Archive for the ‘security’ Category

A friend emailed me yesterday saying he was ‘trying to be better informed on security topics’ and asking for suggestions on blogs etc. Here’s my reply… For security stuff first read (or at least skim) Ross Anderson’s Security Engineering (UK|US) – it’s basically the bible for infosec. Don’t be scared that it’s now seven years old […]


BanyanOps have published a report stating that ‘Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities’, which include some of the sensational 2014 issues such as ShellShock and Heartbleed. The analysis also looks at user generated ‘general’ repositories and finds an even greater level of vulnerability. Their conclusion is that images […]


Docker Inc have worked with the Center for Internet Security (CIS) to produce a benchmark document [pdf] containing numerous recommendations for the security of Docker deployments. The benchmark was announced in a blog post ‘Understanding Docker Security and Best Practices’ by Diogo Mónica who was recently hired along with Nathan McCauley to lead theDocker Security […]


At their re:invent 2014 show Amazon launched AWS Key Management Service (KMS), “a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys”. At launch the service supported EBS, S3 and Redshift. […]


Netflix have announced the release of the Message Security Layer protocol (MSL), which they describe as ‘A Modern Take on Securing Communication’. The project is available on github under the Apache 2.0 license, with implementations in Java and JavaScript. The high level goals of the protocol are to improve performance, be cross language, flexible and extensible, […]


CloudFlare have made SSL available to all free subscribers to its content delivery network (CDN) with Universal SSL. The move addresses both cost and complexity issues that have previously confronted web site and application owners wanting to deploy SSL. CloudFlare takes care of issuing a certificate at no cost to the end user, and enabling […]



This post originally appeared on the CohesiveFT blog The Docker subsystem available since version 3.5 allows additional virtualized network functions (VNFs) to be run on VNS3. I’ve previously written about using this capability for content caching, SSL termination and load balancing. This time I’ll cover using it as a network intrusion detection system (NIDS). Introducing Suricata […]


This was a warm up for a presentation I’ll be doing at AppSec USA later in the year. I got some good feedback on the night, but if you have more then please make a comment below.


The dust is starting to settle now in the wake of Heartbleed[1] – those that are going to fix it have already, other servers that are suffering from the issue will remain vulnerable for years to come. It’s time now for reflection, so here’s mine. I was on a family vacation when Heartbleed was announced, and […]