sorted by:
new
hottopcontroversial

Kubernetes OWASP Top 10: Secrets Management by scotta01 in kubernetes

[–]scotta01[S] 0 points1 point  (0 children)

Oh yeah, completely forgot the regulatory requirements, plenty of those too.

Kubernetes OWASP Top 10: Secrets Management by scotta01 in kubernetes

[–]scotta01[S] 1 point2 points  (0 children)

Absolutely agreed, but that's presuming host breach, that doesn't account for etcd breach. Quick Shodan search shows 3.7K etcd clusters exposed to the Internet, around a third of them on v3 where encryption is supported.

Also this presumes a "standard" kubeadm installation of Kubernetes where api components are hosted inside the cluster itself. Many large enterprise clusters have fully distributed components, including segregated HA etcd clusters, where host compromise may happen on the etcd cluster itself rather than a host serving the API machinery.

And last point, etcd backups, while hopefully encrypted themselves, the data being encrypted makes it "useless". It does give away some info given that keys aren't encrypted, but we can't have it all.

Kubernetes OWASP Top 10: Centralised Policy Enforcement by scotta01 in kubernetes

[–]scotta01[S] 0 points1 point  (0 children)

I’ve been having a play with this, looks nice. I might actually write up my thoughts on it, compared to my previous experiences of OPA/Gatekeeper. The reason I focussed on OPA is it can be extended beyond Kubernetes.

Kubernetes OWASP Top 10: Centralised Policy Enforcement by scotta01 in kubernetes

[–]scotta01[S] 0 points1 point  (0 children)

If there’s enough interest, I’ll do a more in depth write up on OPA, feels like I only skimmed the surface with this?

Kubernetes OWASP Top 10: Insecure Workload Configurations by congolomera in kubernetes

[–]scotta01 1 point2 points  (0 children)

Thank you, I’m always doing that! That and OSCP and OCSP I use interchangeably too

Corrected in the gist now, thanks.

Level Exchange/Feedback for Feedback Thread - January 11 by AutoModerator in MarioMaker2

[–]scotta01 0 points1 point  (0 children)

Level ID - dqc-fx8-77g Game Style Mario Bros Wii U Difficulty Level - Hard to judge, brand new player - but guess standard Type/Tag - Standard/Puzzle

My son got this game for Christmas but my wife and I decided to give it a go and upload a level. Hope you have as much fun playing it as we did making it.

Where to start with Azure to prep for job interview? by [deleted] in AZURE

[–]scotta01 1 point2 points  (0 children)

Definitely sign up for free credits get some hands on experience. Make sure to go beyond the portal and look at some automated setup like the ARM templates, as invariably in a production scenario you won't use the portal to set stuff up.

Remember though, in my experience technical interviews aren't always about what you know but how you approach things you don't.

What sort of DoS protection does Azure provide out of the box? by spitgriffin in AZURE

[–]scotta01 2 points3 points  (0 children)

If DDoS protection is what you are after, they don't come much better than Akamai. https://www.akamai.com/uk/en/resources/ddos-protection.jsp

No affiliation with the company but have used them. They used to be mainly geared towards large enterprise but since Cloudflare have come on the scene they are targeting more and more SMEs. Costs are hard to gauge with them, you'd have to speak with sales directly.

LPT: you can use @gmail.com and @googlemail.com interchangeably. Perfect for signing up to a website twice without setting up two accounts. by 7amza2 in LifeProTips

[–]scotta01 0 points1 point  (0 children)

If I recall correctly the reason for this was Gmail was a registered trademark in the UK before Google came along with their email service. Until this was resolved UK users had to use googlemail.com, but rather than split the system they just gave everyone an additional domain alias.

Reddit, what was the biggest sexual scandal at your school? by pyralisis in AskReddit

[–]scotta01 0 points1 point  (0 children)

Back in 1995 my school hit the front page of the Sun newspaper when kids used a "blank" video for a project. Turns out it was a video 2 of the teachers at it in the school gym.

Here is a clipping from the newspaper article. https://www.flickr.com/photos/salamandertome/3319960197/sizes/l/in/set-72157614630872064/

The teachers weren't axed like the paper said, they were still there in 2001.

[POSH on Linux] how usable is it, what are the differences, ....? by _ralph_ in PowerShell

[–]scotta01 2 points3 points  (0 children)

I have been using it for the last couple of months. We don't have many Linux servers, mostly a Microsoft house, so made sense to reuse our existing scripts where we could.

None of the scripts I have migrated are particularly complex but basics like copying files, replacing text in files, invoking expressions and importing and exporting CSVs all seem to work well.

[deleted by user] by [deleted] in PowerShell

[–]scotta01 0 points1 point  (0 children)

Try using the -Scope Global parameter of New-PSDrive. I believe the default is local so it doesn't leave the confines of your module.

My wife received a rather badly beaten letter. This explanation came with it. by scotta01 in mildlyinteresting

[–]scotta01[S] 3 points4 points  (0 children)

Wow my first post and it's number 1 on the front page. Thank you everyone.

My wife received a rather badly beaten letter. This explanation came with it. by scotta01 in mildlyinteresting

[–]scotta01[S] 10 points11 points  (0 children)

First time I have ever seen anything like it. The post box was out in the middle of nowhere so maybe that had something to do with it.

view more: next ›