 |
Post AsACcSimxe8yDMxH3Q by [email protected] |
 |
More posts by [email protected] |
|
Post #As9YDBWnkgyBU5jx4q by [email protected] |
|
0 likes, 1 repeats |
|
|
|
https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised… |
|
|
|
Post #As9YDBcpOHn3mmYlTE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] Not gonna lie the convenience of CF can't be overstat… |
|
|
|
Post #As9eky7sgb4bUQZng8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss "SSL added & removed here: $$$" |
|
|
|
Post #As9ekyEcHYSdpJjBB2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@neurovagrant [touches nose] |
|
|
|
Post #As9ekyKztpZ696iH7g by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @neurovagrant I'm with you on this but technically, it's possible… |
|
|
|
Post #AsACNJzJ9MQ6mgShw8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
okay so several people have responded to this thread, pointing at me and figura… |
|
|
|
Post #AsACNK5KmxEz5NHWKW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss which incidentally is exactly how all the corpo "security" tool… |
|
|
|
Post #AsACNKCmLHCBSSlSvw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@fedops @Viss that’s… #nowords |
|
|
|
Post #AsACNL0lLRB5xU9NqK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
i would further argue, that if that in of itself doesn't straight up smack,… |
|
|
|
Post #AsACNkSGkJ2Es2DCgi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss Cloudflare can also generate SSL certificates for any domain without any … |
|
|
|
Post #AsACNkZMJwhrE1Wrjs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@systemadminihater Do they own a root certificate that’s widely deployed in b… |
|
|
|
Post #AsACNkfNxXWjWiLg8G by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@ujay68 I dont know. I just know that they gave Hubspot an SSL certiticate for … |
|
|
|
Post #AsACPTcwHa9DG71jfs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss "Cloudflare’s free plan, which includes leaked credentials detecti… |
|
|
|
Post #AsACVdsP5XUmmhCToW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss I am not a lawyer so no I idea about legality but morally this is a no-go… |
|
|
|
Post #AsACVdyQj8Jf5O1ICu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@mkoek legally this is the same as wiretapping. its a CFAA violation at the ver… |
|
|
|
Post #AsACc96VtjEnN9twG0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss All true. But nowhere near the most unethical or illegal thing Cloudflare… |
|
|
|
Post #AsACcHUYiDE1O3DFqa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss I suppose they just often do SSL-Termination for their customers mainly f… |
|
|
|
Post #AsACcHaEN7lJfdrmgi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@giggls yeah, ssl termination is something theyve done for years. what they hav… |
|
|
|
Post #AsACcHfu22IbxEWJWq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss I suppose that is just the most simple Method:buyer -> https -> Clo… |
|
|
|
Post #AsACcSimxe8yDMxH3Q by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss I don’t see this as particularly egregious in isolation - it’s basica… |
|
|
|
Post #AsACcSqEVy6AaSRDeq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@nimro van buren makes it quite clear. unless the customers of the cloudflare c… |
|
|
|
Post #AsACcSwy6vUCvLab9k by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@nimro a good use case here, to make it even more abundantly clear is:how many … |
|
|
|
Post #AsACdrLksWPet7qbjM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss @gigglsThey can't cache anything without MITM.What they have done wit… |
|
|
|
Post #AsACdrRmW7EXBofQ7k by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@leeloo @giggls so, crimes |
|
|
|
Post #AsACeNgQfBxpAVlZOi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss I’m not from the US so I don’t have deep knowledge of those initialis… |
|
|
|
Post #AsACfl9msIxAGB9iSW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss WTAF? Remove and add SSL here? 😵💫 |
|
|
|
Post #AsACgEdZGf0RgwJPP6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@[email protected] @[email protected] I would not put it past them … |
|
|
|
Post #AsACzhBHMoYXijMMNs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss Cloudflare proxies the SSL traffic. That's how it works. Nothing new … |
|
|
|
Post #AsAD4y83mXHLjRMuGW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@mansr yes. this is obvious.but as described in the article, the 'new' … |
|
|
|
Post #AsAD4yEnNUfO4KWHlQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss They have always done that. This article isn't clear on exactly what … |
|
|
|
Post #AsAD81tmDskSIA9BNg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@[email protected] @[email protected] from what I've gathered they only … |
|
|
|
Post #AsADCNc3Qr08nNvqF6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss now? You just figured this out?Sorry about being toxic, but if ssl is ter… |
|
|
|
Post #AsADGFNTzXwuPgxaqm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@ppxl YUP |
|
|
|
Post #AsADGPNUoLtxQd2kG8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss @dangoodin 😳 |
|
|
|
Post #AsADS2nIbRwmrRf24u by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@VissThe other way is to analyse sites still using unencrypted http that they … |
|
|
|
Post #AsADfWSdc89mdSQKwK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss this reminds me of the shit a researcher did where they made a malicious … |
|
|
|
Post #AsADqsGwrN6vT4MwSW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss it could be done client side, but who knows if it is. |
|
|
|
Post #AsADtDFXpz916hpMu0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@driusan @giggls thats kinda what im thinking |
|
|
|
Post #AsADxYrRQgIFI8cvom by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@[email protected] @[email protected] That would be a very good add-o… |
|
|
|
Post #AsADzN5q9WMLNEE0oK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss They have always been, I've never understood why it has never been ra… |
|
|
|
Post #AsAE3hTsIGpFlNWzTs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss okay reading their https://developers.cloudflare.com/waf/detections/leake… |
|
|
|
Post #AsAHbmAVffxK0gPhCK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss "free plan" once again proving that if it's free, you are t… |
|
|
|
Post #AsAHbmGXJGmCJNEVai by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@j_angliss @Viss if they're doing this to Free Plan users, is there any amo… |
