Security index
ABS: Android security underpinnings (February 28, 2013)
SELinux on Android (August 27, 2014)
Stagefrightening (July 29, 2015)
CopperheadOS: Securing the Android (February 17, 2016)
TLS certificate management on Android (March 2, 2016)
Four new Android privilege escalations (August 10, 2016)
Revenge of the modems (October 3, 2018)
Android wallpaper fingerprints (October 26, 2021)
Eavesdropping on Tor traffic (September 12, 2007)
TorProxy and Shadow (October 14, 2009)
The Amnesic Incognito Live System: A live CD for anonymity (April 27, 2011)
Phantom: Decentralized anonymous networking (June 8, 2011)
GNUnet adds VPN, direct wireless peering, and more (December 21, 2011)
Tor offers SSL obfuscation for users behind censorship walls (February 15, 2012)
Whonix for anonymity (October 17, 2012)
DeadDrop and Strongbox (May 22, 2013)
Tor and browser vulnerabilities (August 7, 2013)
Browser fingerprinting (October 16, 2013)
Spoiled onions and Tor exit relays (January 29, 2014)
Tails reaches 1.0 (April 30, 2014)
Anonymous, wireless file sharing with PirateBox (June 11, 2014)
Browser tracking through "canvas fingerprinting" (July 23, 2014)
Kernel support for SYN packet fingerprinting (May 20, 2015)
Tor and library freedom (August 5, 2015)
Tor Messenger (December 9, 2015)
The perils of federated protocols (May 18, 2016)
New browser-fingerprinting techniques (May 25, 2016)
Anonymous publishing with Riffle (July 20, 2016)
SecureDrop: anonymity and security for whistleblowers (March 29, 2017)
Recent improvements to Tor (March 28, 2018)
Avoiding "supercookie" tracking (February 3, 2021)
Android wallpaper fingerprints (October 26, 2021)
Rollercoaster: group messaging for mix networks (November 17, 2021)
Apache attacked by a "slow loris" (June 24, 2009)
Apache range request denial of service (August 31, 2011)
Linux security non-modules and AppArmor (June 27, 2007)
The future of AppArmor (October 17, 2007)
TOMOYO Linux and pathname-based security (April 14, 2008)
Application binary interface (ABI)
Cascading security updates (February 27, 2008)
Design for security (January 30, 2019)
Fedora accepting YubiKey one-time passwords (October 13, 2010)
OATH: yesterday, today, and tomorrow (December 15, 2010)
Trusted internet identity (January 12, 2011)
The end of OpenID? (February 2, 2011)
BrowserID: A new web authentication scheme (July 27, 2011)
Password storage on Android devices (August 3, 2011)
SSSD: System Security Services Daemon (September 27, 2011)
Enforcing password strength (October 12, 2011)
A Periodic Table of password managers (November 9, 2011)
FreeIPA: centralized identity management for Linux (December 11, 2012)
PyCon: Mozilla Persona (March 20, 2013)
FreeOTP multi-factor authentication (January 22, 2014)
The YubiKey NEO (April 16, 2014)
Multi-factor authentication with U2F (August 6, 2014)
Smartcard features on the YubiKey NEO (November 5, 2014)
One-time passwords and GnuPG with Nitrokey (July 27, 2016)
OpenID for authentication (December 7, 2016)
A comparison of cryptographic keycards (October 17, 2017)
Adding a "duress" password with PAM Duress (August 24, 2021)
Passwordless authentication with FIDO2—beyond just the web (February 21, 2023)
Fingerprint recognition using fprint (November 21, 2007)
Biometrics for identification (April 2, 2008)
A look at PAM face-recognition authentication (November 7, 2012)
Authentication bypass in routers (March 5, 2008)
Linux and automotive computing security (October 10, 2012)
The Internet of criminal things (September 23, 2015)
Inside the Volkswagen emissions cheating (January 6, 2016)
Automotive security and safety (January 27, 2016)
The Car Hacker's Handbook (March 16, 2016)
The backdooring of WordPress (March 7, 2007)
The backdooring of SquirrelMail (December 19, 2007)
A backdoor in UnrealIRCd (June 16, 2010)
Toward healthy paranoia (September 11, 2013)
event-stream, npm, and trust (November 28, 2018)
A backdoor in a popular Ruby gem (April 10, 2019)
How the XZ backdoor works (April 2, 2024)
Free software's not-so-eXZellent adventure (April 2, 2024)
Bash gets shellshocked (October 1, 2014)
Berkeley Internet Name Daemon (BIND)
Cache poisoning vulnerability found in BIND (July 25, 2007)
The dangers of weak random numbers (February 20, 2008)
Security in an error-prone world (November 3, 2015)
Core Infrastructure Initiative best-practices badge (June 8, 2016)
Book Review: Hacking VoIP (January 28, 2009)
Book review: Nmap Network Scanning (February 18, 2009)
The Car Hacker's Handbook (March 16, 2016)
Cracking Linux with the backspace key? (December 21, 2015)
Storm worm gains strength (August 29, 2007)
ITU getting serious about botnets (November 28, 2007)
Storm botnet used to study spam (November 12, 2008)
Linux botnets (March 25, 2009)
SCALE 8x: Ten million and one penguins (March 10, 2010)
Linux/Moose: Interesting but ineffective (June 3, 2015)
Session cookies for web applications (May 21, 2008)
Another kind of cookie (October 29, 2008)
Should web developers say no to cookie-based authentication? (March 24, 2010)
Capsicum: practical capabilities for UNIX (February 22, 2012)
Capsicum for Linux (July 2, 2014)
Counting vulnerabilities (June 22, 2007)
Cascading security updates (February 27, 2008)
Secrecy and the DNS flaw (July 9, 2008)
Injunction lifted against MIT students (August 20, 2008)
Partial disclosure (October 8, 2008)
Distribution advisories (November 26, 2008)
"Vishing" advisory targets Asterisk (December 17, 2008)
Vulnerability disclosure policies (July 7, 2010)
The future of vendor-sec (March 9, 2011)
Python vulnerability disclosure (April 27, 2011)
An odd vulnerability report for LibreOffice (October 5, 2011)
How long should security embargoes be? (February 8, 2012)
GitHub incidents spawns Rails security debate (March 7, 2012)
Responsible disclosure in open source: The crypt() vulnerability (June 6, 2012)
Stockpiling zero-day vulnerabilities (August 15, 2012)
A story of three kernel vulnerabilities (February 19, 2013)
Mayhem finds 1200 bugs (July 3, 2013)
Subverting Android package verification (July 10, 2013)
Full Disclosure back in full (April 2, 2014)
OpenBSD and the latest OpenSSL bugs (June 11, 2014)
Evaluating the LZO integer-overflow bug (July 9, 2014)
RPM Fusion, wiki defacement, and bug reporting (July 30, 2014)
An overhyped GHOST (January 28, 2015)
OpenOffice and CVE-2015-1774 (July 8, 2015)
Proprietary vulnerabilities (August 12, 2015)
Apache OpenOffice and CVE-2016-1513 (July 27, 2016)
Dirty COW and clean commit messages (October 21, 2016)
Vulnerability hoarding and Wcry (May 17, 2017)
CVE-2018-5390 and "embargoes" (August 14, 2018)
Improving the handling of embargoed hardware-security bugs (October 25, 2018)
Lessons from the linux-distros mailing list (October 27, 2021)
Kernel security reporting for distributions (August 16, 2023)
CVE woes lead some to seek alternatives (March 9, 2016)
A new process for CVE assignment (March 8, 2017)
CVE-less vulnerabilities (June 25, 2019)
What to do about CVE numbers (October 4, 2019)
Resurrecting DWF (April 7, 2021)
The bogus CVE problem (September 13, 2023)
Supplementing CVEs with !CVEs (December 5, 2023)
A turning point for CVE numbers (February 14, 2024)
Capsicum: practical capabilities for UNIX (February 22, 2012)
CAP_SYS_ADMIN: the new root (March 14, 2012)
The trouble with CAP_SYS_RAWIO (March 13, 2013)
Capsicum for Linux (July 2, 2014)
Inheriting capabilities (February 11, 2015)
CAP_PERFMON — and new capabilities in general (February 21, 2020)
A crop of new capabilities (June 8, 2020)
Breaking CAPTCHA (March 19, 2008)
GCC and pointer overflows (April 16, 2008)
Mozilla and CNNIC (February 3, 2010)
EFF analyzes SSL certificates and certificate authorities (August 11, 2010)
The case of the fraudulent SSL certificates (March 23, 2011)
Fallout from the fraudulent SSL certificates (March 30, 2011)
Certificates and "authorities" (September 7, 2011)
Convergence: User-controlled SSL certificate checking (October 19, 2011)
A ".secure" top-level domain (May 16, 2012)
Cyberoam deep packet inspection and certificates (July 11, 2012)
Debian and CAcert (March 18, 2014)
The EFF announces "Let's Encrypt" (November 19, 2014)
The Let's Encrypt certificate revocation scare (March 10, 2020)
Red Hat and IBM get certified (June 20, 2007)
Fedora and CAPP (December 10, 2008)
Core Infrastructure Initiative best-practices badge (June 8, 2016)
What chroot() is really for (October 3, 2007)
Unprivileged chroot() (March 15, 2021)
Comparing GCC and Clang security features (September 12, 2019)
Safer flexible arrays for the kernel (September 22, 2022)
Managing security for the cloud (October 8, 2014)
Where to store your encrypted data (October 22, 2014)
Mayhem finds 1200 bugs (July 3, 2013)
A Matrix overview (November 4, 2020)
Evaluating the LZO integer-overflow bug (July 9, 2014)
A report from the Enigma conference (February 14, 2018)
A proposed threat model for confidential computing (February 13, 2023)
Linux capabilities support for user namespaces (December 22, 2010)
LSS: Secure Linux containers (September 6, 2012)
Sandstorm personal cloud platform (June 25, 2014)
Hardware technologies for securing containers (September 10, 2015)
Audit, namespaces, and containers (September 8, 2016)
Filesystem images and unprivileged containers (September 14, 2016)
On the way to safe containers (September 21, 2016)
Network security in the microservice environment (April 12, 2017)
Kubernetes & security (April 19, 2017)
Securing the container image supply chain (May 17, 2018)
Easier container security with entitlements (May 24, 2018)
Measuring container security (December 11, 2018)
Handling the Kubernetes symbolic link vulnerability (December 19, 2018)
A container-confinement breakout (March 6, 2019)
Making containers safer (August 21, 2019)
System-call interception for unprivileged containers (June 29, 2022)
