The plugin will iterate through readable namespaces, and look for pods. For every pod it can read, the plugin will read the podspec for the container images, and any init container images. Additionally, it collects the content sha of the image, so that it can be used to disambiguate between different versions pushed with the same tag.

Cellebrite makes software to automate physically extracting and indexing data from mobile devices. They exist within the grey – where enterprise branding joins together with the larcenous to be called "digital intelligence."

Wir wollten ja eigentlich nichts mehr mit Corona machen, aber dann kam ein Testzentrum dazwischen. 🙄 Es begann ähnlich wie das letzte Mal: Ein zerforschungs-Angehöriger war beim Corona-Schnelltest und bekam danach eine E-Mail mit einem Link zu seinem Ergebnis. Das kam ihm irgendwie fischig 🐟 vor, also haben wir uns das mal angeschaut.

Hackers have compromised at least one update server of German smartphone maker Gigaset and deployed malware to some of the company’s customers.

This research originated when I realized the default text reader on OSX, TextEdit is used to open files with TXT extension by default. On the interface of TextEdit, it looked like you can do basic customization to your text (you can turn text bold, italic, change color etc...), so I was wondering how a TXT file was storing and parsing this information. It seems it uses RTF format instead of TXT if we add customizations to the text.

"It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers,” Adam wrote in a letter to the European Data Protection Supervisor. “The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk." https://news.ycombinator.com/item?id=26628198 https://krebsonsecurity.com/2021/04/ubiquiti-all-but-confirms-breach-response-iniquity/

Ownership is the ultimate measurement of privacy, security, and freedom; if you don’t own the device fully, you are owned by the developer (and manufacturer) of the device. The only way to own my lamp was to pwn my lamp.

Keeping your system up to date mostly involves invoking more than a single package manager. This usually results in big shell one-liners saved in your shell history. Topgrade tries to solve this problem by detecting which tools you use and run their appropriate package managers.

This project helps you keep track of all your software and tools that are used or running in and around your Kubernetes platform. It helps you with part of the lifecycle management to keep your software up to data for feature completeness, security or compliance reasons.

Kubernetes audit logs can provide great visibility into the operation and inner workings of your cluster. It is also a good resource with relatively low startup cost to detect threats and anomalies inside your cluster.

Recently I have been thinking and talking to other people about open source security. The more conversations I had, the more convinced I became that this is a very complex topic. It is full of nuance and conflicting opinions. It is also an area that is in need of guidance and educational content.

I want to provide some common mistakes and vulnerabilities that you probably want to know about when designing, configuring or auditing Kubernetes authorization. This post is not a complete guide to Kubernetes or RBAC security and only covers a few specific aspects.

A few weeks ago, my kids wanted to hack my linux desktop, so they typed and clicked everywhere, while I was standing behind them looking at them play... when the screensaver core dumped and they actually hacked their way in! wow, those little hackers...

After discussion in sig-auth, the future of restricting pod security settings does not lie in PSP because compatibility restrictions will prevent the kinds of changes that are required. To clearly signal this, we will deprecate PSP in 1.21 and leave the removal of the api as 1.25 in keeping with sig-arch required transitioning out of beta.

Linux is not a secure operating system. However, there are steps you can take to improve it. This guide aims to explain how to harden Linux as much as possible for security and privacy. This guide attempts to be distribution-agnostic and is not tied to any specific one. DISCLAIMER: Do not attempt to apply anything in this article if you do not know exactly what you are doing. This guide is focused purely on security and privacy, not performance, usability, or anything else.

illuminatio is a tool for automatically testing kubernetes network policies. Simply execute illuminatio clean run and illuminatio will scan your kubernetes cluster for network policies, build test cases accordingly and execute them to determine if the policies are in effect.

The scp command, which uses the SSH protocol to copy files between machines, is deeply wired into the fingers of many Linux users and developers — doubly so for those of us who still think of it as a more secure replacement for rcp. Many users may be surprised to learn, though, that the resemblance to rcp goes beyond the name; much of the underlying protocol is the same as well. That protocol is showing its age, and the OpenSSH community has considered it deprecated for a while. Replacing scp in a way that keeps users happy may not be an easy task, though.

If a website offers you to sign-in using Google (or any third-party service, say Facebook, Github, etc.), don’t use that feature.

Apple’s launch of macOS Big Sur was almost immediately followed by server issues which prevented users from running third-party apps on their computers. While a workaround was soon found by people on Twitter, others raised some privacy concerns related to that issue. https://news.ycombinator.com/item?id=25095438