-
Moby
The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
Oooph, good luck. And when you have time please make Docker aware that this well known foot-gun has finally done serious harm. They have known and ignored for years that iptables on Linux is totally broken and wide open when using Docker: https://github.com/moby/moby/issues/4737
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
NewsBlur
NewsBlur is a personal news reader that brings people together to talk about the world. A new sound of an old instrument.
From a quick skim through https://github.com/samuelclay/newsblur for models extending mongo.Document, it looks like the following private customer data has been breached:
- all story content from all private feeds
- any uploaded OPML files, including URLs for any private RSS feeds
- User’s twitter/facebook account info and access tokens, if the user had linked those services with their newsblur account
- all data that would be used to create a user profile page, including email address, whether the user had a public profile or not
However most personal data, such as password hashes and billing info, was stored in postgres.
-
Redis
Redis is an in-memory database that persists on disk. The data model is key-value, but many different kind of values are supported: Strings, Lists, Sets, Sorted Sets, Hashes, Streams, HyperLogLogs, Bitmaps.
Redis doesn't accept unauthenticated external connections by default for a while now, specifically to try and eliminate this footgun.
https://github.com/redis/redis/commit/edd4d555df57dc84265fdf...
-
masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
Check out massscan [0]. It’s extremely easy to scan IPv4 very rapidly and find targets in an automated fashion.
[0]: https://github.com/robertdavidgraham/masscan
-
AttackSurfaceAnalyzer
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
I saw this mentioned on twitter yesterday, Microsoft Attack Surface Analyzer, an open source toolset for seeing what config changed when performing software installation.
https://github.com/microsoft/AttackSurfaceAnalyzer
Interesting to see such a strong example of where tools like this could help the very next day.
Note: I haven't used this yet, just saw it and made a note.
-
I was caught out by this too[0]. I now have a fw script which runs automatically for demos etc.
[0] https://github.com/docker-library/redis/issues/259#issuecomm...
-
docker-ce
Discontinued :warning: This repository is deprecated and will be archived (Docker CE itself is NOT deprecated) see the https://github.com/docker/docker-ce/blob/master/README.md :warning:
Well, Docker CE comes with a huge Disclaimer of Warranty (https://github.com/docker/docker-ce/blob/master/LICENSE). I don't think we can complain. "I should have tested it before deploying to production" it's the right thing to say.