Containers

How would you feel about your home security system if it only checked to see if your doors and windows were locked periodically? This security system would provide great visualizations of your house and how a criminal could get from one room to another, ultimately reaching one of your prized possessions, like a safe. However, it doesn’t have cameras on your doorbell or windows to alert you in real time when someone suspicious was approaching, or worse, trying to break into your house.

Occasionally, you get exposed to something so logical that you literally take pause and smile quizzically asking yourself “Why didn’t I think of this before?”

The recent discovery of a backdoor in XZ Utils (CVE-2024-3094), a data compression utility used by a wide array of various open-source, Linux-based computer applications, underscores the importance of open-source software security. While it is often not consumer-facing, open-source software is a critical component of computing and internet functions, such as secure communications between machines.

If you spend quite a bit of time in the command line, working with Docker images and containers locally to build and test them, you might be in the mood for some power-user Docker commands. We're skipping the basics and diving straight into the lesser-known yet highly effective commands that can significantly improve your Docker experience.

Before we start this blog post, let’s acknowledge that the only way to secure your environment from any vulnerability is to update the vulnerable hardware or software with patches that the author or the project community releases. Every other form of mitigation is only a way to provide an extended time for critical applications that cannot be updated immediately.

In the previous article, we discussed high-interaction honeypots and used vcluster to build an intentionally-vulnerable SSH server inside of its own cluster so it couldn’t hurt anything else in the environment when it got owned. Then, we installed Falco on the host and proceeded to attack the SSH server, watching the Falco logs to see the appropriate rule trigger when we read /etc/shadow.