If I learned one thing at Monitorama 2016 in Portland, Oregon, it’s this: it has never been easier to monitor your infrastructure. Not only have the tools come a long way in the last few years, but the community and perspectives on monitoring have rallied as well, by focusing on the people who build and use monitoring systems.
Before you can assign responsibility for a security breach, you need to go back to the scene of the crime and understand where it originated. No easy task given the dynamic and complex nature of cloud computing environments.
The internet is yet again feeling the aftereffects of another “net shattering” vulnerability: a bug in the shell ‘/bin/bash’ that widely affects Linux distributions and is trivial to exploit. The vulnerability exposes a weakness in bash that allows users to execute code set in environment variables, and in certain cases allows unauthenticated remote code execution.
Possible vectors for attack include: