“Docker and Kubernetes in high security environments” is an interesting case-study from the Swedish Police Authority, on how to setup and maintain a high security configuration of Docker and Kubernetes.
Not something that you’d think of on a daily basis, but a very handy guide for a weekend reading, or for a priority target scenario.
Scott Lowe shares an updated setup of Kubernets on the Amazon AWS. This blog post covers some of the bits in Kubeadm, which have been updated and improved, since his previous post on the subject some time last year.
If you are working with Amazon AWS, Kubernetes, Docker, VMWare, or other related technologies, I can’t recommend his blog high enough.
Slashdot is running a story about a researcher who scanned all Australian IP addresses and found a whole bunch of things that shouldn’t be online.
As interesting as it is, this comment to the thread offers a lot more:
Pffft Only one country?
At a defcon talk in 2014 (talk [youtube.com] slides [defcon.org]) they scanned the whole IPv4 space live, looking for VNC instances. At least, anything that responded to a SYN packet.
Then they took a couple months to connect to each VNC instance, if no password was required, grab a screen shot.
Leading to a series of talks of things that shouldn’t be on the internet [youtube.com].
I am still watching the video, but even in the first few minutes, you’ll see some crazy stuff. And let me get you started with a quick quiz question: if you had 7 servers, each connected to the Internet via a 1 Gb/s link, how long would it take you to scan the whole of Internet (all IP addresses), assuming 10 ports per IP?
Well, five years it took 12 minutes only, and it was done on stage at the conference! To me, this is somewhat mind-blowing. We keep hearing how huge and enormous the Internet is. So the idea of being able to scan all of it in just a few minutes sounds insane. Today, you’ll probably need even less time, with more better broadband and hardware.
And if you are curious about the tool that the guys used, it was massscan. It’s a lot faster than nmap for this kind of jobs, even though they are somewhat compatible.
A lot has been said about the wide range of Amazon Web Services (AWS). They are plenty and cover a whole lot of technologies – from low level infrastructure to artificial intelligence. It is difficult to grasp just how big and complex the AWS feature set. But I think the above periodic table of Amazon Web Services helps a lot.
Here’s an interesting study of the .com domain names. It appears that only about 1/3 of the registered domains are in use by legitimate websites. The rest are either spam, email-only, empty, broken, etc.
Only about 100,000 domains were crawled to provide a representative sample. But to me, the numbers look quite realistic. If only, I would push the porn and gambling sites into the “in use” category, rather than have them separately.