dec 27)
 

Perhaps you've been hearing strange sounds in your home--ghostly creaks and moans, random Rick Astley tunes, Alexa commands issued in someone else's voice. If so, you haven't necessarily lost your mind.
  (Jan 2)
 

Once upon a time, standards were our friends. They provided industry-accepted blueprints for building homogeneous infrastructures that were reliably interoperable. Company A could confidently build an application and -- because of standards -- know that it would perform as expected on infrastructure run by Company B.