Progress for unprivileged containers (September 28, 2022)
Another runc container breakout (February 12, 2024)
Content blockers and Chrome's Manifest V3 (December 21, 2021)
HTML Subresource Integrity (June 29, 2016)
Improving control-flow integrity for Linux on RISC-V (June 13, 2024)
Core Infrastructure Initiative
Assessing risk with the Core Infrastructure Initiative (July 22, 2015)
Extended Validation certificates and cross-site scripting (March 12, 2008)
Mozilla's Content Security Policy (July 1, 2009)
Cross-site scripting here at LWN (November 4, 2009)
Chrome reflective XSS protection (November 4, 2009)
LCA: CSP for cross-site scripting protection (February 6, 2013)
A comparison of cryptographic keycards (October 17, 2017)
BruCON: Can we trust cryptography? (September 30, 2009)
Bitcoin: Virtual money created by CPU cycles (November 10, 2010)
Desktop Summit: Crypto consolidation (August 10, 2011)
On keys, trust, and webs (October 5, 2011)
Forward secure sealing (August 22, 2012)
A crypto library aimed at auditability (January 8, 2014)
Does Fedora need a system-wide crypto policy? (March 5, 2014)
The state of crypto in Python (April 30, 2014)
The WebCrypto API (July 2, 2014)
Darkcoin: A cryptocurrency with more anonymity (October 29, 2014)
The FREAK crypto downgrade attack (March 4, 2015)
The prospect of a crypto monoculture (March 30, 2016)
Breaking Libgcrypt RSA via a side channel (July 5, 2017)
ROCA: Return Of the Coppersmith Attack (November 14, 2017)
Reconsidering Speck (August 8, 2018)
Progress on Zinc (thus WireGuard) (September 26, 2018)
Zinc: a new kernel cryptography API (November 6, 2018)
Adiantum: encryption for the low end (January 16, 2019)
Cryptography and elections (January 28, 2020)
Desktop malware risk gets raised and patched (February 25, 2009)
A desktop "secrets" API (July 29, 2009)
Linux malware: an incident and some solutions (December 23, 2009)
Where are the non-root X servers? (September 8, 2010)
Linux autorun vulnerabilities? (February 9, 2011)
Libsecret revealed (April 4, 2012)
The perils of desktop tracking (April 18, 2012)
GUADEC: Imagining Tor built-in to GNOME (August 8, 2012)
A look at PAM face-recognition authentication (November 7, 2012)
Security implications for user interface changes? (November 28, 2012)
Prompt-free security for GNOME (August 14, 2013)
Matthew Garrett calls for the private, secure desktop (July 30, 2014)
GStreamer and the state of Linux desktop security (December 7, 2016)
Maintainers for desktop "critical infrastructure" (January 11, 2017)
Capturing web attacks with open proxy honeypots (July 3, 2007)
Bluepot: A honeypot for Bluetooth attacks (February 16, 2011)
Verifying the source code for binaries (June 26, 2013)
Security software verifiability (August 21, 2013)
Binary "diversity" (August 28, 2013)
Lots of progress for Debian's reproducible builds (January 21, 2015)
Reproducible Android app builds (February 18, 2015)
A status update on Debian's reproducible builds (September 16, 2015)
Reproducible builds (April 12, 2017)
Toward a fully reproducible Debian (June 15, 2018)
The history, status, and plans for reproducible builds (August 23, 2024)
Free user space for non-graphics drivers (June 3, 2020)
ParanoidLinux: from fiction to reality (October 1, 2008)
Tin Hat: secured by running from RAM (March 18, 2009)
BackTrack 4: the security professional's toolbox (January 20, 2010)
Fedora 13 to debut a security "spin" (March 3, 2010)
IPFire 2.5: Firewalls and more (April 28, 2010)
Qubes: security by virtualization (May 5, 2010)
Lightweight Portable Security (December 15, 2010)
Deliberately insecure Linux distributions as practice targets (April 6, 2011)
The Amnesic Incognito Live System: A live CD for anonymity (April 27, 2011)
Security testing with BackBox 2 (September 8, 2011)
Whonix for anonymity (October 17, 2012)
Tails reaches 1.0 (April 30, 2014)
A look at FreedomBox 0.2 (May 29, 2014)
Anonymous, wireless file sharing with PirateBox (June 11, 2014)
Sandstorm personal cloud platform (June 25, 2014)
What's new in FreedomBox 0.3 (January 28, 2015)
Qubes OS nears version 3.0 (May 28, 2015)
The private, anonymous desktop of Tails 2.0 (February 3, 2016)
CopperheadOS: Securing the Android (February 17, 2016)
Subgraph OS, a new security-centric desktop distribution (March 9, 2016)
New functionality and polish in FreedomBox 0.9 (June 2, 2016)
BlackArch: a distribution for pen testing (September 13, 2016)
Qubes OS 3.2 (November 9, 2016)
Life behind the tinfoil curtain (September 5, 2018)
Compartmentalized computing with CLIP OS (October 29, 2018)
PureOS: freedom, privacy, and security (December 23, 2020)
A modest update to Qubes OS (February 20, 2024)
LCA: How to improve Debian security (January 17, 2007)
Security hardening for Debian (February 6, 2008)
Eee PC security or lack thereof (February 13, 2008)
Debian, OpenSSL, and a lack of cooperation (May 14, 2008)
Debian vulnerability has widespread effects (May 14, 2008)
SELinux and Fedora (July 9, 2008)
Ubuntu, security response, and community contributions (July 16, 2008)
Fedora distributes new keys (September 10, 2008)
Distribution advisories (November 26, 2008)
Fedora and CAPP (December 10, 2008)
OpenVAS replacing Nessus in Debian (August 12, 2009)
Fedora 12 and unprivileged package installation (November 20, 2009)
Fedora's privilege escalation policy proposal (February 3, 2010)
FOSDEM'10: Maemo 6 platform security (February 10, 2010)
Distribution security response times (September 22, 2010)
A high-level view of the MeeGo security landscape (November 17, 2010)
The MeeGo security framework (November 24, 2010)
CentOS 5, RHEL 5.6, and security updates (February 23, 2011)
Arch Linux and (the lack of) package signing (March 23, 2011)
MeeGo rethinks privacy protection (April 13, 2011)
UDS security discussions (May 18, 2011)
Phones and permissions (June 2, 2011)
Security testing tools for Fedora (August 10, 2011)
Six years of RHEL 4 security (August 17, 2011)
Security response: how are we doing? (November 16, 2011)
How long should security embargoes be? (February 8, 2012)
Exploring options for the openSUSE security policy (May 23, 2012)
Fedora and secure release upgrades (December 19, 2012)
Distributions face the MoinMoin and Rails vulnerabilities (January 9, 2013)
Code authenticity checking (May 1, 2013)
Upgrading Debian's keys (February 26, 2014)
Does Fedora need a system-wide crypto policy? (March 5, 2014)
Debian forms Off-the-Record team (April 16, 2014)
Fedora's firewall furor (April 23, 2014)
Fedora mulls providing a local DNSSEC resolver (May 21, 2014)
Apt vulnerability sparks Debian security discussion (June 18, 2014)
The security of git.centos.org (July 16, 2014)
RPM Fusion, wiki defacement, and bug reporting (July 30, 2014)
Fedora 21 and its Workstation firewall (December 17, 2014)
Fedora and "strong" passwords (February 4, 2015)
Key management with Gentoo Keys (February 25, 2015)
Toward secure package downloads (March 25, 2015)
Fedora revisits password policies (April 8, 2015)
Previewing OpenWrt 15.05 (July 1, 2015)
Trouble at Linux Mint — and beyond (February 24, 2016)
Fedora and SELinux relabeling (July 7, 2016)
Debian to shift to a modern GnuPG (August 10, 2016)
Supporting UEFI secure boot in Debian (October 10, 2016)
Qubes OS and colored-border spoofing (October 26, 2016)
Debian considering automated upgrades (December 14, 2016)
Using systemd for more secure services in Fedora (December 21, 2016)
Toward a fully reproducible Debian (June 15, 2018)
Signing and distributing Gentoo (July 11, 2018)
Limiting the power of package installation in Debian (November 7, 2018)
Fedora security response time (April 29, 2020)
Removing run-time disabling for SELinux in Fedora (September 23, 2020)
OpenWrt and SELinux (September 30, 2020)
OpenWrt and self-signed certificates (November 18, 2020)
Bootstrappable builds (January 6, 2021)
A possible step toward integrity measurement for Fedora (January 8, 2021)
Fedora and supply-chain attacks (June 16, 2021)
Lessons from the linux-distros mailing list (October 27, 2021)
Adding fs-verity support for Fedora 36? (December 14, 2021)
Locked root and rescue mode (December 22, 2021)
Another Fedora integrity-management proposal (January 4, 2022)
Fedora and pkexec (February 2, 2022)
Kernel security reporting for distributions (August 16, 2023)
Trust and mirrors (July 16, 2008)
Attacks on package managers (April 8, 2009)
LSS: Security modules and RPM (October 3, 2012)
Subverting Android package verification (July 10, 2013)
SELinuxDenyPtrace and security by default (April 11, 2012)
Supporting secure DNS in glibc (November 18, 2015)
Fedora and DNSSEC (December 9, 2015)
Adopting DNSSEC (December 14, 2016)
Finding bugs lurking in the DOM (January 30, 2008)
Leaking browser history (June 25, 2008)
DNSCurve: an alternative to DNSSEC (July 8, 2009)
TCP cookie transactions (December 16, 2009)
An interesting DNSSEC amplification (July 14, 2010)
SOPA and PIPA (January 18, 2012)
A ".secure" top-level domain (May 16, 2012)
ICANN adds new gTLDs (June 20, 2012)
LSS: DNSSEC (September 19, 2012)
Potential pitfalls in DNS handling (November 14, 2012)
Fedora mulls providing a local DNSSEC resolver (May 21, 2014)
The Glibc DNS resolution vulnerability (February 24, 2016)
Cache poisoning vulnerability found in BIND (July 25, 2007)
Secrecy and the DNS flaw (July 9, 2008)
Details of the DNS flaw revealed (August 13, 2008)
How the XZ backdoor works (April 2, 2024)
Trustedbird: Additional email security for Thunderbird (February 24, 2010)
Potential pitfalls in DNS handling (November 14, 2012)
Email insecurities (November 13, 2013)
Enigmail vs Thunderbird vs line-wrapping (February 12, 2014)
End-To-End webmail encryption (June 25, 2014)
Dark Mail publishes its secure-email architecture (January 7, 2015)
The security benefits of using Gmail (June 24, 2015)
A beta release and a new license for Mailpile (July 22, 2015)
