VSHN.timer

VSHN.timer #164: Welcome to the Jungle

28. Nov 2022

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about all the reasons we have to be cautious when using computers of any kind.

1. David Schütz found a vulnerability affecting seemingly all Google Pixel phones where if you gave him any locked Pixel device, he could give it back to you unlocked. The bug just got fixed in the November 5, 2022 security update.

https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/

2. Most people are familiar with products like Gmail and Google Meet, but Google Sites is a much lesser-known service. And the Google Sites service, which allows users to create web pages, provides a huge assist to scammers looking to hide under a veil of trustworthiness: a website under the Google.com domain name.

https://mashable.com/article/google-sites-phishing-scams

3. Simone Margaritelli became curious about how Logic Pro and Logic Remote were communicating with each other, so he started Wireshark and found that some of the data, such as the client and server names, were transmitted in clear on what seemed to be a custom (and as typical of Apple, undocumented) TCP protocol.

https://www.evilsocket.net/2022/10/20/Reverse-Engineering-the-Apple-MultiPeer-Connectivity-Framework/

4. Jan-Piet Mens got a mail from the .CH registry regarding an incorrect DNSSEC configuration… which triggered a fascinating treasure hunt.

https://jpmens.net/2022/11/10/red-means-kaputt-when-dnssec-turns-into-a-treasure-hunt/

5. This playbook, presented at the OWASP Global AppSec Conference, will help you introduce effective DevSecOps practices in your company. It provides explicit guidance and actionable steps to introduce security controls, measure their effectiveness, and demonstrate value for money to your business leaders.

https://github.com/6mile/DevSecOps-Playbook

Have you tried the Google Pixel lock bypass? Have you implemented a DevSecOps program in your organization? Would you like to share some security tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about Security: #8, #17, #22, #27, #32, #44, #54, #62, #76, #84, #93, #106, #117, #128, #142, and #145.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt