Our great sponsors
-
Moby
The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
-
NewsBlur
NewsBlur is a personal news reader that brings people together to talk about the world. A new sound of an old instrument.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Redis
Redis is an in-memory database that persists on disk. The data model is key-value, but many different kind of values are supported: Strings, Lists, Sets, Sorted Sets, Hashes, Streams, HyperLogLogs, Bitmaps.
-
masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
-
AttackSurfaceAnalyzer
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
-
docker-ce
Discontinued :warning: This repository is deprecated and will be archived (Docker CE itself is NOT deprecated) see the https://github.com/docker/docker-ce/blob/master/README.md :warning:
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Oooph, good luck. And when you have time please make Docker aware that this well known foot-gun has finally done serious harm. They have known and ignored for years that iptables on Linux is totally broken and wide open when using Docker: https://github.com/moby/moby/issues/4737
From a quick skim through https://github.com/samuelclay/newsblur for models extending mongo.Document, it looks like the following private customer data has been breached:
- all story content from all private feeds
- any uploaded OPML files, including URLs for any private RSS feeds
- User’s twitter/facebook account info and access tokens, if the user had linked those services with their newsblur account
- all data that would be used to create a user profile page, including email address, whether the user had a public profile or not
However most personal data, such as password hashes and billing info, was stored in postgres.
Redis doesn't accept unauthenticated external connections by default for a while now, specifically to try and eliminate this footgun.
https://github.com/redis/redis/commit/edd4d555df57dc84265fdf...
Check out massscan [0]. It’s extremely easy to scan IPv4 very rapidly and find targets in an automated fashion.
I saw this mentioned on twitter yesterday, Microsoft Attack Surface Analyzer, an open source toolset for seeing what config changed when performing software installation.
https://github.com/microsoft/AttackSurfaceAnalyzer
Interesting to see such a strong example of where tools like this could help the very next day.
Note: I haven't used this yet, just saw it and made a note.
I was caught out by this too[0]. I now have a fw script which runs automatically for demos etc.
[0] https://github.com/docker-library/redis/issues/259#issuecomm...
Well, Docker CE comes with a huge Disclaimer of Warranty (https://github.com/docker/docker-ce/blob/master/LICENSE). I don't think we can complain. "I should have tested it before deploying to production" it's the right thing to say.