SMTP Strict Transport Security (April 20, 2016)
Backscatter increase clogs inboxes (April 9, 2008)
On comment spam (July 28, 2010)
SpamAssassin 3.4.1 released (May 6, 2015)
A look at Rspamd (July 1, 2015)
Spam reduction with greylisting (October 12, 2016)
How to (not) fix a security flaw (April 3, 2019)
Threat models for embedded devices (April 14, 2010)
BruCON: How to take over the world by breaking into embedded systems (September 29, 2010)
Default "secrets" (January 5, 2011)
Printer vulnerabilities via firmware update (November 30, 2011)
Exploiting network-enabled digital cameras (April 3, 2013)
Integrity and embedded devices (October 2, 2013)
The Internet of criminal things (September 23, 2015)
The Internet of Onions (August 3, 2016)
An unpleasant surprise for My Book Live owners (June 29, 2021)
GUADEC: Danny O'Brien on privacy, encryption, and the desktop (August 4, 2010)
Thwarting internet censors with Collage (September 1, 2010)
Tarsnap advisory provides a few lessons (January 19, 2011)
A hole in crypt_blowfish (June 22, 2011)
Martus: Software for human rights groups (October 18, 2011)
IBM's homomorphic encryption library (May 8, 2013)
Let's talk about perfect forward secrecy (November 6, 2013)
GNU virtual private Ethernet (November 20, 2013)
Secure text messaging for CyanogenMod (December 12, 2013)
Debian forms Off-the-Record team (April 16, 2014)
XMPP switches on mandatory encryption (May 21, 2014)
TrueCrypt abruptly shuts down (May 29, 2014)
Don't Panic about "going dark" (February 3, 2016)
Apple, iPhones, and encryption (March 16, 2016)
The perils of federated protocols (May 18, 2016)
Inline encryption support for block devices (March 22, 2017)
Bringing encryption restrictions in through the back door (March 18, 2020)
"Evil Maid" attack against disk encryption (October 28, 2009)
Attacking full-disk encryption with Inception (January 9, 2013)
Thwarting the "evil maid" (July 15, 2015)
Another attempt at DMCA reform - sort of (February 28, 2007)
OpenOffice and document encryption portability (March 28, 2012)
Email privacy (November 7, 2007)
Trustedbird: Additional email security for Thunderbird (February 24, 2010)
STEED: End-to-end email encryption (October 26, 2011)
Enigmail vs Thunderbird vs line-wrapping (February 12, 2014)
End-To-End webmail encryption (June 25, 2014)
The GnuPG 2.1 release (December 3, 2014)
Monkeysign 2.0 (December 24, 2014)
Felony PGP (August 3, 2016)
Strategies for offline PGP key storage (October 2, 2017)
Future directions for PGP (January 3, 2018)
OpenPGP signature spoofing using HTML (October 11, 2018)
Encrypted file transfer with Magic Wormhole (June 22, 2016)
The Tahoe secure filesystem (April 30, 2008)
Ext4 encryption (April 8, 2015)
Encrypted file backup for ext4 (December 16, 2015)
Adding encryption to Btrfs (September 21, 2016)
Giving Upspin a spin (March 8, 2017)
Inline encryption for filesystems (August 27, 2019)
Encryption, the NSA, and the front door (April 22, 2015)
Trusted and encrypted keys (October 6, 2010)
Default "secrets" (January 5, 2011)
On keys and users (June 22, 2011)
SCALE: The Hockeypuck key server (March 13, 2013)
Key management with Gentoo Keys (February 25, 2015)
Keysafe, a cloud-based key backup proposal (August 10, 2016)
Secure key handling using the TPM (October 17, 2018)
OpenPGP certificate flooding (July 2, 2019)
Maintaining the kernel's web of trust (September 4, 2019)
SGX: when 20 patch versions aren't enough (April 23, 2019)
Bringing Signal to the desktop (March 23, 2016)
A look at the OMEMO protocol (June 15, 2016)
Ring 1.0 is released (July 26, 2017)
GSM encryption crack made public (January 6, 2010)
Transport-level encryption with Tcpcrypt (August 25, 2010)
Blocking DPI with Dust (September 5, 2013)
Decentralization for the web (July 29, 2015)
Virtual private networks with WireGuard (March 6, 2018)
WireGuarding the mainline (August 6, 2018)
Whither WireGuard? (March 25, 2019)
WireGuard and the crypto API (October 16, 2019)
A different sort of "Fake Linus Torvalds" (August 24, 2016)
A schism in the OpenPGP world (December 6, 2023)
A side-channel attack on GnuPG (February 17, 2016)
KRACK, ROCA, and device insecurity (October 18, 2017)
ROCA: Return Of the Coppersmith Attack (November 14, 2017)
The future of unencrypted web traffic (January 2, 2008)
Deep packet inspection (July 23, 2008)
HTTPS Everywhere brings HTTPS almost everywhere (June 30, 2010)
LFNW: Seth Schoen stumps for SSL (May 4, 2011)
HTTPS interception in Nokia's mobile browser (January 23, 2013)
Subverting HTTPS with BREACH (August 7, 2013)
The EFF announces "Let's Encrypt" (November 19, 2014)
The HTTPS bicycle attack (January 20, 2016)
The Let's Encrypt certificate revocation scare (March 10, 2020)
Encrypting users' web data with Grendel (January 27, 2010)
Firefox security status (June 7, 2007)
Firefox 3 SSL certificate warnings (August 27, 2008)
Firefox security add-ons (January 21, 2009)
Firefox locks down the components directory (November 24, 2009)
Mozilla's Plugin Check (June 9, 2010)
HTTPS Everywhere brings HTTPS almost everywhere (June 30, 2010)
BadUSB: Clever but not novel (August 13, 2014)
The dangers from component firmware (September 4, 2014)
Matthew Garrett versus IPMI (January 28, 2015)
Bricking systems using rm (February 10, 2016)
Intel's zero-day problem (May 3, 2017)
Flash blocking, exploits, and replacements (July 15, 2015)
On the security of our processes and infrastructure (September 8, 2011)
Kernel.org's road to recovery (October 4, 2011)
On keys, trust, and webs (October 5, 2011)
KS2011: Kernel.org report (October 24, 2011)
Safeguarding GNOME.org with an upload lockdown (November 16, 2011)
Fusil: a Python fuzzing library (March 11, 2009)
Fuzz and strings (November 19, 2014)
Filesystem fuzzing (March 18, 2015)
Fuzzing perf_events (August 5, 2015)
Fuzzing with american fuzzy lop (September 22, 2015)
Coverage-guided kernel fuzzing with syzkaller (March 2, 2016)
Fuzzing filesystems with AFL (April 27, 2016)
A trio of fuzzers (November 9, 2016)
Fuzzing open source (January 4, 2017)
More from the testing and fuzzing microconference (October 4, 2017)
A survey of some free fuzzing tools (January 17, 2018)
CVE-less vulnerabilities (June 25, 2019)
Scrutinizing bugs found by syzbot (October 13, 2021)
GCC and pointer overflows (April 16, 2008)
Comparing GCC and Clang security features (September 12, 2019)
Supporting CHERI capabilities in GCC and glibc (September 26, 2022)
A vulnerability in Git (March 10, 2021)
Two glibc vulnerabilities (October 27, 2010)
The ups and downs of strlcpy() (July 18, 2012)
Adding strlcpy() to glibc (September 17, 2014)
The Glibc DNS resolution vulnerability (February 24, 2016)
An update on GnuPG (October 10, 2017)
Future directions for PGP (January 3, 2018)
A schism in the OpenPGP world (December 6, 2023)
Security processes and the X.org flaw (January 25, 2012)
XDC2012: Graphics stack security (September 25, 2012)
Security hardening for Debian (February 6, 2008)
LSS: The kernel hardening roundtable (September 15, 2011)
Debian and Suhosin (February 8, 2012)
Shadow hardening (March 21, 2012)
Kernel security: beyond bug fixing (October 28, 2015)
Post-init read-only memory (December 2, 2015)
Two approaches to reference count hardening (July 7, 2016)
State of the Kernel Self Protection Project (August 31, 2016)
A pair of GCC plugins (January 25, 2017)
A return-oriented programming defense from OpenBSD (August 30, 2017)
OpenBSD's unveil() (September 28, 2018)
Hardening the "file" utility for Debian (August 14, 2019)
OpenBSD system-call-origin verification (December 11, 2019)
Handling brute force attacks in the kernel (March 17, 2021)
OpenBSD system-call pinning (January 31, 2024)
Attacking network cards (May 28, 2008)
WebGL vulnerabilities (May 25, 2011)
Trusting the hardware too much (February 15, 2012)
Stealthy network penetration (July 25, 2012)
Attacking full-disk encryption with Inception (January 9, 2013)
BadUSB: Clever but not novel (August 13, 2014)
The dangers from component firmware (September 4, 2014)
Hardware technologies for securing containers (September 10, 2015)
A kernel TEE party (March 15, 2017)
ARM pointer authentication (April 5, 2017)
Intel's zero-day problem (May 3, 2017)
USBGuard: authorization for USB (November 8, 2017)
Notes from the Intelpocalypse (January 4, 2018)
Meltdown strikes back: the L1 terminal fault vulnerability (August 14, 2018)
Toward better handling of hardware vulnerabilities (September 12, 2018)
Live patching for CPU vulnerabilities (December 20, 2018)
The Thunderclap vulnerabilities (March 6, 2019)
Grand Schemozzle: Spectre continues to haunt (August 8, 2019)
OpenSSH bug falls through the cracks (April 9, 2008)
The Freedom Box gets off the ground (February 23, 2011)
LinuxCon: FreedomBox update and plans (August 24, 2011)
Can FreedomBox be an alternative to commercial home routers? (July 4, 2012)
Picking a MAC address for a FreedomBox (December 5, 2012)
A look at FreedomBox 0.2 (May 29, 2014)
The EFF launches a router project (July 29, 2014)
What's new in FreedomBox 0.3 (January 28, 2015)
Linux/Moose: Interesting but ineffective (June 3, 2015)
Previewing OpenWrt 15.05 (July 1, 2015)
WiFi routers: from lockdown to lock-open (October 14, 2015)
New functionality and polish in FreedomBox 0.9 (June 2, 2016)
The Turris Omnia router: help for the IoT mess? (November 2, 2016)
Turris: secure open-source routers (March 13, 2019)
Bandit: multi-protocol identity management (September 26, 2007)
OpenID 2.0 closing in on acceptance (October 31, 2007)
OpenID Connect (June 2, 2010)
The end of OpenID? (February 2, 2011)
BrowserID: A new web authentication scheme (July 27, 2011)
SSSD: System Security Services Daemon (September 27, 2011)
FreeIPA: centralized identity management for Linux (December 11, 2012)
PyCon: Mozilla Persona (March 20, 2013)
