Exploring Docker Security – Part 2: Container flaws

http://i.dailymail.co.uk/i/pix/2010/08/10/article-1301858-0ABD7881000005DC-365_964x543.jpg

Now that we’ve understood the basics, this second part will cover the most relevant container threats, their possible impact as well as existent countermeasures. Beyond that, a short overview of the most important sources for container threats will be provided. I’m pretty sure you’re not counting on most of them. Want to know more?

Continue reading

MirageOS

mirage-header4

Introduction

MirageOS is a new and rising trend when it comes to talking about cloud computing. More and more services are being relocated into modern cloud infrastructures, due to a lot of advantages like i.e. reduced costs, maximum flexibility and high performance. Todays services normally depend on big virtual machines (like i.e. Ubuntu Xenial with a size of ~1,5 GB) with a lot of software on it. The service which is running on these virtual machine only needs a very small subpart of the whole software and dependencies which are installed. Also the unneeded additional software running on the virtual machines offers a huge attack surface for hackers. Since data often is a highly valuable asset for a company and exposing it would lead to a huge profit collapse, security gains more and more importance. MirageOS is a minimalistic approach to kick out all unneeded layers and dependencies and deploy as less code as possible. This approach is highly efficient and fits in perfectly in modern microservice-architectures. If MirageOS will be accepted by users in the future, it could possibly replace modern approaches like i.e. Docker or classic virtual machines in the context of cloud-environments.

Continue reading

Exploring Docker Security – Part 1: The whale’s anatomy

http://www.br.de/themen/wissen/wal-wale-buckelwal100~_v-img__16__9__xl_-d31c35f8186ebeb80b0cd843a7c267a0e0c81647.jpg?version=3e6e9

When it comes to Docker, most of us immediately start thinking of current trends like Microservices, DevOps, fast deployment, or scalability. Without a doubt, Docker seems to hit the road towards establishing itself as the de-facto standard for lightweight application containers, shipping not only with lots of features and tools, but also great usability. However, another important topic is neglected very often: Security. Considering the rapid growth of potential threats for IT systems, security belongs to the crucial aspects that might decide about Docker (and generally containers) being widely and long-term adopted by software industry.
Therefore, this series of blog posts is about giving you an overview of the state of the art as far as container security (especially Docker) is concerned. But talking about that does not make so much sense without having a basic understanding of container technology in general. This is what I want to cover in this first part.
You may guessed right: Altogether, this will be some kind of longer read. So grab a coffee, sit down and let me take you on a whale ride through the universe of (Docker) containers.

Continue reading

[Project] How to build an intelligent mirror

logo
Hello there, today we want to feature a project, we were working in the last semester. A Smart Mirror.
It’s not that new to build such a mirror and we’re not the first who built one. We still wanted to do it in another way with another focus. Instead of focussing on our own needs we wanted to build an open and extendable solution.

[written by Roman Kollatschny and Matthias Schmidt]

Continue reading

Stupid by nature? – How psychology influences our security decisions

This blog post was written by Malte Vollmerhausen and Marc Stauffer.

stupid by natureImagine you are going to a supermarket. You spot a pyramid of Campbell’s tomato soup cans. They are off by 10%. You take a bunch of cans and buy them. As a study shows, you statistically would have bought around 3 cans. Let’s sit into our Dolorian, go back 30 minutes and enter the supermarket again. You’re again seeing the pile of Campell’s (with the 10% discount), but now there is one little addition: a sign saying “Max. 12 cans per person”. As the study states, this time you would bring 7 cans to the cash-point. You made a completely irrational decision, because the sign should in no way have an effect on your decision making process – yet it does. As you can imagine, this problem is also present when facing security decisions.

Continue reading

SocialCloud – HumHub and the humming begins – Part 7

The background

office-email

Locally organized voluntary groups, helping refugees manage their first steps in Germany, are often organized by mass-email with up to 50 recipients. So the huge amount of received emails which should be clarified ends up in a “answer all”-flood of every involved mailbox. Another realistic misbehaviour is that images are sent uncompressed as attachment, so some recipient mailbox exceed their limitation of 25MB per mail. Continue reading