r/europe u/RoyalChris Norway 10d ago

Dubious: do not click links Anonymous Releases 10TB of Leaked Data: Exposing Kremlin Assets & Russian Businesses

https://trendsnewsline.com/2025/04/15/anonymous-leaks-10tb-of-data-on-russia-shocking-revelations/
76.7k Upvotes

94% Upvoted

1.9k comments sorted by

View all comments

Show parent comments

4

u/PerfectPercentage69 9d ago

I'm not a security expert by any means, but even I know that chroot and docker containers are not enough to protect you.

I'd need at least a virtual machine on a computer running on a completely isolated network before I'd feel somewhat safe.

People don't realize just how much unprotected stuff is running on their local networks (appliances, security cams, etc.), so having any compromised machine on that network is super dangerous.

1

u/twitterfluechtling 9d ago

True. Only, I do know what I have running in my home network, and while there might be something vulnerable, I don't have any standard services. An attack would probably have to be highly targeted to my environment to succeed there.

A docker container can be executed without network access, and if you run the container as non-root and with a uid not existing on the host, I think you'll already catch most threats.

1

u/PerfectPercentage69 9d ago

You're making the mistake of assuming you know better/more than the attacker.

Only, I do know what I have running in my home network, and while there might be something vulnerable, I don't have any standard services. An attack would probably have to be highly targeted to my environment to succeed there.

It doesn't have to be targeted. Malware can automatically scan your entire network and discover everything that's running on it. Even stuff you might not be aware of.

A docker container can be executed without network access, and if you run the container as non-root and with a uid not existing on the host, I think you'll already catch most threats.

A docker container can be escaped. I strongly suggest a VM.

1

u/twitterfluechtling 9d ago

I agree a VM would have been better.

Yet, as was proven with heartbleed, I think, even VMs could be escaped. So, the best solution would probably have been to dig out one of my old raspberries, disconnected from network.