OpenID for authentication (December 7, 2016)
Schneier on incident response (September 24, 2014)
Our devices are spilling our secrets (August 1, 2007)
Sanitizing kernel memory (May 27, 2009)
Page sanitization, part 2 (June 3, 2009)
The HTTPS bicycle attack (January 20, 2016)
Scanning for secrets (April 7, 2021)
Preventing information leaks from ext4 filesystems (April 27, 2021)
Bootstrappable builds (January 6, 2021)
A possible step toward integrity measurement for Fedora (January 8, 2021)
Adding fs-verity support for Fedora 36? (December 14, 2021)
Another Fedora integrity-management proposal (January 4, 2022)
Integrity management in the kernel (March 28, 2007)
System integrity in Linux (December 3, 2008)
Integrity management using Intel TXT (April 1, 2009)
Enabling DRM in the kernel? (May 20, 2009)
Enabling Intel TXT in Fedora (April 7, 2010)
The return of EVM (June 30, 2010)
UEFI and "secure boot" (June 15, 2011)
Fedora reexamines "trusted boot" (June 29, 2011)
An update on UEFI secure boot (October 26, 2011)
IMA appraisal extension (March 28, 2012)
LSS: Integrity for directories and special files (September 19, 2012)
Integrity and embedded devices (October 2, 2013)
Docker image "verification" (January 7, 2015)
Android Verified Boot (April 1, 2015)
Toward measured boot out of the box (September 8, 2016)
File-level integrity (April 27, 2018)
A kernel integrity subsystem update (May 2, 2018)
Signing and distributing Gentoo (July 11, 2018)
Protecting files with fs-verity (August 30, 2018)
A setback for fs-verity (January 3, 2019)
Yet another try for fs-verity (June 3, 2019)
The future for general-purpose computing (December 9, 2020)
SCADA system vulnerabilities (June 11, 2008)
Deep packet inspection (July 23, 2008)
Pogoplug makes internet data sharing easy (December 9, 2009)
TCP cookie transactions (December 16, 2009)
Security in the 20-teens (February 1, 2010)
The Freedom Box gets off the ground (February 23, 2011)
Phantom: Decentralized anonymous networking (June 8, 2011)
Unpredictable sequence numbers (August 17, 2011)
LinuxCon: FreedomBox update and plans (August 24, 2011)
A hole in telnetd (January 4, 2012)
Cyberoam deep packet inspection and certificates (July 11, 2012)
Picking a MAC address for a FreedomBox (December 5, 2012)
Inferring TCP sequence numbers (January 3, 2013)
Encouraging a wider view (September 25, 2013)
Practical security for 2014 (January 10, 2014)
XMPP switches on mandatory encryption (May 21, 2014)
A look at FreedomBox 0.2 (May 29, 2014)
What's new in FreedomBox 0.3 (January 28, 2015)
New functionality and polish in FreedomBox 0.9 (June 2, 2016)
Resisting the centralization of network infrastructure (August 17, 2016)
STARTTLS considered harmful (August 18, 2021)
Internet censorship and OONI (May 9, 2012)
Weaponizing middleboxes (September 21, 2021)
Capturing web attacks with open proxy honeypots (July 3, 2007)
Creating an SSH honeypot (March 11, 2021)
Home routers and security flaws (October 10, 2007)
Linux adds router denial-of-service prevention (March 17, 2010)
The EFF launches a router project (July 29, 2014)
WiFi routers: from lockdown to lock-open (October 14, 2015)
The Turris Omnia router: help for the IoT mess? (November 2, 2016)
Turris: secure open-source routers (March 13, 2019)
SOPA and PIPA (January 18, 2012)
Cybersecurity and CISPA (May 2, 2012)
Eavesdropping on Tor traffic (September 12, 2007)
TorProxy and Shadow (October 14, 2009)
Tor offers SSL obfuscation for users behind censorship walls (February 15, 2012)
GUADEC: Imagining Tor built-in to GNOME (August 8, 2012)
DeadDrop and Strongbox (May 22, 2013)
Tor peels back Browser Bundle 3.0 alpha (June 19, 2013)
Tor and browser vulnerabilities (August 7, 2013)
Spoiled onions and Tor exit relays (January 29, 2014)
Stem 1.3 makes hidden services easier to deploy (February 11, 2015)
Direct onion services over Tor (April 15, 2015)
Easier and more secure browsing in Tor Browser 4.5 (April 29, 2015)
Tor and library freedom (August 5, 2015)
Shifting feature sets and search engines in Tor Browser 6 (June 2, 2016)
The Internet of Onions (August 3, 2016)
CloudFlare, Tor, and eliminating CAPTCHAs (October 5, 2016)
Tor gets financial support for Arti development (July 20, 2021)
The Skype outage (August 22, 2007)
"Vishing" advisory targets Asterisk (December 17, 2008)
Book Review: Hacking VoIP (January 28, 2009)
A trojan for Skype (September 2, 2009)
The Internet of scary things (February 1, 2017)
Antipatterns in IoT security (September 13, 2017)
Open-source trusted computing for IoT (February 21, 2018)
The properties of secure IoT devices (September 17, 2019)
Auditing io_uring (June 3, 2021)
What chroot() is really for (October 3, 2007)
Web security vulnerabilities and Javascript (January 23, 2008)
All the malware that's fit to print (September 16, 2009)
On the security of our processes and infrastructure (September 8, 2011)
Kernel.org's road to recovery (October 4, 2011)
KS2011: Kernel.org report (October 24, 2011)
An ancient kernel hole is closed (August 18, 2010)
Encouraging a wider view (September 25, 2013)
Security and boundaries (August 20, 2014)
Schneier on incident response (September 24, 2014)
The bug parade meets the zombies (October 1, 2014)
Kubernetes & security (April 19, 2017)
BPF for security—and chaos—in Kubernetes (June 10, 2019)
SOPA and PIPA (January 18, 2012)
Cybersecurity and CISPA (May 2, 2012)
Stockpiling zero-day vulnerabilities (August 15, 2012)
Bringing encryption restrictions in through the back door (March 18, 2020)
revoke() returns (December 18, 2007)
vmsplice(): the making of a local root exploit (February 12, 2008)
The rest of the vmsplice() exploit story (March 4, 2008)
Handling kernel security problems (July 16, 2008)
Kernel security, year to date (September 9, 2008)
System calls and rootkits (September 10, 2008)
DR rootkit released under the GPL (September 10, 2008)
The future for grsecurity (January 7, 2009)
Seccomp and sandboxing (May 13, 2009)
Sanitizing kernel memory (May 27, 2009)
Page sanitization, part 2 (June 3, 2009)
Fun with NULL pointers, part 1 (July 20, 2009)
Fun with NULL pointers, part 2 (July 21, 2009)
Null pointers, one month later (August 18, 2009)
/proc and directory permissions (October 28, 2009)
Another null pointer exploit (November 4, 2009)
The x86_64 DOS hole (February 2, 2010)
2.6.32.9 Release notes (February 21, 2010)
Linux adds router denial-of-service prevention (March 17, 2010)
Symbolic links in "sticky" directories (June 2, 2010)
An ancient kernel hole is closed (August 18, 2010)
The hazards of 32/64-bit compatibility (September 22, 2010)
Trusted and encrypted keys (October 6, 2010)
Kernel vulnerabilities: old or new? (October 19, 2010)
Pathname-based hooks for SELinux? (December 8, 2010)
Extending the use of RO and NX (January 12, 2011)
Protecting /proc/slabinfo (March 9, 2011)
Seccomp: replacing security modules? (May 16, 2011)
Kernel address randomization (May 24, 2011)
Seccomp filters: No clear path (July 7, 2011)
Reactive vs. pro-active kernel security (July 13, 2011)
LSS: The kernel hardening roundtable (September 15, 2011)
Loading signed kernel modules (December 7, 2011)
Fixing the symlink race problem (December 14, 2011)
A privilege escalation via SCSI pass-through (January 4, 2012)
Yet another new approach to seccomp (January 11, 2012)
System call filtering and no_new_privs (January 18, 2012)
A /proc/PID/mem vulnerability (January 25, 2012)
Tightening security: not for the impatient (June 27, 2012)
Preparing the kernel for UEFI secure boot (September 6, 2012)
KS2012: Module signing (September 6, 2012)
LSS: Kernel security subsystem reports (September 26, 2012)
Supervisor mode access prevention (September 26, 2012)
The module signing endgame (November 21, 2012)
A rootkit dissected (November 21, 2012)
Filtering SCSI commands (January 30, 2013)
A story of three kernel vulnerabilities (February 19, 2013)
Opening up kernel security bug handling (September 11, 2013)
BSD-style securelevel comes to Linux — again (September 11, 2013)
Kernel address space layout randomization (October 9, 2013)
Two LSS talks (October 9, 2013)
A proposal for "silent" port knocking (December 18, 2013)
Known-exploit detection for the kernel (December 18, 2013)
An x32 local exploit (February 5, 2014)
Adding CPU randomness to the entropy pool (February 19, 2014)
Unmixing the pool (March 12, 2014)
Who audits the audit code? (May 29, 2014)
Reworking kexec for signatures (June 25, 2014)
Capsicum for Linux (July 2, 2014)
A system call for random numbers: getrandom() (July 23, 2014)
SELinux on Android (August 27, 2014)
The security state of KVM (November 12, 2014)
The trouble with dropping groups (November 19, 2014)
Kernel support for SYN packet fingerprinting (May 20, 2015)
Firmware signing (May 27, 2015)
Enforcing mount options for sysfs and proc (June 10, 2015)
Nested NMIs lead to CVE-2015-3290 (August 26, 2015)
A seccomp overview (September 2, 2015)
Unprivileged bpf() (October 12, 2015)
Looking at a few recent kernel security holes (October 21, 2015)
Kernel security: beyond bug fixing (October 28, 2015)
Security part 2 (November 4, 2015)
TLS in the kernel (December 2, 2015)
Post-init read-only memory (December 2, 2015)
Encrypted file backup for ext4 (December 16, 2015)
User namespaces overlayfs = root privileges (January 13, 2016)
Controlling access to user namespaces (January 27, 2016)
A slow path to a fast fix (March 23, 2016)
A new stable security tree (April 13, 2016)
Replacing /dev/urandom (May 4, 2016)
Virtually mapped kernel stacks (June 22, 2016)
Virtually mapped stacks 2: thread_info strikes back (June 29, 2016)
Two approaches to reference count hardening (July 7, 2016)
Four new Android privilege escalations (August 10, 2016)
Audit, namespaces, and containers (September 8, 2016)
Dirty COW and clean commit messages (October 21, 2016)
Defending against Rowhammer in the kernel (October 28, 2016)
