Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Darkarnium Profile picture
Darkarnium
@Darkarnium
Mostly security and the cloudy clouds with occasional metal and beer ramblings for good measure. Views and opinions are my own.
May 10, 2019 11 tweets 4 min read
So, the #Alpine Linux #Docker root password issue (CVE-2019-5021) has been interesting to follow over the last few days. This is a security regression I reported earlier this year which resulted in this CVE. So, why “interesting”? (1/11) Between posts of "this seems bad", "this isn't a vulnerability" - and a handful of rather colourful personal attacks for good measure - the impact of this issue seems to have been muddied leaving some questions as to potential impact. (2/11)
Nov 22, 2018 6 tweets 3 min read
A brief reminder why you should disable Cloud-Init after bootstrapping your AWS EC2 instances. If not, an attacker with EC2 'ModifyInstanceAttribute' permissions - which doesn't appear to be resource limitable - could trivially backdoor / shell EXISTING instances. (1/N) One caveat is that the machine must be temporarily powered-off to modify the instance attributes. This would likely raise alarms, so it's not particularly covert! In the above example, i-07f9aa1e2ca8cc065 is the target: A fake database server which is in a RUNNING state. (2/N).