Hacker deleted all of NewsBlur’s mongo data and is now holding the data hostage

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • Moby

    The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

    Oooph, good luck. And when you have time please make Docker aware that this well known foot-gun has finally done serious harm. They have known and ignored for years that iptables on Linux is totally broken and wide open when using Docker: https://github.com/moby/moby/issues/4737

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • NewsBlur

    NewsBlur is a personal news reader that brings people together to talk about the world. A new sound of an old instrument.

    From a quick skim through https://github.com/samuelclay/newsblur for models extending mongo.Document, it looks like the following private customer data has been breached:

    - all story content from all private feeds

    - any uploaded OPML files, including URLs for any private RSS feeds

    - User’s twitter/facebook account info and access tokens, if the user had linked those services with their newsblur account

    - all data that would be used to create a user profile page, including email address, whether the user had a public profile or not

    However most personal data, such as password hashes and billing info, was stored in postgres.

  • Redis

    Redis is an in-memory database that persists on disk. The data model is key-value, but many different kind of values are supported: Strings, Lists, Sets, Sorted Sets, Hashes, Streams, HyperLogLogs, Bitmaps.

    Redis doesn't accept unauthenticated external connections by default for a while now, specifically to try and eliminate this footgun.

    https://github.com/redis/redis/commit/edd4d555df57dc84265fdf...

  • masscan

    TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

    Check out massscan [0]. It’s extremely easy to scan IPv4 very rapidly and find targets in an automated fashion.

    [0]: https://github.com/robertdavidgraham/masscan

  • AttackSurfaceAnalyzer

    Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.

    I saw this mentioned on twitter yesterday, Microsoft Attack Surface Analyzer, an open source toolset for seeing what config changed when performing software installation.

    https://github.com/microsoft/AttackSurfaceAnalyzer

    Interesting to see such a strong example of where tools like this could help the very next day.

    Note: I haven't used this yet, just saw it and made a note.

  • redis-docker

    Docker Official Image packaging for Redis

    I was caught out by this too[0]. I now have a fw script which runs automatically for demos etc.

    [0] https://github.com/docker-library/redis/issues/259#issuecomm...

  • docker-ce

    Discontinued :warning: This repository is deprecated and will be archived (Docker CE itself is NOT deprecated) see the https://github.com/docker/docker-ce/blob/master/README.md :warning:

    Well, Docker CE comes with a huge Disclaimer of Warranty (https://github.com/docker/docker-ce/blob/master/LICENSE). I don't think we can complain. "I should have tested it before deploying to production" it's the right thing to say.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • My open source NAS build (based on ZFS)

    10 projects | dev.to | 29 May 2022
  • Which Docker variant am I using and where is the daemon running?

    1 project | dev.to | 26 Dec 2024
  • A Very Deep Dive Into Docker Builds

    3 projects | dev.to | 25 Nov 2024
  • Why Clean Architecture Struggles in Golang and What Works Better

    3 projects | dev.to | 4 Nov 2024
  • You're probably not vulnerable to the CUPS CVE

    1 project | news.ycombinator.com | 27 Sep 2024

Did you konow that C is
the 6th most popular programming language
based on number of metions?