Submitted via IRC for TheMightyBuzzard
We are all aware of the risks introduced by good old third party code. Where would we be without it? Apparently not very far. It is estimated that between 30 to 70 percent of code comes from 3rd party applications. This is why we patch up old libraries and update open source packages.
While the risks of 3rd party code are well known, the risks of using 3rd party containers are more obscure. In this article I will discuss one such risk: the introduction of 3rd party secrets; and look at examples from public registries.
To get a taste of the prevalence of such secrets, we scanned the top 1,000 most popular container images found on public registries. We were not only looking for default passwords, but mostly for less obvious examples of secrets. We selected only the latest images, from the top starred public repositories. What we found convinced us that the risk is very real, as 67% of images had at least one form of a secret.
Source: https://www.helpnetsecurity.com/2017/06/16/trust-container-images/
(Score: 0) by Anonymous Coward on Sunday June 18 2017, @07:22AM (4 children)
We're in the age of the get-girls-coding Script Kiddies; nobody knows restraint anymore; nobody knows what it means to work within well-specified, hard limits—I suspect "bare-bones" is rapidly falling out of the collective lexicon.
(Score: 0) by Anonymous Coward on Sunday June 18 2017, @04:01PM
That has been going ons since the dawn of computers. Take your political tripe somewhere else.
(Score: 2) by Azuma Hazuki on Sunday June 18 2017, @04:56PM (2 children)
Have you forgotten who did most of the computer work early on? Coding only became a mens' field in the early 80s after home computers became more or less expensive toys.
...oh who am I kidding, you were probably born during the Dubya years...
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Monday June 19 2017, @02:14AM
Try again.
(Score: 0) by Anonymous Coward on Monday June 19 2017, @03:36PM
> Have you forgotten who did most of the computer work early on?
That did anything remotely close to programming? Not women.
(Score: 3, Insightful) by Arik on Sunday June 18 2017, @08:09AM (1 child)
¿Cui buono?
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Sunday June 18 2017, @08:22AM
If you can easily patch a flaw, then you can easily patch a flaw. Get what I mean?
(Score: 3, Funny) by c0lo on Sunday June 18 2017, @10:02AM (2 children)
I once found something resembling two illegal aliens; big eyes, wrinkled mummified faces, looked like they were from the fringes of Andromeda.
Turned out they actually were 2 CIA agents, one Finnish the other Peruvian, taken by surprise in that container by the last Ice Age; they couldn’t get out fast enough when the cloud froze and their CDN node went down.
That's why I say, stay away from the containers folks, you never know when you'll find yourself secretly trapped in one, unable to route around censorship.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Funny) by inertnet on Sunday June 18 2017, @10:30AM (1 child)
Censorship? I thought it was a container ship.
(Score: 2) by c0lo on Sunday June 18 2017, @10:39AM
If it wouldn't be for the 2 CIA agents, I'd be tempted to sea her your way; but this was definitely a censor ship and I'm not sure an inert net can deal properly with such circumstances.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford