Rebuilding it Better | TechSNAP 362
TechSNAP Video
English - April 04, 2018 08:57 - 73.5 MB VideoTechnology News Tech News networking security sysadmin cisco vpn news cyber opsec zfs linux Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
It’s a TechSNAP introduction to Terraform, a tool for building, changing, and versioning infrastructure safely and efficiently.
It’s a TechSNAP introduction to Terraform, a tool for building, changing, and versioning infrastructure safely and efficiently.
Plus a recent spat of data leaks suggest a common theme, Microsoft’s self inflicted Total Meltdown flaw, and playing around with DNS Rebinding attacks for fun.
The Under Armour Hack Was Even Worse Than It Had To Be
Under Armour Inc (UAA.N) (UA.N) said on Thursday that data from some 150 million MyFitnessPal diet and fitness app accounts was compromised in February, in one of the biggest hacks in history, sending shares of the athletic apparel maker down 3 percent in after-hours trade.
Panerabread.com Leaks Millions of Customer Records
The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com.
No, Panera Bread Doesn’t Take Security Seriously
tl;dr: In August 2017, I reported a vulnerability to Panera Bread that allowed the full name, home address, email address, food/dietary preferences, username, phone number, birthday and last four digits of a saved credit card to be accessed in bulk for any user that had ever signed up for an account. This includes my own personal data! Despite an explicit acknowledgement of the issue and a promise to fix it, Panera Bread sat on the vulnerability and, as far as I can tell, did nothing about it for eight months. When Brian Krebs publicly broke the news, other news outlets emphasized the usual “We take your security very seriously, security is a top priority for us” prepared statement from Panera Bread. Worse still, the vulnerability was not fixed at all — which means the company either misrepresented its actual security posture to the media to save face or was not competent enough to determine this fact for themselves. This post establishes a canonical timeline so subsequent reporting doesn’t get confused.
Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse ... It allowed any process to read the complete memory contents at gigabytes per second, oh - it was possible to write to arbitrary memory as well.
HashiCorp Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
Compared to the JSON or YAML files used by CloudFormation, Terraform HCL is both a more powerful and a more readable language. Here is a small example of a snippet that defines a subnet for the application servers. As you can see, the Terraform code is a quarter of the size, more readable, and easier to understand.
Feedback
Whonow: A malicious DNS server for executing DNS Rebinding attacks on the fly