The firm said in an email sent to customers over the weekend, which was eventually shared online, that it had discovered unauthorised access on its Docker database last Thursday (April. 25^th).  In the message, Docker said the database reportedly contained a “subset of non-financial user data.”

Sensitive data

“During a brief period of unauthorised access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users),” said Kent lamb, the director of Docker Support.

“Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.”

It remains unclear how the breach occurred or how long the hackers had access to the company’s database.

Docker Hub is a repository for users to find free Docker images on the Docker container application. Its container technology allows developers to build, package, and deploy applications.

While the Docker Hub contains a variety of different container images, the company claims that none of its Official Images were compromised during the attack.

“We have additional security measures in place for our Official Images including GPG signatures on git commits as well as Notary signing to ensure the integrity of each image,” the company said.

Docker said “no action is required” for regular Dock Hub users.

Password reset

“A password reset link has been sent to any users who potentially had their password hash exposed,” said Docker.

However, for DevOps teams which that use GitHub and Bitbucket to automatically build code at periodic interval, containers images are often deployed automatically to Docker Hub as part of the whole process.

“Users who have autobuilds who have had their GitHub or Bitbucket repositories unlinked will need to relink those repositories,” said Docker.

Docker said it is still investigating the incident and will share more information about the attack, when available.

The post Docker Hub breach exposes 190k acccounts appeared first on DevOps Online North America.

According to Tech Republic, ACI only takes a few seconds to deploy and by using billing tags each container is billed by the second and admins can pick the number of virtual central processing units (vCPUs) and the amount of memory to make sure the container fits the application.

The director of computing for Microsoft Azure, Corey Sanders, said in a recent blog post: “Role-Based Access Control (RBAC) is offered for each instance, and no virtual management (VM) tier or cluster orchestration tools are needed to get started. It is simply your code, in a container, running in the cloud.

“There are multiple deployment options for ACIs, starting with a template or the Azure Command Line Interface. However, users can deploy from a Docker Hub, or other public repository, as well as from a private repository.”

Microsoft launched its open source connector, letting users deploy ACIs from Kubernetes, so that organisations can deploy VMs alongside ACIs, allowing long-term scalability.

“Microsoft use virtualisation to make sure each container remains isolated from containers deployed by other organisations. Currently, container instances are only available for Linux containers, but Windows container support will be coming sometime in the coming weeks,” added Sanders.

The firm also offers a free container-hosting environment optimised for Azure, integrating with DCOS, Apache Mesos and Docker, to keep Azure relevant to emerging technologies and trends.

Written by Leah Alger

The post Microsoft’s ‘simple and quick’ way to deploy Linux containers appeared first on DevOps Online North America.