SipHash in the kernel (January 10, 2017)
A pair of GCC plugins (January 25, 2017)
The case of the prematurely freed SKB (February 28, 2017)
refcount_t meets the network stack (March 29, 2017)
ARM pointer authentication (April 5, 2017)
Grsecurity goes private (May 4, 2017)
A farewell to set_fs()? (May 10, 2017)
Preventing stack guard-page hopping (June 19, 2017)
Attacking the kernel via its command line (June 20, 2017)
Ripples from Stack Clash (June 28, 2017)
Rethinking the Stack Clash fix (July 13, 2017)
Faster reference-count overflow protection (July 24, 2017)
unsafe_put_user() turns out to be unsafe (October 13, 2017)
KAISER: hiding the kernel from user space (November 15, 2017)
MAP_FIXED_SAFE (December 13, 2017)
The current state of kernel page-table isolation (December 20, 2017)
Notes from the Intelpocalypse (January 4, 2018)
Addressing Meltdown and Spectre in the kernel (January 5, 2018)
Meltdown/Spectre mitigation for 4.15 and beyond (January 15, 2018)
Meltdown and Spectre mitigations — a February update (February 5, 2018)
Kernel lockdown in 4.17? (April 2, 2018)
Kernel lockdown locked out — for now (April 6, 2018)
Kernel support for control-flow enforcement (June 25, 2018)
The return of the lockdown patches (April 3, 2019)
Control-flow integrity for the kernel (January 22, 2020)
Finer-grained kernel address-space layout randomization (February 19, 2020)
Challenges in protecting virtual machines from untrusted entities (December 1, 2020)
Patching until the COWs come home (part 1) (March 22, 2021)
Patching until the COWs come home (part 2) (March 25, 2021)
Intentionally buggy commits for fame—and papers (April 21, 2021)
Control-flow integrity in 5.13 (May 21, 2021)
Handling argc==0 in the kernel (January 28, 2022)
Shadow stacks for user space (February 21, 2022)
User-space shadow stacks (maybe) for 6.4 (March 24, 2023)
Shadow stacks for 64-bit Arm systems (August 7, 2023)
Kernel security reporting for distributions (August 16, 2023)
A turning point for CVE numbers (February 14, 2024)
Improving control-flow integrity for Linux on RISC-V (June 13, 2024)
Address-space layout randomization
Increasing the range of address-space layout randomization (December 16, 2015)
When ELF notes reveal too much (February 22, 2024)
BPF for security—and chaos—in Kubernetes (June 10, 2019)
Reconsidering unprivileged BPF (August 16, 2019)
Kernel runtime security instrumentation (September 4, 2019)
Toward signed BPF programs (April 22, 2021)
Spectre revisits BPF (June 24, 2021)
Taming the BPF superpowers (September 29, 2021)
BPF and security (October 4, 2023)
Credential records (September 25, 2007)
Reconsidering Speck (August 8, 2018)
Adiantum: encryption for the low end (January 16, 2019)
Supporting PGP keys and signatures in the kernel (January 25, 2022)
Filesystem mounts in user namespaces (July 29, 2015)
Restricting pathname resolution with AT_NO_JUMPS (May 17, 2017)
Filesystem sandboxing with eBPF (November 6, 2019)
Two PaX features move toward the mainline (December 23, 2015)
Sigreturn-oriented programming and its mitigation (February 24, 2016)
Hardened usercopy (August 3, 2016)
Disallowing perf_event_open() (August 3, 2016)
State of the Kernel Self Protection Project (August 31, 2016)
The status of kernel hardening (November 2, 2016)
The bumpy road to reference-count protection in the kernel (November 16, 2016)
Randomizing structure layout (May 11, 2017)
The "rare write" mechanism (June 1, 2017)
Hardened usercopy whitelisting (July 7, 2017)
A canary for timer-expiration functions (August 16, 2017)
What's the best way to prevent kernel pointer leaks? (October 5, 2017)
Restricting automatic kernel-module loading (December 4, 2017)
Preventing kernel-stack leaks (March 7, 2018)
A "runtime guard" for the kernel (March 21, 2018)
Read-only dynamic data (March 27, 2018)
C considered dangerous (August 29, 2018)
Trying to get STACKLEAK into the kernel (September 12, 2018)
An end to implicit fall-throughs in the kernel (August 1, 2019)
Safer flexible arrays for the kernel (September 22, 2022)
Better handling of integer wraparound in the kernel (January 26, 2024)
Hardening the kernel against heap-spraying attacks (March 21, 2024)
LCA: How to improve Debian security (January 17, 2007)
Fixing CAP_SETPCAP (October 31, 2007)
Restricting root with per-process securebits (April 30, 2008)
Filesystem capabilities in Fedora 10 (January 7, 2009)
Another Linux capabilities hole found (April 15, 2009)
Linux capabilities support for user namespaces (December 22, 2010)
Capabilities for loading network modules (March 2, 2011)
CAP_SYS_ADMIN: the new root (March 14, 2012)
Inheriting capabilities (February 11, 2015)
Namespaced file capabilities (June 30, 2017)
A crop of new capabilities (June 8, 2020)
Live patching for CPU vulnerabilities (December 20, 2018)
Loading modules from file descriptors (October 10, 2012)
A crypto module loading vulnerability (January 28, 2015)
Locking down module parameters (December 7, 2016)
Passive OS fingerprinting added to netfilter (June 10, 2009)
Unpredictable sequence numbers (August 17, 2011)
Inferring TCP sequence numbers (January 3, 2013)
The TCP "challenge ACK" side channel (August 10, 2016)
The TCP SACK panic (June 19, 2019)
Fingerprinting systems with TCP source-port selection (October 6, 2022)
On entropy and randomness (December 12, 2007)
Linux ASLR vulnerabilities (April 29, 2009)
Random numbers for ASLR (May 13, 2009)
The search for truly random numbers in the kernel (September 18, 2013)
Random numbers from CPU execution time jitter (April 29, 2015)
Waiting for entropy (June 6, 2017)
Initializing the entropy pool using RDRAND and friends (July 24, 2018)
FIPS-compliant random numbers for the kernel (December 7, 2021)
Uniting the Linux random-number devices (February 16, 2022)
Pitchforks for RDSEED (February 8, 2024)
A RDRAND followup (February 26, 2024)
Checkpoint and restore for seccomp filters (September 30, 2015)
The inherent fragility of seccomp() (November 10, 2017)
Deferring seccomp decisions to user space (June 2, 2018)
vDSO, 32-bit time, and seccomp (August 2, 2019)
Deep argument inspection for seccomp (September 18, 2019)
PostgreSQL considers seccomp() filters (October 1, 2019)
Seccomp and deep argument inspection (June 10, 2020)
Seccomp user-space notification and signals (April 9, 2021)
eBPF seccomp() filters (May 31, 2021)
System-call interception for unprivileged containers (June 29, 2022)
Trusting the hardware too much (February 15, 2012)
Filesystem fuzzing (March 18, 2015)
Fuzzing perf_events (August 5, 2015)
Software-tag-based KASAN (September 26, 2018)
Scrutinizing bugs found by syzbot (October 13, 2021)
Finding bugs with sanitizers (September 27, 2022)
New AT_ flags for restricting pathname lookup (October 4, 2018)
Restricting path name lookup with openat2() (August 22, 2019)
A kernel security hole (January 16, 2008)
Virtual private networks with WireGuard (March 6, 2018)
WireGuarding the mainline (August 6, 2018)
Zinc: a new kernel cryptography API (November 6, 2018)
Whither WireGuard? (March 25, 2019)
WireGuard and the crypto API (October 16, 2019)
Avoiding page reference-count overflows (April 16, 2019)
The Sequoia seq_file vulnerability (July 21, 2021)
Linux malware: an incident and some solutions (December 23, 2009)
Stackable security modules (November 10, 2004)
Linux security non-modules and AppArmor (June 27, 2007)
Smack for simplified access control (August 8, 2007)
SMACK meets the One True Security Module (October 2, 2007)
The future of AppArmor (October 17, 2007)
LSM: loadable or static? (October 24, 2007)
Kernel-based malware scanning (December 4, 2007)
TOMOYO Linux and pathname-based security (April 14, 2008)
OLS: Smack for embedded devices (August 6, 2008)
Snet and the LSM API (January 28, 2009)
Restricting the network (January 6, 2010)
FBAC-LSM (January 13, 2010)
LSM stacking (again) (June 23, 2010)
Pathname-based hooks for SELinux? (December 8, 2010)
Supporting multiple LSMs (February 9, 2011)
MeeGo rethinks privacy protection (April 13, 2011)
Seccomp: replacing security modules? (May 16, 2011)
LSS: LSM roundtable (September 14, 2011)
LSS: Security modules and RPM (October 3, 2012)
Another LSM stacking approach (October 3, 2012)
The return of loadable security modules? (November 28, 2012)
Talking Smack for Tizen security (June 5, 2013)
KPortReserve and the multi-LSM problem (August 14, 2013)
Two LSS talks (October 9, 2013)
Progress in security module stacking (March 11, 2015)
Writing your own security module (February 10, 2016)
The LoadPin security module (April 6, 2016)
Safename: restricting "dangerous" file names (May 11, 2016)
Sandboxing with the Landlock security module (October 19, 2016)
A "runtime guard" for the kernel (March 21, 2018)
The sidechannel LSM (August 21, 2018)
XFS, LSM, and low-level management APIs (October 2, 2018)
Kernel runtime security instrumentation (September 4, 2019)
SGX and security modules (September 11, 2019)
LSM stacking and the future (November 20, 2019)
The integrity policy enforcement security module (April 16, 2020)
Handling brute force attacks in the kernel (March 17, 2021)
Landlock (finally) sets sail (June 17, 2021)
Still waiting for stackable security modules (October 31, 2022)
Adding system calls for Linux security modules (January 4, 2023)
Full Disclosure back in full (April 2, 2014)
Infected Linux web servers pushing malware (May 15, 2013)
Plug-and-play sanitization of USB thumb drives (December 17, 2014)
Lenovo and Superfish (February 25, 2015)
Notes from the Intelpocalypse (January 4, 2018)
Addressing Meltdown and Spectre in the kernel (January 5, 2018)
A look at the handling of Meltdown and Spectre (January 9, 2018)
Meltdown/Spectre mitigation for 4.15 and beyond (January 15, 2018)
The effect of Meltdown and Spectre in our communities (January 31, 2018)
