undefined | Better HN

0 pointsnineteen9997y ago0 comments

I don't assume that at all. I mentioned Docker explicitly and people are pulling Docker containers from untrusted sources with malware pre-installed, because they lack the experience that would tell them that pulling untrusted Docker containers and running them is a bad idea.

https://threatpost.com/malicious-docker-containers-earn-cryp...

From the article itself, although they mention the CVE at the top, the real point they are making is that people are deploying the products with poor defaults:

"as is typical with our findings, lots of companies are exposing their Kubernetes API with no authentication; inside the Kubernetes cluster"

Not to mention a bunch of NoSQL type db's you can easily search on Shodan if you wanted to have some fun.

So yes - the problem here is experience, or lack thereof, and not Kubernetes itself. The CVE can be patched. You can't patch inexperience - except with experience I suppose.

All I am saying is that there a lot of people who are downloading and deploying these products because of hype, who are unable or unwilling to secure them.

0 comments

cbzbc7y ago

Leaving aside NoSQL db's - there's also a ton of normal SQL databases wide open, I don't think hype is necessarily the issue there.

nineteen999OP7y ago

Sure, maybe your average garden variety Postgres or MySQL instances, and probably some MS-SQL as well. Companies that have a large investment in commercial RDBMS (eg. Oracle, DB2, etc) tend not to be so careless in my experience.

j / k navigate · click thread line to collapse