Month: October 2018
Microservices unplugged: Chautauqua meetup filmed and posted
Like shaky-cam? Like hearing me speak about ‘what i’ve learned about cloud security and micro-services’? This video is for you! Its our meetup (The Waterloo Technology Chautauqua) on video and posted for your pleasure. Thanks again to Auvik for hosting.
Lessons learned: COPY . and geometric size progression
So another day and another ‘registry out of space’. I wrote earlier about the crappy experience increasing this size (and GKE is still on 1.10 so I can’t use the 1.11+ resize mechanism!!!) Vowing not to repeat the ‘that can’t be the right method’ that I pioneered in that post, I decided to dig a…
Pytosquatting, Supply Chain Risk, and the Slovak National Security Bureau
So most of you will have the Slovak ‘NBU’ on your RSS speed-dial, but I found I was a bit behind on my reading of it. As I was catching up, skcsirt-sa-20170909-pypi caught my eye. In a nutshell, its around a phenomena called ‘typo-squatting’. In this case, Python-package name squatting (called pytosquatting). So there is…
Software supply chain risk management robots
It finally happened to you. A developer used ‘import A’. A pulled in B, B pulled in C, D. D pulled in E… and somewhere along that chain evil lurked. Now all your bits are belong to l33t hackerz. So like all things in life its time to over-react after the fact (something about…
My webinar today on surprises in cloud security migration
On of the things that people felt was controversial about my message was “end-point security is no longer a thing”. I’m saying this from the standpoint of: Instances are short-lived (hours/days, not months/years) Instances are dynamically scaling in and out Cloud native applications (usually) run a single-process per instance/container, no space for another (you could…
