[ale] Backdoored/Cryptocurrency Images

Alex Carver agcarver+ale at acarver.net
Thu Jun 14 15:56:59 EDT 2018


Yes, and Docker Hub should have removed the images when they were
notified about the problems...eight months ago.

On 2018-06-14 12:52, James Sumners wrote:
> As with everything, you have to do your due diligence. Notice that the
> backdoored images all came from an account like "docker123987". That's your
> first clue to not trust the image: the poster is trying to remain
> anonymous. But even then, you should be reviewing the source code that
> builds the image.
> 
> On Thu, Jun 14, 2018 at 15:43 Alex Carver via Ale <ale at ale.org> wrote:
> 
>> This was exactly why I asked about creating Docker images entirely from
>> scratch unlike the countless how-to's that suggest downloading the
>> premade images.
>>
>>
>> https://arstechnica.com/information-technology/2018/06/backdoored-images-downloaded-5-million-times-finally-removed-from-docker-hub/
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>



More information about the Ale mailing list