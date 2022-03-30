Security and Proprietary Software
Increasing the security bar in Ingress-NGINX v1.2.0
The Ingress may be one of the most targeted components of Kubernetes. An Ingress typically defines an HTTP reverse proxy, exposed to the Internet, containing multiple websites, and with some privileged access to Kubernetes API (such as to read Secrets relating to TLS certificates and their private keys).
While it is a risky component in your architecture, it is still the most popular way to properly expose your services.
Ingress-NGINX has been part of security assessments that figured out we have a big problem: we don't do all proper sanitization before turning the configuration into an nginx.conf file, which may lead to information disclosure risks.
Organisations must report cyber security breach within six hours [iophk: Windows TCO]
According to the latest order, data centres, virtual private server (VPS) providers, cloud service providers and virtual private network service (VPN Service) providers need to register the accurate information related to subscriber names, customer hiring the services, ownership pattern of the subscribers etc, and maintain them for five years or longer duration as mandated by the law.
Microsoft study unclear on impact of Ukraine attacks: researcher [iophk: Windows TCO]
"Yet it tells us little about the impact of these operations, especially on the strategic level. The report is clear about this, noting 'Microsoft is not able to evaluate their broader strategic impact'."
Pulseway announces extended functionality for macOS and Linux, plus deep IT Glue integration
Blizzard’s Plan To Combat Emulation Of New ‘Diablo’ Title: Just Release It On PC
Over the past few years, we’ve seen a flurry of activity centering around video game emulation. Much of that has been focused on how a few companies, namely Nintendo, have reacted to emulation sites. Almost universally, these companies see emulation as a threat and try to get them shut down. Often times those same companies use the market demand in the public that those emulation sites created to sell inferior versions of these older or emulatable games. In other words, the lesson learned here is that the default gaming industry position on emulation is that it must be destroyed so that the company’s wares can only be bought and used in the manner in which that company desires, market demand be damned.
Simple PDF Linking to Malicious Content
Last week, I found an interesting piece of phishing based on a PDF file. Today, most of the PDF files that are delivered to end-user are not malicious, I mean that they don’t contain an exploit to trigger a vulnerability and infect the victim’s computer. They are just used as a transport mechanism to deliver more malicious content. Yesterday, Didier analyzed the same kind of Word document[1]. They are more and more common because they are (usually) not blocked by common filters at the perimeter.
