DevOps / SRE - Top Links Last Week
Week 12 - Issue #71
Week 12 - Issue #71
Hunt for Lapsus$ Hackers Leads to a British Teen
The Lapsus$ extortion gang hacked Okta and leaked source code for Microsoft's Bing search, Bing Maps, and Cortana voice assistant. The White House warned U.S. companies that Russia may be exploring options for cyberattacks. The U.S. Department of Justice unsealed two indictments on Thursday. According to unnamed U.S. officials, the Viasat satellite hack, which disrupted Ukrainian military communications, was whodunnit. We looked back at the most extensive hack since the Ukraine war began late February.
Diving Into Open Source
People join open-source projects to connect with the community, to learn technical skills, to help create software they care about, and even, in the case of a few tasks, to earn swag. On your resume, you should list any project you significantly contributed to and the main contributions. This can help give employers a feel for the technologies you know and highlight your skills as a team player. Learn the project structure, including the documentation, release frequency, package format, and package format, and who accepts pull requests.
PHP filter_var shenanigans
We have likely all seen PHP filters that prevent us from encountering vulnerabilities. In this blog post, I'll walk you through my thought process for bypassing a filter by looking for a bug in the filter itself to reach a bug! The code that is generated will resemble something like the following.php $userinput = "YOUR_USER_INPUT" ; $command = "ping -c5 "; $retval = $user input.
Its Always Sunny in us-east-1: The gang does business continuity | cyclic.sh
The gang experiences an AWS outage; customers report SHOWSTOPPERs; the gang triages the issues and attempts to implement an elaborate disaster recovery plan. The goal here is efficiency and the mitigation of risk to lunchtime. As always, the secondary objective is to expose the truth about how the P.R. comment you left was ignored and best practices spitefully neglected. Large organizations have Recovery Time Objective (RTO) and Recovery Point Objective ( RPO) standards for disaster/outage scenarios. RTO/RPO can be internal standards or sometimes compliance requirements.
Understanding Load vs. Stress Tests
A load test shows how the application will behave under several simultaneous requests. A stress test shows the limits of the concurrent requests that an application can handle. This article will begin by explaining the differences and then showing how to implement straightforward tests using two simple tools. Many available tools allow us to create load and stress tests; some are paid, others aren't. Finally, I will show how to use two of them, K6 and loadtest.