HTTPS is HTTP over TLS. It allows you to encrypt traffic to and from your web server, providing privacy and security for your clients. As of this writing, the world is moving ever closer to HTTPS everywhere: thanks to the Snowden documents, there's been a big push for more privacy and security. Major companies like … Continue reading Apache HTTPS configuration – June 2015
TL;DR: Remove SSLv3 - the impact is likely very small We've now removed SSLv3 from about 1000 servers in our environment. So far, we've only had one issue - a script used to call an API started to fail. The issue was the ruby rest client > 1.7.0. (Yes, that's greater-than.) Removing from Apache SSLv3 … Continue reading Some Real-World Info on POODLE (CVE-2014-3566)
So what we have here is that root inside the containers effectively has root access to any of these file systems or devices. If you can somehow communicate with them, then consequently, you can own the host with little effort.