Meltdown and Spectre mitigations — a February update (February 5, 2018)
The strange story of the ARM Meltdown-fix backport (March 15, 2018)
Finding Spectre vulnerabilities with smatch (April 20, 2018)
Spectre V1 defense in GCC (July 10, 2018)
Meltdown strikes back: the L1 terminal fault vulnerability (August 14, 2018)
The sidechannel LSM (August 21, 2018)
Strengthening user-space Spectre v2 protection (September 5, 2018)
Toward better handling of hardware vulnerabilities (September 12, 2018)
Fighting Spectre with cache flushes (October 15, 2018)
Grand Schemozzle: Spectre continues to haunt (August 8, 2019)
Spectre revisits BPF (June 24, 2021)
Rustls: memory safety for TLS (May 4, 2021)
Android's first vulnerability (November 5, 2008)
Android application security (February 4, 2009)
What lessons can be learned from the iPhone worms? (November 11, 2009)
GSM encryption crack made public (January 6, 2010)
FOSDEM'10: Maemo 6 platform security (February 10, 2010)
Remotely wiping mobile phones (September 15, 2010)
Questions about Android's security model (October 6, 2010)
Bluepot: A honeypot for Bluetooth attacks (February 16, 2011)
Guardian: Better privacy and security for Android (May 11, 2011)
Phones and permissions (June 2, 2011)
Password storage on Android devices (August 3, 2011)
App confinement for Ubuntu mobile devices (April 24, 2013)
Talking Smack for Tizen security (June 5, 2013)
Tizen content scanning and app obfuscation (June 12, 2013)
Subverting Android package verification (July 10, 2013)
CyanogenMod's incognito mode (July 24, 2013)
CyanogenMod Account: Remotely track or wipe phones (August 21, 2013)
Secure text messaging for CyanogenMod (December 12, 2013)
The Android AppOps vanishing act (December 18, 2013)
Apple and the US Department of Justice (October 28, 2015)
Apple, iPhones, and encryption (March 16, 2016)
Eelo seeks to make a privacy-focused phone (January 10, 2018)
Felony PGP (August 3, 2016)
HTTPS interception in Nokia's mobile browser (January 23, 2013)
Distributions face the MoinMoin and Rails vulnerabilities (January 9, 2013)
MySQL flaw leaves some systems wide open (June 13, 2012)
Linux capabilities support for user namespaces (December 22, 2010)
Anatomy of a user namespaces vulnerability (March 20, 2013)
Filesystem mounts in user namespaces (July 29, 2015)
User namespaces overlayfs = root privileges (January 13, 2016)
Controlling access to user namespaces (January 27, 2016)
Namespaced file capabilities (June 30, 2017)
Progress on Zinc (thus WireGuard) (September 26, 2018)
Unpredictable sequence numbers (August 17, 2011)
Inferring TCP sequence numbers (January 3, 2013)
GNU virtual private Ethernet (November 20, 2013)
Kernel support for SYN packet fingerprinting (May 20, 2015)
The TCP "challenge ACK" side channel (August 10, 2016)
The Tahoe secure filesystem (April 30, 2008)
Decentralized storage with Camlistore (April 23, 2014)
Hiding open ports with shimmer (January 9, 2008)
A proposal for "silent" port knocking (December 18, 2013)
The TCP SACK panic (June 19, 2019)
USB device authorization (July 17, 2007)
Holes in the WiFi (May 12, 2021)
The leap second of doom (August 1, 2012)
Several vulnerabilities found in NTP (December 25, 2014)
A GPSD time warp (August 4, 2021)
Bitfrost: the OLPC security model (February 7, 2007)
OLPC's software update problem (July 3, 2007)
OpenBSD kernel address randomized link (July 12, 2017)
A return-oriented programming defense from OpenBSD (August 30, 2017)
OpenBSD's unveil() (September 28, 2018)
mimmutable() for OpenBSD (December 9, 2022)
OpenBSD system-call pinning (January 31, 2024)
BadBunny? Only if you invite it in (June 12, 2007)
An odd vulnerability report for LibreOffice (October 5, 2011)
OpenOffice and document encryption portability (March 28, 2012)
OpenOffice and CVE-2015-1774 (July 8, 2015)
Apache OpenOffice and CVE-2016-1513 (July 27, 2016)
The odd saga of CVE-2012-5639 (January 10, 2024)
OpenSSH bug falls through the cracks (April 9, 2008)
OpenSSH and keystroke timings (September 17, 2008)
SSH plaintext recovery vulnerability (November 19, 2008)
Crying wolf over OpenSSH (July 15, 2009)
Distributed brute force ssh attacks (October 21, 2009)
SSH: passwords or keys? (January 13, 2010)
Trust, but verify (February 17, 2010)
What's new in OpenSSH 6.2 (March 27, 2013)
What's new in OpenSSH 6.5 (and 6.6) (March 19, 2014)
OpenSSH 6.7 will bring socket forwarding and more (August 27, 2014)
Host-key rotation and more in OpenSSH 6.8 (March 18, 2015)
OpenSSH and the dangers of unused code (January 20, 2016)
Restricting SSH agent keys (January 5, 2022)
Debian, OpenSSL, and a lack of cooperation (May 14, 2008)
Debian vulnerability has widespread effects (May 14, 2008)
OpenSSL and IPv6 (March 14, 2012)
A new Dual EC DRBG flaw (January 1, 2014)
Heartbleed bug exposes OpenSSL installations (April 9, 2014)
OpenBSD and the latest OpenSSL bugs (June 11, 2014)
OpenSSL's new security policy (September 17, 2014)
OpenSSL after Heartbleed (October 6, 2016)
LibreSSL languishes on Linux (January 4, 2021)
oCERT and oss-security (June 4, 2008)
Typosquatting in package repositories (July 20, 2016)
event-stream, npm, and trust (November 28, 2018)
Further analysis of PyPI typosquatting (October 14, 2020)
Adding auditing to pip (August 9, 2022)
A hole in crypt_blowfish (June 22, 2011)
Cracking the Ashley Madison passwords (October 28, 2015)
Enforcing password strength (October 12, 2011)
A Periodic Table of password managers (November 9, 2011)
Shadow hardening (March 21, 2012)
Responsible disclosure in open source: The crypt() vulnerability (June 6, 2012)
MySQL flaw leaves some systems wide open (June 13, 2012)
The S-CRIB password scrambler (March 26, 2014)
Fedora and "strong" passwords (February 4, 2015)
Fedora revisits password policies (April 8, 2015)
Reliably generating good passwords (February 8, 2017)
A look at password managers (February 15, 2017)
The case against password hashers (February 22, 2017)
Adding a "duress" password with PAM Duress (August 24, 2021)
Redirecting browser tabs via "tabnabbing" (May 26, 2010)
Oxford blocks Google Docs as a phishing countermeasure (March 7, 2013)
Debian and Suhosin (February 8, 2012)
Scanning for PHP vulnerabilities with Pixy (June 27, 2007)
"Evil Maid" attack against disk encryption (October 28, 2009)
Attacking full-disk encryption with Inception (January 9, 2013)
Thwarting the "evil maid" (July 15, 2015)
SE-PostgreSQL uses SELinux for database security (July 18, 2007)
Our devices are spilling our secrets (August 1, 2007)
Eavesdropping on Tor traffic (September 12, 2007)
Email privacy (November 7, 2007)
Another kind of cookie (October 29, 2008)
GUADEC: Danny O'Brien on privacy, encryption, and the desktop (August 4, 2010)
Thwarting internet censors with Collage (September 1, 2010)
Private browsing: not so private? (September 22, 2010)
Web tracking and "Do Not Track" (January 26, 2011)
Developments in web tracking protection (April 20, 2011)
The Amnesic Incognito Live System: A live CD for anonymity (April 27, 2011)
Phantom: Decentralized anonymous networking (June 8, 2011)
GNUnet adds VPN, direct wireless peering, and more (December 21, 2011)
LCA: Jacob Appelbaum on surveillance and censorship (January 25, 2012)
Tracking users (February 8, 2012)
The perils of desktop tracking (April 18, 2012)
The perils of big data (August 29, 2012)
Do Not Track Does Not Conquer (October 17, 2012)
Privacyfix (October 24, 2012)
Mozilla versus the cookie monster (June 26, 2013)
NSA surveillance and "foreigners" (July 17, 2013)
The Android AppOps vanishing act (December 18, 2013)
Tails reaches 1.0 (April 30, 2014)
Privacy Badger gives teeth to Do Not Track (May 7, 2014)
Matthew Garrett calls for the private, secure desktop (July 30, 2014)
Where to store your encrypted data (October 22, 2014)
Lenovo and Superfish (February 25, 2015)
Encryption, the NSA, and the front door (April 22, 2015)
Speed and bandwidth improvements with Firefox Tracking Protection (May 28, 2015)
Privacy questions for Iceweasel (July 22, 2015)
Decentralization for the web (July 29, 2015)
Tor and library freedom (August 5, 2015)
Resisting the centralization of network infrastructure (August 17, 2016)
CloudFlare, Tor, and eliminating CAPTCHAs (October 5, 2016)
Django debates user tracking (November 30, 2016)
Guarding personally identifiable information (June 7, 2017)
Steps toward a privacy-preserving phone (October 5, 2017)
Eelo seeks to make a privacy-focused phone (January 10, 2018)
Recent improvements to Tor (March 28, 2018)
Fedora, UUIDs, and user tracking (January 15, 2019)
Browsers, web sites, and user tracking (February 5, 2020)
The future for general-purpose computing (December 9, 2020)
PureOS: freedom, privacy, and security (December 23, 2020)
A replacement for third-party cookies? (May 5, 2021)
Mozilla Rally: trading privacy for the "public good" (June 30, 2021)
Scanning "private" content (August 11, 2021)
Rollercoaster: group messaging for mix networks (November 17, 2021)
Goodbye FLoC, hello Topics (January 26, 2022)
Trojan Source: tricks (no treats) with Unicode (November 3, 2021)
Reviving Python restricted mode (March 4, 2009)
Python adopts SipHash (November 27, 2013)
Python, SSL/TLS certificates and default validation (January 29, 2014)
The state of crypto in Python (April 30, 2014)
Backporting network security enhancements from Python 3.4 (July 30, 2014)
Python decides for certificate validation (September 10, 2014)
Protecting Python package downloads (January 14, 2015)
Python and crypto-strength random numbers by default (September 16, 2015)
A Python secrets module (October 7, 2015)
Fallout from the Python certificate verification change (December 2, 2015)
Python's os.urandom() in the absence of entropy (July 10, 2016)
A unified TLS API for Python (January 19, 2017)
Python ssl module update (June 1, 2017)
Remote imports for Python? (August 30, 2017)
