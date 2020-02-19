Security and FUD: SpaceX, NMap, Polyverse, MongoDB, NGINX and Kubernetes
-
All Those Low-Cost Satellites in Orbit Could Be Weaponized by Hackers, Warns Expert
Last month, SpaceX became the operator of the world's largest active satellite constellation. As of the end of January, the company had 242 satellites orbiting the planet with plans to launch 42,000 over the next decade.
This is part of its ambitious project to provide internet access across the globe. The race to put satellites in space is on, with Amazon, UK-based OneWeb and other companies chomping at the bit to place thousands of satellites in orbit in the coming months.
-
NMap - A Basic Security Audit of Exposed Ports and Services
For a plethora of reasons, auditing the security of our servers and networks is of paramount importance. Whether we are talking about a development server, a workstation, or a major enterprise application, security should be baked into every step of the deployment. While we can easily check our firewall settings from “the inside” of our systems. It is also a good idea to run a security audit from "the outside”. Using a network enumeration tool such as the famous and highly vetted Network Mapper (NMap).
-
Cybersecurity startup Polyverse raises $8M to protect Linux open-source code from hackers [Ed: Right around the corner from Bill Gates, another company like Black Duck and it'll "protect" Linux... just buy its proprietary software]
Polyverse has been validated by the U.S. Department of Defense for mitigating zero-day attacks, intrusions that occur just as a vulnerability becomes public, such as the infamous WannaCry ransomware and hacks of companies like Equifax. The company says its technology is “running on millions of servers.”
-
MongoDB: developer distraction dents DevSecOps dreams
MongoDB’s director of developer relations has just opened a piece of internal research that suggests as few as 29% of Europe’s developers take full responsibility for security.
Now, 29% is a somewhat arbitrary figure, cleary i.e. it could be 22.45% or it could be 39.93%… the fact that the firm has pointed to an exact sum in this way is merely intended to show that it has undertaken a degree of calculation and statistical analysis
-
NGINX Unit Adds Support for Reverse Proxying and Address-Based Routing
NGINX announced the release of versions 1.13 and 1.14 of NGINX Unit, its open-source web and application server. These releases include support for reverse proxying and address-based routing based on the connected client's IP address and the target address of the request.
NGINX Unit is able to run web applications in multiple language versions simultaneously. Languages supported include Go, Perl, PHP, Python, Node.JS, Java, and Ruby. The server does not rely on a static configuration file, instead allowing for configuration via a REST API using JSON. Configuration is stored in memory allowing for changes to happen without a restart.
-
Kubernetes Security Plagued by Human Error, Misconfigs
Following a year of numerous security bugs within the Kubernetes ecosystem and the first security audit of Kubernetes conducted by the Cloud Native Computing Foundation (CNCF), which hosts the open source platform, continued wide-spread adoption has seen security become somewhat of an afterthought.
However, if security concerns continue inhibiting business innovation, does that fall on businesses for neglecting security practices or the market for not providing them with the tools to confidently secure their deployments?
“People just get security wrong sometimes,” McLean said. “Companies need a combination of increased learning, cross-pollination, new tooling, and updated processes to identify and remediate these security ‘mistakes’ during build and deploy vs. waiting for exposure during runtime.”
-
