Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.9K
active users

social.tchncs.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#nginx

22 posts21 participants2 posts today
Public
Xavier «X» Santolaria :verified_paw: :donor:

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #13/2025 is out!

It includes the following and much more:

➝ DNA of 15 Million People for Sale in #23andMe Bankruptcy,

#Trump administration accidentally texted a journalist its war plans,

➝ Critical Ingress #NGINX controller vulnerability allows RCE without authentication,

#Cyberattack hits Ukraine's state railway,

➝ Troy Hunt's Mailchimp account was successfully phished,

#OpenAI Offering $100K Bounties for Critical #Vulnerabilities,

#Meta AI is now available in #WhatsApp for users in 41 European countries... and cannot be turned off

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

DNA of 15 Million People for Sale in 23andMe Bankruptcy, Trump administration accidentally texted a journalist its war plans, Critical Ingress NGINX controller vulnerability allows RCE without authentication, Cyberattack hits Ukraine's state railway, Troy Hunt's Mailchimp account was successfully phished, OpenAI Offering $100K Bounties for Critical Vulnerabilities, Meta AI is now available in WhatsApp for users in 41 European countries... and cannot be turned off
X’s InfoSec Newsletter🕵🏻‍♂️ [InfoSec MASHUP] 13/2025DNA of 15 Million People for Sale in 23andMe Bankruptcy, Trump administration accidentally texted a journalist its war plans, Critical Ingress NGINX controller vulnerability allows RCE without authentication, Cyberattack hits Ukraine's state railway, Troy Hunt's Mailchimp account was successfully phished, OpenAI Offering $100K Bounties for Critical Vulnerabilities, Meta AI is now available in WhatsApp for users in 41 European countries... and cannot be turned off
Public
Felix Palmen :freebsd: :c64:

Trying to come up with my own little self-hosted #http #authentication #daemon to work with #nginx' "authentication request" facility ... first step done! 🥳

Now I have a subset of HTTP 1.x implemented in #C, together with a dummy handler showing nothing but a static hello-world root document.

I know it's kind of stubborn doing that in C, but hey, #coding it is great fun 🙈

github.com/Zirias/swad

Simple Web Authentication Daemon. Contribute to Zirias/swad development by creating an account on GitHub.
GitHubGitHub - Zirias/swad: Simple Web Authentication DaemonSimple Web Authentication Daemon. Contribute to Zirias/swad development by creating an account on GitHub.
Replied in thread
Public
Felix Palmen :freebsd: :c64:

I just realized "basic auth" won't do it, because I'd effectively lock myself out when on my work notebook. That's because Microsoft decided basic auth is insecure. 🙄

Well, I still have some working C code somewhere that implements a simple HTTP/1.1 server which supports registering handlers for routes ... let's see whether I can use that to build some service to use with #nginx "auth_request", offering form+cookie auth with a PAM backend. Could after all be a fun project. 🙈

Replied in thread
Public
Felix Palmen :freebsd: :c64:

@bagder Wow. For a few months, I was wondering why I suddenly have bandwidth issues when activating my camera in MS Teams meetings, so others can't understand me any more.

A look into my #nginx logs seems to clarify. Bots are eagerly fetching my (partially pretty large) #poudriere build logs. 🧐 (#AI "watching shit scroll by"?)

I see GPTBot at least occassionally requests robots.txt, which I don't have so far. Other bots don't seem to be interested. Especially PetalBot is hammering my server. And there are others (bytedance, google, ...)

Now what? Robots.txt would actually *help* well-behaved bots here (I assume build logs aren't valuable for anything). The most pragmatic thing here would be to add some http basic auth in the reverse proxy for all poudriere stuff. It's currently only public because there's no reason to keep it private....

Have to admit I feel inclined to try one of the tarpitting/poisoning approaches, too. 😏

Public
Saustrup

After a lot of tinkering, we finally made it to the latest release of the #nginx ingress controller on the mstdn.dk cluster. The latest release addresses no less than FOUR #CVE records. Critical configuration areas had changed, the GeoIP database had to be cached to avoid rate limiting and the #LUA engine needed some tweaks before it could handle the relative large number of TLS certificates we're using in the cluster, but we finally made it. Sorry about the hick-ups. We're trying to keep expenses from going through the roof, so we've skipped the test setup in favor of gently tweaking things in production. Usually that goes well, but there is the rare exception.

Somewhat related, the #KubeCon / #KubeConEU #Kubernetes conference is next week, which means I'll be in #London for the first time for an entire week. Any suggestions for things worth visiting for a bunch of #nerds? :D

Mastodon hosted on mstdn.dkmstdn.dkJust your average friendly Danish Mastodon server. New users tooting in Danish/English welcome. Administered from Denmark. Hosted on bare-metal Kubernetes in the EU.
Public
pacovk

🚨 #AWS #EKS does not include #NGINX community controller.
But it's a common setup for many (40% of all K8s Cluster). The CVE found allows unauthorized to access secrets of anything and anywhere

For more infos and remediation refer to

Kubernetes: kubernetes.io/blog/2025/03/24/

Kubernetes · Ingress-nginx CVE-2025-1974: What You Need to KnowToday, the ingress-nginx maintainers have released patches for a batch of critical vulnerabilities that could make it easy for attackers to take over your Kubernetes cluster. If you are among the over 40% of Kubernetes administrators using ingress-nginx, you should take action immediately to protect your users and data. Background Ingress is the traditional Kubernetes feature for exposing your workload Pods to the world so that they can be useful. In an implementation-agnostic way, Kubernetes users can define how their applications should be made available on the network.
#CVE#Security
Public *
Developer Overheid

Vanochtend is aan het licht gekomen dat een kwetsbaarheid in de Kubernetes Ingress NGINX Controller (ingress-nginx) kwaadwillenden in staat stelt een ongeauthenticeerde remote code execution (RCE) uit voeren.

Alle organisaties die gebruik maken van ingress-nginx dienen deze zo snel mogelijk te patchen naar versie 1.11.5. Meer info vind je op: advisories.ncsc.nl/advisory?id

advisories.ncsc.nlNCSC Advisories
#security#nginx#kubernetes
Public
maschmi

Going to bed with a report about a potential RCE vulnerability in the "Ingress NGINX Controller". Getting up on the next day and realize we may be affected. Luckily I'm only writing a ticket for this and prioritize resolving it.

Key takeaways:

* #Kubernetes
* Ingress NGINX controller is affected but not NGINX Ingress Controller
* Can lead to RCE on a controller pod
* Admission webhook must be reachable from external

#nginx #vulnerability #rce

thehackernews.com/2025/03/crit

Public
Marcus Noble

If you're running ingress-nginx in your Kubernetes cluster please take a look at this latest CVE details, it's a big one! Patches are out so please get updating as soon as you can!

kubernetes.io/blog/2025/03/24/

Kubernetes · Ingress-nginx CVE-2025-1974: What You Need to KnowToday, the ingress-nginx maintainers have released patches for a batch of critical vulnerabilities that could make it easy for attackers to take over your Kubernetes cluster. If you are among the over 40% of Kubernetes administrators using ingress-nginx, you should take action immediately to protect your users and data. Background Ingress is the traditional Kubernetes feature for exposing your workload Pods to the world so that they can be useful. In an implementation-agnostic way, Kubernetes users can define how their applications should be made available on the network.
#Kubernetes#Nginx#Ingress
ExploreLive feeds
About