back to article Malware? In my Docker container? It's more common than you think

Docker containers are the perfect disguise for malware infections, warn researchers. Speaking at the 2017 Black Hat USA conference in Las Vegas, Aqua Security researchers Michael Cherny and Sagie Dulce said [PDF] the Docker API can be abused for remote code execution and security bypass. Popular with developers as a way to …

About time

The default model for docker image use is in practice fatally flawed from a security standpoint. There is simply no way to credibly confirm that all of these images are properly secured. If you want to take someone's build file, examine it, and build your own image, which you host yourself, great. Anything else is just running a script from the internet as root on all of your machines.

I love Docker as a technology. But it has to be in a securable environment.

0
0

build from scratch and use private registry

Use a private registry, like nexus3.

And build all images from scratch. Dockerfiles for everything can be found on dockerhub.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017