2017-04-06, secrets, docker, vortex keyboards, brickerBot

1 minute read

secrets in docker

secret secret I’ve got a secret. It looks like hter is some stuff that is in docker 1.13.1 that allows you to do native secret storage…. swarm-secrets-in-action/

vortex keyboards

I have two different vortex keyboards, the pok3r and the core 40%. I really like vortex keyboards. the only annoything thing is that their firmwares are only released as exe files and since I dont actually have anything that runs windows anymore, this presents a problem. Luckily the internet to the rescue. update-pok3r-rgb-firmware-on-macos long story short if you use virtulabox for mac and then go and download a windows VM for IE11 you can go and download hte xe then set virtualbox to forward the usb keyboard directly. This will give you firmware level access to the keyboard and the exe will work just as it should.

docker daemon

watching the docker daemon is kind of a pain in the butt. Everyone has logging solutions setup for the container level but below that is the daemon and every once and a while somethinggoes wrong with the daemon and it would be nice to see why. The docker daemon by defualt logs out to syslog. Syslog has this thing called rsyslog which lets you essentially route messages directly to a udp port. Splunk has a nice feautre that allows you to isten to udp ports for data collections. a single conf file in the /etc/rsyslog.d/00-docker-rsyslog.conf containing the line. :msg,contains,"docker" @ will take any message contining docker and then pipe it over to my splunk indexer on that given port. Bam you get the docker daemon logs in to splunk while still writing the rest of the syslog messagesto the log files on the host.

bricker bot

Nasty bit of code that is running around. If it finds a vulnerable IoT device it goes and kills it. new-malware-intentionally-bricks-iot-devices

  • Write random bits to the device’s storage drives, rendering flash storage useless.
  • Disables TCP timestamps (sets net.ipv4.tcp_timestamps=0). Internet connectivity is left intact, but hampered.
  • Sets the maximum number of kernel threads to one (kernel.threads-max=1). Since this value is usually in the range of tens of thousands, this effectively stops all kernel operations.
  • Reboots the device.