The Article

I read Hacker News every day. A story on home server security made the front page recently and got me thinking about Tealok security and defense in depth in computing. This primarily came about due to the (excellent) Hacker News discussion of the article.

The story is pretty simple - you don’t need to read the entirety of the original article to get it. Here’s a summary

• The author starts up a Docker container running Postgres
• Docker by default exposes the container to the internet
• An attacker leveraged the default password in Postgres to get RCE within the container
• Attacker installs Kinsing malware to extract value from the exploited server.

One may be tempted to just say this is a “skills issue” on the part of the original author. If they’d known better, they wouldn’t have exposed the database container and there’d be no story here. I think that’s a valid take to a point - the world is full of dangers and experts are experts in part because they avoid dangers. But that’s missing import lessons.

In today’s digital age, nearly every aspect of our lives is connected to technology. While these connections offer unparalleled convenience, they also come with a hidden cost: our privacy, autonomy, and freedom of choice. Big tech companies like Google, Facebook, and Amazon have built their fortunes by collecting vast amounts of data from us—often without our full understanding or consent. This practice, known as surveillance capitalism, goes far beyond targeted ads. It’s about creating detailed behavioral profiles that predict—and manipulate—our behavior.