Cookie Settings
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Other cookies are those that are being identified and have not been classified into any category as yet.

No cookies to display.

7e189e36 luggage

That’s the kind of password an idiot uses on luggage: cloud security


Say it ain’t so, etcd is on the public Internets? And its leaking like a sieve.

A Shodan query shows 2593 etcd services out there flapping in the breeze. More detail was covered in Giovanni Collazo blog, but, in a nutshell, the combination of:

  1. simplicity. Its just easy to use and deploy etcd
  2. Insecure by design and default. To make it simple, no security model was originally used, if you can access the port, you can read the world
  3. orchestration platforms using etcd to move config around, including the link between container A and container B (e.g. mysql-client and mysql-server).

is super-dangerous.

In the tweet about this, we see a great screen shot, mysql password is 1234. Yup. The same one that Spaceballs talked about.

You can’t ‘yada yada yada’ cloud security. You need a real firewall, particularly when you are playing with ‘this only works on a dedicated network that is isolated even from the rest of your own application stack’ stuff like etcd. Seriously, you can’t even just be ‘outside bad, inside good’, you need to think about lateral traversal. if one machine of yours is compromised, and it can walk around in etcd (maybe it changes that password? just reads it? Its bad regardless). And its probably hard to retool everything.