This patched critical flaw is the first remote code execution threat to a major cloud platform, undermining the security layers that isolate shared resources.
his team found the first remote code execution (RCE) exploit on a major cloud platform. One user could break the cloud isolation separating themselves and others, intercepting code, manipulating programs.
Makes you wonder what the isolation mechanism is at Azure for faas. Shows how important firecracker, gvisor, and others are… And that cold start isn’t going away because we need these things and these things take time to start.
Not sure if I should ask this here or in #terraform . Does anyone have experience with https://github.com/eerkunt/terraform-compliance? I’m curious if Sentinel is the only available way to check Terraform code for compliance with security rules.
a lightweight, security focused, BDD test framework against terraform. - eerkunt/terraform-compliance
@Joe Presley similar discussion came up recently
let me find it.
Policy-based control for cloud native environments
see the conversation surrounding this post
Thanks for the heads up. That was one of the solutions the client pointed me to.
Also, if you check out last week’s “office hours” we talk a little bit about using the Open Policy Agent with terraform
@marcinw has joined the channel
Awesome. Thanks a lot. That’s a huge help.
There an equivalent to something like teleport for ssh / kubectl access, but for access to SQL servers like Postgres and MySql?
That would be cool, but not really
Phpmyadmin doesn’t count :-)
(Ironically phone autocorrects that to “phony admin”)
If a web ui was what the interested parties needed, you could secure that up internally, put it behind SSO, etc. Was more hoping for a dynamic/audited tunnel for PSQL or other tools
(via digital ocean)
Secret Manager is a new GCP product that securely and conveniently stores API keys, passwords, certificates, and other sensitive data.
Six design patterns to avoid when designing computer systems.
Yeah that’s really bad
Cable Haunt lets attackers take complete control when targets visit booby-trapped sites.
This is pretty scary. With the ability to overwrite DNS settings remotely, an attacker can easily setup phishing sites on any domain they choose.