Tags: security


Dirty Cow vulnerability
Any mitigation for the “Dirty COW” and other privilege escalation bugs should really be considered a part of a comprehensive defense-in-depth strategy, says Konstantin Ryabitsev.

How Bad Is Dirty COW?

“Dirty COW” is a serious Linux kernel vulnerability that was recently discovered to have been lurking in the code for more than nine years. It is pretty much guaranteed that if you’re using any version of Linux or Android released in the past decade, you’re vulnerable. But what is this...
Read 0 Comments

Mitigating dirtyc0w with systemd

Basic mitigation Known exploits for the CVE-2016–5195 vulnerability involve the madvise syscall, so it’s possible to mitigate by excluding the necessary call via a systemd service or container configuration. This is easy with for a systemd unit: [Service] SystemCallFilter=~madviseThe tilde after...
Read 0 Comments

“Most Serious” Linux Privilege-Escalation Bug Ever Is Under Active Exploit (updated)

A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible. While CVE-2016-5195, as the bug is cataloged, amounts to a mere...
Read 0 Comments

Dirty COW Linux Vulnerability - What You Need to Know

What is Dirty COW? It's the name given to a newly discovered vulnerability in virtually all versions of the Linux operating system. More accurately it should be referred to as CVE-2016-5195 - but where is the fun in that? But why Dirty COW? According to the researchers who found the flaw, and...
Read 0 Comments

Secure Your Containers with this One Weird Trick

Did you know there is an option to drop Linux capabilities in Docker? Using the docker run --cap-drop option, you can lock down root in a container so that it has limited access within the container. Sadly, almost no one ever tightens the security on a container or anywhere else. The Day After is...
Read 0 Comments

Open Source, Third-Party Software Flaws Still Dog Developers

The new 2016 State of Software Security Report from Veracode shows the hazards of buggy libraries and applications. Application developers are getting burnt by security vulnerabilities in the very open source- and third-party frameworks and software components that make up their finished...
Read 0 Comments

Blockchain Technology Can Help Save Refugees by Giving Them a Verified Identity

What if you had no proof of who you are? What would you do when the bank manager asked for ID when you tried to open an account or when the hospital asked for your documentation? You wouldn’t be able to function, at least not easily. Billions face this problem internationally, but now blockchain...
Read 0 Comments


Richard Briggs
Richard Guy Briggs talked about the current state of Kernel Audit and Linux Namespaces at the recent Linux Security Summit.

Understanding and Securing Linux Namespaces

Richard Guy Briggs, a kernel security engineer and Senior Software Engineer at Red Hat, talked about the current state of Kernel Audit and Linux Namespaces at the Linux Security Summit. He also shared problems plaguing containers and what might be done to address them soon. His insights are borne...
Read 0 Comments

How to Secure Network Services Using TCP Wrappers in Linux

In this article we will explain what TCP wrappers are and how to configure them to restrict access to network services running on a Linux server. Before we start, however, we must clarify that the use of TCP wrappers does not eliminate the need for a properly configured firewall. In this regard,...
Read 0 Comments

GPG Sync Simplifies Encryption Key Management

Open source project GPG Sync makes it easier for organizations already using GPG to encrypt email messages to manage different user keys. In all the discussion about using encryption, a critical point keeps getting lost: It's difficult to work with, and it's even harder to deploy it at scale....
Read 0 Comments


Click Here!