That’s true, although I thought you’re talking about including the dots into the path, which is absolutely not what anyone wants 😄

I’m a little late to the party, but PATH should only consist of the directories, so it should look like this:

export PATH=$PATH:/usr/sbin/

While I appreciate your refusal to spread panic, would you mind explaining what the attack does and why it’s a nothingburger, maybe even why it’s not practical? Because right now, you assert a lot of things without any explanation.

Not saying you’re wrong, but I think it’s good practice to not just rely on claims of authority

Benutzername prüft aus

I wonder where all the gains from increased worker’s efficiency went. Well, no way to know I guess 🤷

In totally unrelated news, I heard humanity will soon have its first trillionaire 🥳

/s

That’s … actually really clever! I’ll steal that idea 😄

Read the article so you don’t have to:

Unlike the title suggests, the docker images they found won’t leak your credentials when you use them, but already contain the credentials of whoever created the image (p.e. through .env files that were accidentally added to the image).

While it contains the valuable reminder to avoid long lived credentials (like API - keys) or use secrets-stores, this “leak” is on the same level as accidentally pushing confidential information to github IMHO.

Fix: have both .gitignore and .dockerignore files and make sure they both contain .env. You use .env and don’t hardcode your secrets, right?

Today’s risky click is presented by GreatTitEnthusiast 👀

It’s a PWA