Hello, welcome to the Friday, October 14th, 2016 edition of the Sands and the Storm Center's

Stormcast. My name is Johannes Ulrich, Enderam recording from Jacksonville, Florida.

Jim released today a great free tool that he wrote, a Dockermount.p.y. It's a Python script that allows you to mount Docker file systems

in read-only mode for forensics analysis. Pretty neat script and probably is going to save you

some time if you have to analyze a compromise of a Docker instance.

Now it doesn't handle every possible storage driver that Docker can use,

but it does deal with AUFS and overlay 2,

which are some of the more popular ones,

even though, well, AUFS may be more to the fault on older

systems.

And if you visited a website on Thursday and got a bad certificate warning, it may be due to

a mess up at GlobalSign.

GlobalSign is one of the large certificate authorities and apparently

they did revoke a cross certificate between two root certificates and with that actually

by mistake essentially invalidated one of the signing certificates for some browsers.

Now this originally was done via certificate revocation list and that worked all well,

but today they started also doing that via OCSP, the online certificate status protocol,

and apparently that messed up some browsers and then resulted

in this invalid certificate warning because the signing certificate was no longer trusted.

Now I have a link to Global Science statement in the show notes but when I just clicked on it before recording

this to make sure the link was working, I actually got a certificate warning myself from

the downloads.globalsign.com website. So don't be surprised if that happens. Maybe someone

...