Python security transparency (September 6, 2017)
Further analysis of PyPI typosquatting (October 14, 2020)
Python cryptography, Rust, and Gentoo (February 10, 2021)
A pair of Python vulnerabilities (February 24, 2021)
Trojan Source and Python (November 16, 2021)
Adding auditing to pip (August 9, 2022)
A Python security fix breaks (some) bignums (September 14, 2022)
PyTorch and the PyPI supply chain (January 11, 2023)
Insecurity and Python pickles (March 12, 2024)
Exploiting races in system call wrappers (August 15, 2007)
Exploiting symlinks and tmpfiles (September 19, 2007)
Symbolic links in "sticky" directories (June 2, 2010)
Seunshare, /tmp directories, and the "sticky" bit (March 2, 2011)
Fixing the symlink race problem (December 14, 2011)
A vulnerability in Git (March 10, 2021)
On entropy and randomness (December 12, 2007)
The dangers of weak random numbers (February 20, 2008)
Debian, OpenSSL, and a lack of cooperation (May 14, 2008)
Debian vulnerability has widespread effects (May 14, 2008)
Linux ASLR vulnerabilities (April 29, 2009)
Random numbers for ASLR (May 13, 2009)
Quantum random numbers (April 25, 2012)
Random numbers for embedded devices (July 17, 2012)
LCE: Don't play dice with random numbers (November 20, 2012)
Sharing random bits with Entropy Broker (April 10, 2013)
The search for truly random numbers in the kernel (September 18, 2013)
A new Dual EC DRBG flaw (January 1, 2014)
Adding CPU randomness to the entropy pool (February 19, 2014)
Unmixing the pool (March 12, 2014)
A system call for random numbers: getrandom() (July 23, 2014)
OpenBSD routes around POSIX (December 10, 2014)
A verifiable source of random numbers (January 21, 2015)
Random numbers from CPU execution time jitter (April 29, 2015)
Entropy with NeuG (June 10, 2015)
Randomness with OneRNG and NeuG (June 24, 2015)
Python and crypto-strength random numbers by default (September 16, 2015)
Random number scalability (September 28, 2015)
A Python secrets module (October 7, 2015)
Other approaches to random number scalability (October 21, 2015)
Randomness in the web browser (December 2, 2015)
Replacing /dev/urandom (May 4, 2016)
Python's os.urandom() in the absence of entropy (July 10, 2016)
Waiting for entropy (June 6, 2017)
Initializing the entropy pool using RDRAND and friends (July 24, 2018)
FIPS-compliant random numbers for the kernel (December 7, 2021)
The Application Security Desk Reference (June 18, 2008)
A white paper on comparative browser security (December 14, 2011)
Assessing risk with the Core Infrastructure Initiative (July 22, 2015)
Security research: buy low, sell high? (July 11, 2007)
Inside the Volkswagen emissions cheating (January 6, 2016)
Improving control-flow integrity for Linux on RISC-V (June 13, 2024)
System calls and rootkits (September 10, 2008)
DR rootkit released under the GPL (September 10, 2008)
A rootkit dissected (November 21, 2012)
Ruby security flaws expose release process problems (July 2, 2008)
GitHub incidents spawns Rails security debate (March 7, 2012)
Distributions face the MoinMoin and Rails vulnerabilities (January 9, 2013)
Python cryptography, Rust, and Gentoo (February 10, 2021)
Eee PC security or lack thereof (February 13, 2008)
The long road to a fix for CVE-2021-20316 (February 10, 2022)
Google's Chromium sandbox (August 19, 2009)
A library for seccomp filters (April 25, 2012)
The failure of pysandbox (November 20, 2013)
Python bindings added for libseccomp 2.2.0 (March 4, 2015)
Domesticating applications, OpenBSD style (July 21, 2015)
A seccomp overview (September 2, 2015)
Sandboxing for the unprivileged with bubblewrap (May 4, 2016)
Sandboxing with the Landlock security module (October 19, 2016)
Filesystem sandboxing with eBPF (November 6, 2019)
eBPF seccomp() filters (May 31, 2021)
A Debian GR on secret voting—and more (March 1, 2022)
Belenios: a system for secret voting (March 8, 2022)
UEFI and "secure boot" (June 15, 2011)
Fedora reexamines "trusted boot" (June 29, 2011)
An update on UEFI secure boot (October 26, 2011)
Fedora, secure boot, and an insecure future (June 5, 2012)
Ubuntu details its UEFI secure boot plans (June 27, 2012)
Preparing the kernel for UEFI secure boot (September 6, 2012)
LSS: Secure Boot (September 12, 2012)
Another approach to UEFI secure boot (October 17, 2012)
UEFI secure boot kernel restrictions (November 7, 2012)
The trouble with CAP_SYS_RAWIO (March 13, 2013)
BSD-style securelevel comes to Linux — again (September 11, 2013)
Verified U-Boot (October 23, 2013)
Practical security for 2014 (January 10, 2014)
Android Verified Boot (April 1, 2015)
Toward measured boot out of the box (September 8, 2016)
Supporting UEFI secure boot in Debian (October 10, 2016)
Locking down module parameters (December 7, 2016)
Kernel lockdown in 4.17? (April 2, 2018)
Kernel lockdown locked out — for now (April 6, 2018)
The return of the lockdown patches (April 3, 2019)
TLS renegotiation vulnerability (November 18, 2009)
Postfix TLS plaintext injection (March 16, 2011)
Python, SSL/TLS certificates and default validation (January 29, 2014)
"goto fail;" considered harmful (February 26, 2014)
A longstanding GnuTLS certificate validation botch (March 5, 2014)
Backporting network security enhancements from Python 3.4 (July 30, 2014)
Python decides for certificate validation (September 10, 2014)
A new OpenSSL vulnerability (October 15, 2014)
Python ssl module update (June 1, 2017)
LibreSSL languishes on Linux (January 4, 2021)
Extended Validation certificates and cross-site scripting (March 12, 2008)
Firefox 3 SSL certificate warnings (August 27, 2008)
SSL man-in-the-middle attacks (December 24, 2008)
SSL certificates and MD5 collisions (January 14, 2009)
SSL flaws revealed at Black Hat (August 5, 2009)
GUADEC: Danny O'Brien on privacy, encryption, and the desktop (August 4, 2010)
EFF analyzes SSL certificates and certificate authorities (August 11, 2010)
The case of the fraudulent SSL certificates (March 23, 2011)
Fallout from the fraudulent SSL certificates (March 30, 2011)
Certificates and "authorities" (September 7, 2011)
Convergence: User-controlled SSL certificate checking (October 19, 2011)
Sovereign Keys for certificate verification (November 23, 2011)
TACK: TLS key pinning for everyone (May 31, 2012)
Holes discovered in SSL certificate validation (October 31, 2012)
Security Enhanced Linux (SELinux)
SE-PostgreSQL uses SELinux for database security (July 18, 2007)
SELinux and Fedora (July 9, 2008)
OLS: SELinux from academia to your desktop (July 30, 2008)
Newer kernels and older SELinux policies (September 24, 2008)
SELinux permissive domains (October 15, 2008)
MeeGo rethinks privacy protection (April 13, 2011)
SELinuxDenyPtrace and security by default (April 11, 2012)
LSS: Secure Linux containers (September 6, 2012)
SELinux on Android (August 27, 2014)
Fedora and SELinux relabeling (July 7, 2016)
Removing run-time disabling for SELinux in Fedora (September 23, 2020)
OpenWrt and SELinux (September 30, 2020)
Self-signed TLS/SSL certificate
OpenWrt and self-signed certificates (November 18, 2020)
Dealing with weakness in SHA-1 (June 17, 2009)
Moving Git past SHA-1 (February 27, 2017)
Java cryptography and free distributions (March 14, 2007)
Integrity management in the kernel (March 28, 2007)
Enabling DRM in the kernel? (May 20, 2009)
Enabling Intel TXT in Fedora (April 7, 2010)
UEFI and "secure boot" (June 15, 2011)
An update on UEFI secure boot (October 26, 2011)
Loading signed kernel modules (December 7, 2011)
KS2012: Module signing (September 6, 2012)
The module signing endgame (November 21, 2012)
Docker image "verification" (January 7, 2015)
Protecting Python package downloads (January 14, 2015)
Mandatory Firefox extension signing (February 18, 2015)
Firmware signing (May 27, 2015)
Toward measured boot out of the box (September 8, 2016)
Signing programs for Linux (September 13, 2017)
Forcing updates (February 11, 2009)
The Firefox extension war (May 6, 2009)
Malware in open-source web extensions (February 16, 2021)
Backscatter increase clogs inboxes (April 9, 2008)
Storm botnet used to study spam (November 12, 2008)
On comment spam (July 28, 2010)
A decline in email spam? (July 7, 2011)
SpamAssassin 3.4.1 released (May 6, 2015)
A look at Rspamd (July 1, 2015)
Spam reduction with greylisting (October 12, 2016)
Optimization-unstable code (December 4, 2013)
Static security analysis of Tizen apps (June 4, 2014)
Finding driver bugs with DR. CHECKER (September 7, 2017)
Finding Spectre vulnerabilities with smatch (April 20, 2018)
Fedora and supply-chain attacks (June 16, 2021)
PyTorch and the PyPI supply chain (January 11, 2023)
Security software verifiability (August 21, 2013)
Using vulnerabilities instead of new laws (September 11, 2013)
The post-PRISM internet (September 18, 2013)
Living with the surveillance state (October 29, 2013)
Email insecurities (November 13, 2013)
The Sequoia seq_file vulnerability (July 21, 2021)
Kernel-based malware scanning (December 4, 2007)
The TALPA molehill (August 6, 2008)
TALPA strides forward (August 27, 2008)
Docker image "verification" (January 7, 2015)
Protecting Python package downloads (January 14, 2015)
Static security analysis of Tizen apps (June 4, 2014)
Tizen's new access-control broker "Cynara" (June 11, 2014)
Rustls: memory safety for TLS (May 4, 2021)
STARTTLS considered harmful (August 18, 2021)
Changes in the TLS certificate ecosystem, part 1 (November 11, 2015)
Changes in the TLS certificate ecosystem, part 2 (November 18, 2015)
Fallout from the Python certificate verification change (December 2, 2015)
TLS certificate management on Android (March 2, 2016)
TOMOYO Linux and pathname-based security (April 14, 2008)
Finding buffer overflows with Parfait (July 29, 2009)
Deliberately insecure Linux distributions as practice targets (April 6, 2011)
Binary "diversity" (August 28, 2013)
Managing security for the cloud (October 8, 2014)
