Do we really need all these clients running?

Part of DevOps is tools. Not all of it, but some. Tools like Puppet, Chef, Sensu, Logstash...tools that provide valuable services in terms of configuration management, monitoring, and logging and metrics. But many of them require running a full-fledged client on the server. These clients take up resources, require maintenance, and increase the attack surface. Do we really need them?

Read More

Compromising Drupal 7.31

Recently Drupal (versions 7.x < 7.32) was discovered to have...well a devastating anonymous remote vulnerability. There are a lot of fascinating things about this vulnerability, including the fact that it's a one line mistake in a section of the code that is supposed to stop SQL injection attacks, as well as that the Drupal community actually put out a PSA (as in "public service announcement") suggesting that if you have a Drupal site that wasn't upgraded within seven hours of the release of the update that you should consider your site compromised and act accordingly. Wow.

Read More

Installing Docker on Ubuntu 14.10

This post is quick look at installing docker (and using it a bit) on a Ubuntu 14.10 based laptop.

I know many people don't think of Docker as a secure system when compared to virtual machines provided by something like KVM or Xen. But that is just one viewpoint.

Another way to look at Docker is that it's an easy way to use container technology to limit what applications can do on a server, ie. a simpler way to use MAC security concepts. If one looks at Docker as a replacement for virtual machines, then yes, it might not look as secure. But that is probably the wrong way to think about Docker, at least at this time. OK, so maybe no multi-tenancy yet. But single tenancy? Why not!

Read More

Enable Apparmor for Firefox

The desktop is a battleground! Sorry, I don't usually use military metaphors but it seems apt in this case. Many security professionals now believe there is no perimeter. Most secure systems, at least ones on premise, are hidden behind layers of firewalls, intrusion detection, and other security devices. Then we cut through those layers with VPNs or backdoors from our workstation. However, the perimeter is getting difficult to define (see: cloud), or why attack it at all when you can go after the soft underbelly of a marketing employee's laptop.

In this post I just take a quick look at enabling apparmor for Firefox.

Read More

Linkdrop #6

Cyber all the things!

Read More