this post was submitted on 18 Jul 2023
15 points (100.0% liked)

Technology

67 readers
2 users here now

This magazine is dedicated to discussions on the latest developments, trends, and innovations in the world of technology. Whether you are a tech enthusiast, a developer, or simply curious about the latest gadgets and software, this is the place for you. Here you can share your knowledge, ask questions, and engage in discussions on topics such as artificial intelligence, robotics, cloud computing, cybersecurity, and more. From the impact of technology on society to the ethical considerations of new technologies, this category covers a wide range of topics related to technology. Join the conversation and let's explore the ever-evolving world of technology together!

founded 2 years ago
 

Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface.

top 4 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 1 year ago (1 children)

Not sure I understood everything, but it reads as if the image creator added secrets into the image? Wouldn't that be the problem of the image creator, instead of people using the image?

[–] [email protected] 2 points 1 year ago (1 children)

A developer works on a docker image for some sort of server software and puts in a backdoor for testing purposes or leaves some password somewhere defaulted to make things easier for them. Dev forgets about it, and publishes the image. Ten thousand people then download the compromised image and deploy it on Internet-facing servers without a second thought.

[–] [email protected] 2 points 1 year ago

Ah, that makes more sense then. Thanks.

[–] [email protected] 1 points 1 year ago

Can't say I'm that surprised.