Mostly security and the cloudy clouds with occasional metal and beer ramblings for good measure. Views and opinions are my own.
May 10, 2019 • 11 tweets • 4 min read
So, the #Alpine Linux #Docker root password issue (CVE-2019-5021) has been interesting to follow over the last few days. This is a security regression I reported earlier this year which resulted in this CVE. So, why “interesting”? (1/11)
Between posts of "this seems bad", "this isn't a vulnerability" - and a handful of rather colourful personal attacks for good measure - the impact of this issue seems to have been muddied leaving some questions as to potential impact. (2/11)
Nov 22, 2018 • 6 tweets • 3 min read
A brief reminder why you should disable Cloud-Init after bootstrapping your AWS EC2 instances. If not, an attacker with EC2 'ModifyInstanceAttribute' permissions - which doesn't appear to be resource limitable - could trivially backdoor / shell EXISTING instances. (1/N)
One caveat is that the machine must be temporarily powered-off to modify the instance attributes. This would likely raise alarms, so it's not particularly covert! In the above example, i-07f9aa1e2ca8cc065 is the target: A fake database server which is in a RUNNING state. (2/N).