Home / Companies / Sysdig / Blog / Post Details
Content Deep Dive

Friends don't let friends Curl | Bash

Blog post from Sysdig

Post Details
Company
Date Published
Author
Mark Stemm
Word Count
1,903
Company Posts That Month
5
Language
English
Hacker News Points
-
Summary

The blog post addresses the risks associated with using "pipe installers," which involve downloading and executing scripts directly from the internet using commands like `curl | bash`, highlighting a potential man-in-the-middle (MITM) attack where attackers could inject malicious code. It illustrates how attackers could exploit vulnerabilities in a software vendor's server infrastructure, particularly through a compromised reverse proxy, to insert harmful code into the installation process. The post emphasizes the lack of protection in pipe installers compared to package management systems, which include cryptographic signing and checksumming. To mitigate these risks, the blog introduces Sysdig Falco, an open-source, behavioral security monitor that detects suspicious activities by monitoring system calls, enabling users to apply rules to identify and restrict dangerous actions during installations, such as preventing unexpected network server starts or session creations. The article concludes by encouraging readers to adopt Sysdig Falco to enhance security measures when using pipe installers.

Trends Found in this Post

No tracked trend matches for this post yet.