Backdoored images downloaded from DockerHub 5 million times https://arstechnica.com/information-technology/2018/06/backdoored-images-downloaded-5-million-times-finally-removed-from-docker-hub/ https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers
Malware installed through DockerHub can also escape the container, so may continue to run.
Friends don't let friends install unreproducible black box container images.
docker, not so hot take? Show more
docker, not so hot take? Show more
docker, not so hot take? Show more
docker, not so hot take? Show more
docker, not so hot take? Show more
docker, not so hot take? Show more
docker, not so hot take? Show more
docker, not so hot take? Show more
@cwebber The beginning of the second article you shared describe pretty much that affected clusters where misconfigured or test clusters left open:
> Kubernetes clusters that were deployed for educational purposes or for tests with lack of security requirements represent a great threat for its owners. Even an experienced engineer could care less or even forget about that part of the infrastructure after tests.