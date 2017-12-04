Security: Management Engine (ME) and WebGoat ​Computer vendors start disabling Intel Management Engine Hidden inside your Intel-based computer is a mystery program called Management Engine (ME). It, along with Trusted Execution Engine (TXE) and Server Platform Services (SPS), can be used to remotely manage your computer. We know little about Intel ME, except it's based on the Minix operating system and, oh yes, ME is very insecure. Because of this, three computers vendors -- Linux-specific OEMs System76 and Purism and top-tier PC builder Dell -- have decided to offer computers with disabled ME. These ME security holes impact millions of computers. ME supports Intel's Active Management Technology (AMT). This is a powerful tool that allows admins to remotely run computers, even when the device is not booted. Let me repeat that: If your PC has power, even if it's not running, it can be attacked. If an attacker successfully exploits these holes, the attacker can run malware that's totally invisible to the operating system.

WebGoat Teaches You To Fix Web Application Flaws In Real-time Good day, web developers! Today, we are going to discuss about a super useful application that teaches you web application security lessons. Say hello to WebGoat, a deliberately insecure web application developed by OWASP, with the intention of teaching how to fix common web application flaws in real-time with hands-on exercises. This application can be quite useful for those who wants to learn about application security and penetration testing techniques. A word of caution: WebGoat is PURELY FOR EDUCATIONAL PURPOSE. It turns your system extremely vulnerable to attackers. So, I insist you to use it in a virtual machine in your local area network. Don’t connect your testing machine to Internet. If you are using it in a production environment either intentionally or unknowingly, your company will definitely fire you. You have been warned!

CoreOS Tectonic 1.8 CoreOS Tectonic 1.8 makes it easy to plug external services into Kubernetes CoreOS announced Tectonic 1.8, its latest update of the popular Kubernetes container orchestration tool. It features a new open services catalog that enables DevOps personnel to plug in external services into Kubernetes with ease. As Rob Szumski, Tectonic product manager at CoreOS pointed out in a company blog post announcing the new version, public clouds offer lots of benefits around ease of use, but they can end up locking you in, in some cases to a proprietary set of tools. This is precisely what the new Open Cloud Services catalog is designed to resolve. Instead of using those proprietary tools, you get more open choices and that should make it easier to move between clouds or a hybrid environment.

