Archive for August, 2019

Quality Of Code Doesn’t Matter Much In Open Source Contributions: Study

August 30, 2019 Leave a comment

For those of you in the software industry, you may be shocked to learn that contributor reputation trumps good old fashioned peer review when it comes to committing code in your project in a study on open source projects. I suspect this might mirror the real world where tight deadlines and outsourced labor are regular parts of the workload.

Categories: General

Warning! Proceed with caution ⚠

August 22, 2019 Leave a comment

Culture is more important than money (but I do need to pay my bills).

If you are not lucky enough to work for a company that you value or one that values you, learn about a bold approach to employment where they only want the best and try to tell yourself that you wouldn’t want to work there…

Categories: General

Kubernetes – steady as she goes

August 19, 2019 Leave a comment

Looks like the fine folks running the Kubernetes core have the results from an audit they did. As many of the infrastructure teams look to use this code to help manage clusters of computing resources, we would all benefit from learning what could possibly go wrong 😊.

Many of the recommendations in the report involve code clean-up, adding further testing and documentation, and making defaults more security conscious.

These basic recommendations would make it easier to patch and resolve problems when they are found.

It is important to note that there were five “high severity” findings that included problems with access control, authentication, timing, and data validation.

Here is a look at the big ones…

  • An access control bypass of PodSecurityPolicy
  • K8s does not facilitate certificate revocation
  • HTTPS connections are not authenticated
  • Time of check, time of use problem with moving PID
  • Improperly patched directory traversal in kubectl cp

Keep in mind that some of these have already been resolved if you are already using 1.15 branches.

The report is definitely worth a read and can be found here.

Categories: General

Black Hat USA 2019: IBM X-Force Red Reveals New ‘Warshipping’ Hack To Infiltrate Corporate Networks

August 9, 2019 Leave a comment

Imagine, shipping a disposable package to someone at the office in order to gain access to a phone, test lab or even the corporate wifi network?

It is now a reality and can be done for less than $100 bucks (shipping charges may apply)

Categories: General