Discussion:
[ale] Backdoored/Cryptocurrency Images
Alex Carver via Ale
2018-06-14 19:42:53 UTC
Permalink
This was exactly why I asked about creating Docker images entirely from
scratch unlike the countless how-to's that suggest downloading the
premade images.

https://arstechnica.com/information-technology/2018/06/backdoored-images-downloaded-5-million-times-finally-removed-from-docker-hub/
_______________________________________________
Ale mailing list
***@ale.org
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
James Sumners via Ale
2018-06-14 19:52:07 UTC
Permalink
As with everything, you have to do your due diligence. Notice that the
backdoored images all came from an account like "docker123987". That's your
first clue to not trust the image: the poster is trying to remain
anonymous. But even then, you should be reviewing the source code that
builds the image.
Post by Alex Carver via Ale
This was exactly why I asked about creating Docker images entirely from
scratch unlike the countless how-to's that suggest downloading the
premade images.
https://arstechnica.com/information-technology/2018/06/backdoored-images-downloaded-5-million-times-finally-removed-from-docker-hub/
_______________________________________________
Ale mailing list
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
Alex Carver via Ale
2018-06-14 19:56:59 UTC
Permalink
Yes, and Docker Hub should have removed the images when they were
notified about the problems...eight months ago.
Post by James Sumners via Ale
As with everything, you have to do your due diligence. Notice that the
backdoored images all came from an account like "docker123987". That's your
first clue to not trust the image: the poster is trying to remain
anonymous. But even then, you should be reviewing the source code that
builds the image.
Post by Alex Carver via Ale
This was exactly why I asked about creating Docker images entirely from
scratch unlike the countless how-to's that suggest downloading the
premade images.
https://arstechnica.com/information-technology/2018/06/backdoored-images-downloaded-5-million-times-finally-removed-from-docker-hub/
_______________________________________________
Ale mailing list
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
***@ale.org
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Loading...