I’ve mentioned this before: this is one of the oncoming trains for corp-security.
-
I am so glad I’m no longer in the operational security world anymore ….. these problems are going to grow exponentially* and so will the corresponding burnout.
* on top of the ongoing usual problems that should’ve been fixed / addressed 20 years ago but still haven’t.
@rickf @haroonmeer @TindrasGrove
Still no use case for #Ai and apparently #LLM are useless...
(I should start a file of these)
-
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
@haroonmeer I had a problem with corporate security theatre getting in the way of something I needed to do.
So I asked the corporate provided AI how to get round the corporate security theatre.
And instead of reporting me to security it gave me some code. (Which, in the nature of AI generated code, didn't actually work, but it did give me the clue necessary to write my own code which did work.)
-
@haroonmeer they need to add: "Don't hack stuff" to the prompt, that will protect them
@webhat @haroonmeer
ha ha ha
Uninstalling the Agent is the only solution. -
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
Yeah it's like Cliff Stoll and sendmail all over anew (yes I'm that old). Docker frequently writes root owned files to the FS. We are a dumb species.
-
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
@haroonmeer People are willingly installing malware now, heck.. they’re even paying for it
-
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
@haroonmeer feeling less stupid for being paranoid enough to not add my user to the docker group.
-
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
@haroonmeer at least it didn't use the latest linux exploit
-
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
@haroonmeer As a last resort it would have probably tried running the copyfail exploit.
-
@haroonmeer People are willingly installing malware now, heck.. they’re even paying for it
And corp encourages them to do do.
-
R relay@relay.an.exchange shared this topic
-
And corp encourages them to do do.
@expertenkommision_cyberunfall @stux @haroonmeer and some corps forces us to do it.
-
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
@haroonmeer but isn't the docker's `root` user mapped to a host's transient normal user?
-
@expertenkommision_cyberunfall @stux @haroonmeer and some corps forces us to do it.
Feels like sabotage
-
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
@haroonmeer @jackeric agents are very clever. I’ve seen them try all kinds of things like this just to “get the task done.” I’ve only noticed because I put them in sandbox-exec.
-
@haroonmeer but isn't the docker's `root` user mapped to a host's transient normal user?
@mdione @haroonmeer Docker can map to a user other than root; but it leaves whether or not it does so up to you. I'm not sure if there's some specialty lockdown config that tightens this; but by default docker doesn't even seem to intend to protect the host from the user; and leaves it up to the user whether they want any actual protection from container contents or not.
Understanding the Docker USER Instruction | Docker
Discover best practices and common pitfalls associated with the Docker USER instruction. Also get a hands-on demo to learn the importance of these practices.
Docker (www.docker.com)
-
@mdione @haroonmeer Docker can map to a user other than root; but it leaves whether or not it does so up to you. I'm not sure if there's some specialty lockdown config that tightens this; but by default docker doesn't even seem to intend to protect the host from the user; and leaves it up to the user whether they want any actual protection from container contents or not.
Understanding the Docker USER Instruction | Docker
Discover best practices and common pitfalls associated with the Docker USER instruction. Also get a hands-on demo to learn the importance of these practices.
Docker (www.docker.com)
@mdione @haroonmeer Honestly, I can see the appeal of docker as a sort of web services oriented package manager; but it's terrifying to see people treating it as though it's a VM-tier isolation tool or security boundary. It's certainly not impossible to use it in ways that provide at least some protection from container contents; but the overall intent is much closer to easing dependency wrangling and keeping configs contained than to hard isolation.
-
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
@haroonmeer why are we so worried about agents using this when this was already the first thing any attacker would do?
Pop a shell on Linux, check for docker group access. That makes life very easy. -
@haroonmeer why are we so worried about agents using this when this was already the first thing any attacker would do?
Pop a shell on Linux, check for docker group access. That makes life very easy.@feld @haroonmeer Why are we so worried about agents using this when the user had the rights in the first place? Agents/LLMs should change nothing in that equation. -
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
@haroonmeer Will this still work if docker is not run as root but as an unprivileged user?
-
R relay@relay.infosec.exchange shared this topic
-
@haroonmeer they need to add: "Don't hack stuff" to the prompt, that will protect them
@webhat @haroonmeer also add: "don't say anything about goblins"
