All posts

Open Source = Bombproof

Open Source = Bombproof

Software isn't usually described as bombproof. Particularly the type of software that is responsible for large analytic jobs or machine learning workloads. The words “finicky”, “complex” or in the case of good marketing “professional grade” (meaning you need years of study and multiple certifications) are more common. Bombproof software, however, is one of the many benefits associated with active open

Read more...

Security Advisory

Synopsis: Two different privilege escalation possibilities against the IAM implementation of MinIO server were discovered and has been fixed in RELEASE.2019–04–04T18–31–46Z. Severity: High Who is affected: All users of the MinIO server are affected. Users of the MinIO gateway are not affected. However, it is still recommended to upgrade. Recommended Action for Users: All users

Read more...

Security Advisory

Synopsis: Possibility of spoofing authentication as another user on the Minio server S3 and Admin API was discovered and has been fixed in RELEASE.2019–02–20T22–44–29Z Severity: Medium Who is affected: All users using multi-user feature are affected. However, it is still recommended for everyone to upgrade. Recommended Action for Users: All users are advised to upgrade

Read more...

Security Advisory

Synopsis: Possibility of authentication bypass against the Minio server Storage API was discovered and has been fixed in RELEASE.2019–02–12T21–58–47Z Severity: Critical Who is affected: The concerned issue is present in all the Minio releases after October 4th 2018. All users of distributed erasure backend are affected. Users of FS and Gateway backend are not affected.

Read more...

Security Advisory

Synopsis: A violation of the SSE-C security guarantees was discovered and has been fixed in RELEASE.2018–07–10T01–42–11Z. Severity: Low Who is affected: All users who stored objects using the S3 SSE-C API and used the same client-provided key at least twice for different objects. Recommended Action for Users: All users are advised to upgrade their Minio

Read more...

Security Advisory

Synopsis: A Denial-of-Service (DoS) vulnerability against the Minio server was discovered and has been fixed in RELEASE.2018–05–25T19–49–13Z Severity: Medium Who is affected: All users of the signature V4 authentication are affected. Users of the signature V2 authentication are not affected. Recommended Action for Users: All users are advised to upgrade their Minio deployments to the

Read more...

Go implementation of Data At Rest Encryption

IntroductionEncrypting network traffic is becoming the default. There are standardized protocols like SSH and TLS as well as projects like Let’s Encrypt to protect data sent over the network. TLS for example takes a data stream, chunks the stream into messages and encrypts every message before sending it through the network. TLS ensures that each message is encrypted and

Read more...