
Ask HN: Is Docker to blame for recent security breaches? - figassis
I&#x27;m assuming a lot here, but I believe many recent data breaches are due to some company leaving their servers wide open. I&#x27;m assuming a lot here, but its reasonable that most deployments today are containerized, and if not Kubernetes, they&#x27;re usually docker.<p>Are most developers aware that &quot;ufw default deny incoming&quot; does not work unless using host networking, or unless we modify the docker daemon or IP tables directly?<p>Also, with the simplicity of ufw, do folks take the time to learn how to work with ip tables? I was bitten by this twice when hosting small dev stuff like mongodb, redis and nfs - often accessed in trusted networks without authentication - where after locking down ufw I&#x27;d get a notice from the cloud provider (DO, Hetzner) a few days later telling me which port I had open. After debugging and ending up here (https:&#x2F;&#x2F;github.com&#x2F;docker&#x2F;for-linux&#x2F;issues&#x2F;690). First time I made a mental note. Second time I finally wrote it down. Its really not obvious.<p>If you host on your own infrastructure, or AWS, I don&#x27;t think you get a notice, so docker-compose up can be really dangerous.<p>I guess I would like your comments on whether this is a probable cause of many breaches and whether there is some responsibility (technical, not legal) on docker to properly document this behavior and probably fix.
======
craftoman
Docker security is a joke but people still using this tool cause it's the most
popular kid on the block and made by Google, the company that most Americans
are faithfully blind trust no matter what s@!&# they launch.

~~~
figassis
Docker is made by Docker, not Google. I'm really looking for some insight
here, not a rant. Cheers!