Testing PAM modules and applications in the Matrix (January 13, 2016)
Smack for simplified access control (August 8, 2007)
Sudo and its alternatives (February 21, 2024)
Forward secure sealing (August 22, 2012)
Finding bugs lurking in the DOM (January 30, 2008)
"Strong" stack protection for GCC (February 5, 2014)
Comparing GCC and Clang security features (September 12, 2019)
All aboard the SmoothWall Express (August 29, 2007)
Hiding open ports with shimmer (January 9, 2008)
IPFire 2.5: Firewalls and more (April 28, 2010)
Fedora introduces Network Zones (February 29, 2012)
Fedora's firewall furor (April 23, 2014)
Fedora 21 and its Workstation firewall (December 17, 2014)
OSSEC for host-based intrusion detection (April 21, 2010)
OpenVAS replacing Nessus in Debian (August 12, 2009)
Passive OS fingerprinting added to netfilter (June 10, 2009)
John the Ripper (July 18, 2012)
Preventing brute force ssh attacks (October 24, 2007)
Distributed brute force ssh attacks (October 21, 2009)
Dealing with automated SSH password-guessing (October 24, 2016)
Mobile phone or penetration tool? (September 24, 2008)
Security testing with BackBox 2 (September 8, 2011)
Stealthy network penetration (July 25, 2012)
Scanning for PHP vulnerabilities with Pixy (June 27, 2007)
Centralizing policy rules with PolicyKit (November 14, 2007)
Find SQL injection vulnerabilities with sqlmap (September 3, 2008)
Tor Messenger (December 9, 2015)
Web application scanning with skipfish (March 31, 2010)
Reactive vs. pro-active kernel security (July 13, 2011)
Blender security vs. usability (July 20, 2011)
Security training for everyone (January 25, 2017)
Transport Layer Security (TLS)
TLS renegotiation vulnerability (November 18, 2009)
Postfix TLS plaintext injection (March 16, 2011)
Toward secure package downloads (March 25, 2015)
Mozilla and deprecating HTTP (May 13, 2015)
Another crypto downgrade attack: Logjam (May 20, 2015)
TLS in the kernel (December 2, 2015)
The trouble with new TLS version numbers (September 28, 2016)
A unified TLS API for Python (January 19, 2017)
Extending in-kernel TLS support (April 25, 2022)
Adding an in-kernel TLS handshake (June 1, 2022)
Emacs & TLS (July 11, 2018)
Trojan Source: tricks (no treats) with Unicode (November 3, 2021)
Exposing Trojan Source exploits in Emacs (November 11, 2021)
Trojan Source and Python (November 16, 2021)
A report from the Enigma conference (February 14, 2018)
LinuxCon: Secure virtualization with sVirt (September 23, 2009)
Qubes: security by virtualization (May 5, 2010)
The security state of KVM (November 12, 2014)
Qubes OS nears version 3.0 (May 28, 2015)
Challenges in protecting virtual machines from untrusted entities (December 1, 2020)
DazukoFS: a stackable filesystem for virus scanning (February 11, 2009)
ClamAV 0.96 adds executable virus signatures and more (May 12, 2010)
ClamAV 0.98.3 adds features and asks for statistics (May 14, 2014)
Plug-and-play sanitization of USB thumb drives (December 17, 2014)
Securing our votes (August 8, 2007)
Voting machine integrity through transparency (March 26, 2008)
Striking back against web attackers (June 23, 2010)
Using vulnerabilities instead of new laws (September 11, 2013)
Top ten web attack techniques of 2013 (October 1, 2014)
Weaponizing middleboxes (September 21, 2021)
Authentication bypass in routers (March 5, 2008)
The ups and downs of strlcpy() (July 18, 2012)
"Strong" stack protection for GCC (February 5, 2014)
Adding strlcpy() to glibc (September 17, 2014)
Several vulnerabilities found in NTP (December 25, 2014)
An overhyped GHOST (January 28, 2015)
A pair of Python vulnerabilities (February 24, 2021)
A hole in telnetd (January 4, 2012)
Fuzz and strings (November 19, 2014)
Ansible and CVE-2016-9587 (January 18, 2017)
Bash gets shellshocked (October 1, 2014)
Cross-site request forgery (CSRF)
Cross-site request forgery (October 17, 2007)
The FREAK crypto downgrade attack (March 4, 2015)
Another crypto downgrade attack: Logjam (May 20, 2015)
Cryptographic splicing makes for a Wordpress vulnerability (May 7, 2008)
Apache attacked by a "slow loris" (June 24, 2009)
Using HTTP POST for denial of service (December 1, 2010)
Denial of service via hash collisions (January 11, 2012)
Python adopts SipHash (November 27, 2013)
OpenPGP certificate flooding (July 2, 2019)
Continued attacks on HTTP/2 (April 10, 2024)
Format string vulnerabilities (February 1, 2012)
Apache range request denial of service (August 31, 2011)
HTTP response splitting (October 17, 2008)
Image handling vulnerabilities (April 23, 2008)
Linux ASLR vulnerabilities (April 29, 2009)
GMP and assert() (February 27, 2019)
BadBunny? Only if you invite it in (June 12, 2007)
Blender security vs. usability (July 20, 2011)
vmsplice(): the making of a local root exploit (February 12, 2008)
The rest of the vmsplice() exploit story (March 4, 2008)
Standards, the kernel, and Postfix (August 20, 2008)
Another Linux capabilities hole found (April 15, 2009)
A privilege escalation flaw in udev (April 22, 2009)
Fun with NULL pointers, part 1 (July 20, 2009)
Fun with NULL pointers, part 2 (July 21, 2009)
Null pointers, one month later (August 18, 2009)
Attacks against WordPress installations (September 9, 2009)
On the importance of return codes (December 2, 2009)
Two glibc vulnerabilities (October 27, 2010)
Calibre and setuid (November 2, 2011)
A /proc/PID/mem vulnerability (January 25, 2012)
Anatomy of a user namespaces vulnerability (March 20, 2013)
What the beep? (April 11, 2018)
A major vulnerability in Sudo (February 3, 2021)
Exploiting races in system call wrappers (August 15, 2007)
Smuggling email inside of email (January 3, 2024)
Free software's not-so-eXZellent adventure (April 2, 2024)
Find SQL injection vulnerabilities with sqlmap (September 3, 2008)
Exploiting symlinks and tmpfiles (September 19, 2007)
Symbolic links in "sticky" directories (June 2, 2010)
Fixing the symlink race problem (December 14, 2011)
OpenPGP signature spoofing using HTML (October 11, 2018)
Handling the Kubernetes symbolic link vulnerability (December 19, 2018)
Stockpiling zero-day vulnerabilities (August 15, 2012)
The status of Wayland security (March 12, 2014)
The WebCrypto API (July 2, 2014)
Top ten web attack techniques of 2013 (October 1, 2014)
HTML Subresource Integrity (June 29, 2016)
ModSecurity for web-application firewalls (December 14, 2016)
The OWASP ModSecurity Core Rule Set 3.0 (December 21, 2016)
The backdooring of WordPress (March 7, 2007)
Home routers and security flaws (October 10, 2007)
Cross-site request forgery (October 17, 2007)
The backdooring of SquirrelMail (December 19, 2007)
Web security vulnerabilities and Javascript (January 23, 2008)
Cryptographic splicing makes for a Wordpress vulnerability (May 7, 2008)
Attacks against WordPress installations (September 9, 2009)
Striking back against web attackers (June 23, 2010)
How to (not) fix a security flaw (April 3, 2019)
Leaking browser history (June 25, 2008)
The Firefox extension war (May 6, 2009)
Google's Native Client (June 3, 2009)
Mozilla's Content Security Policy (July 1, 2009)
Google's Chromium sandbox (August 19, 2009)
Firefox extension vulnerabilities (August 26, 2009)
Firefox locks down the components directory (November 24, 2009)
Google Chrome and master passwords (May 19, 2010)
Redirecting browser tabs via "tabnabbing" (May 26, 2010)
Mozilla's Plugin Check (June 9, 2010)
HTTPS Everywhere brings HTTPS almost everywhere (June 30, 2010)
A trojan in a Firefox security add-on (July 21, 2010)
Private browsing: not so private? (September 22, 2010)
Gathering session cookies with Firesheep (November 3, 2010)
Web tracking and "Do Not Track" (January 26, 2011)
Developments in web tracking protection (April 20, 2011)
LFNW: Seth Schoen stumps for SSL (May 4, 2011)
WebGL vulnerabilities (May 25, 2011)
A white paper on comparative browser security (December 14, 2011)
Tracking users (February 8, 2012)
Do Not Track Does Not Conquer (October 17, 2012)
Privacyfix (October 24, 2012)
Security implications for user interface changes? (November 28, 2012)
HTTPS interception in Nokia's mobile browser (January 23, 2013)
LCA: CSP for cross-site scripting protection (February 6, 2013)
Mixed web content (April 17, 2013)
Mozilla PiCL and multi-level security (July 31, 2013)
Tor and browser vulnerabilities (August 7, 2013)
Browser fingerprinting (October 16, 2013)
Privacy Badger gives teeth to Do Not Track (May 7, 2014)
Browser tracking through "canvas fingerprinting" (July 23, 2014)
Mandatory Firefox extension signing (February 18, 2015)
Easier and more secure browsing in Tor Browser 4.5 (April 29, 2015)
Mozilla and deprecating HTTP (May 13, 2015)
Speed and bandwidth improvements with Firefox Tracking Protection (May 28, 2015)
Chromium suddenly starts downloading a binary blob (June 17, 2015)
Panopticlick 2 (December 23, 2015)
New browser-fingerprinting techniques (May 25, 2016)
Shifting feature sets and search engines in Tor Browser 6 (June 2, 2016)
Browsers, web sites, and user tracking (February 5, 2020)
Avoiding "supercookie" tracking (February 3, 2021)
Malware in open-source web extensions (February 16, 2021)
A replacement for third-party cookies? (May 5, 2021)
Content blockers and Chrome's Manifest V3 (December 21, 2021)
Goodbye FLoC, hello Topics (January 26, 2022)
Denial of service via hash collisions (January 11, 2012)
A backdoor in a popular Ruby gem (April 10, 2019)
Infected Linux web servers pushing malware (May 15, 2013)
Session cookies for web applications (May 21, 2008)
Should web developers say no to cookie-based authentication? (March 24, 2010)
Pondering the X client vulnerabilities (May 27, 2013)
Security processes and the X.org flaw (January 25, 2012)
XDC2012: Graphics stack security (September 25, 2012)
A setuid wrapper for X.org (March 12, 2014)
Qubes OS and colored-border spoofing (October 26, 2016)