Some of Our Sources
- Slashdot
- BoingBoing
- Simplebits
- Smashing Apps
- Vandelay Design
- Web Designer Depot
- FanExtra - PSD
- Freelance Switch
- Design Modo
- Willems Lab
Help Webnuz
Referal links:
January 14, 2019 11:30 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/0v7LD9bQgLM/hack-allows-escape-of-play-with-docker-containers
Hack Allows Escape of Play-With-Docker Containers
secwatcher quotes a report from Threatpost: Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the proof-of-concept attack. "The team was able to escape the container and run code remotely right on the host, which has obvious security implications," wrote researchers in a technical write-up posted Monday. Play-with-Docker is an open source free in-browser online playground designed to help developers learn how to use containers. While Play-with-Docker has the support of Docker, it was not created by nor is it maintained by the firm. The environment approximates having the Alpine Linux Virtual Machine in browser, allowing users to build and run Docker containers in various configurations. The vulnerability was reported to the developers of the platform on November 6. On January 7, the bug was patched. As for how many instances of Play-with-Docker may have been affected, "CyberArk estimated there were as many as 200 instances of containers running on the platform it analyzed," reports Threatpost. "It also estimates the domain receives 100,000 monthly site visitors."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/0v7LD9bQgLM/hack-allows-escape-of-play-with-docker-containers
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot