Introduction
Introduction Statistics Contact Development Disclaimer Help
Post AsBI2dCfJ2JxBKBfRA by [email protected]
More posts by [email protected]
Post #As9PhPUbUuN7tX39hQ by [email protected]
0 likes, 4 repeats
So, Cloudflare analyzed passwords people are using to log in to sites they prot…
Post #As9PzHpUj9R9LBLU5g by [email protected]
0 likes, 1 repeats
@0xF21D
Post #As9QB3ePGmJwqBlw9o by [email protected]
0 likes, 1 repeats
@malanalysis it makes sense since they function as a global reverse proxy and d…
Post #As9Rex0iccE4t91hNQ by [email protected]
0 likes, 0 repeats
@0xF21D I will assume that this is only on the cloudflare WAF feature where the…
Post #As9Rex76EtKXCw0nK4 by [email protected]
0 likes, 1 repeats
@Erwinvb sites using cloudflare's free plan. Looks like it's a feature …
Post #As9TufMsBUkwiE0hUm by [email protected]
0 likes, 1 repeats
@0xF21D wrote: "[...] something we technically knew was going on before bu…
Post #As9UShbiMgLxVHBLZQ by [email protected]
0 likes, 0 repeats
@0xF21D why are websites still using custom login forms with plaintext credenti…
Post #As9UShhk0HApny09xo by [email protected]
0 likes, 1 repeats
@hyc with cloudflare, anything is possible. :(
Post #As9ezgZkDlFvOwcvj6 by [email protected]
0 likes, 0 repeats
@0xF21D It's almost like Cloudflare is in fact this huge vulnerability that…
Post #As9ezgflrM4nhdRk7U by [email protected]
0 likes, 1 repeats
@Infoseepage or pretending like they can’t be compelled to turn over informat…
Post #As9fZsmQK2k9g5ok2C by [email protected]
0 likes, 1 repeats
But it's okay because it's just our Cloudflare free accounts!As usual, …
Post #As9hINV1ZNDFeFSa8m by [email protected]
0 likes, 1 repeats
@0xF21D Documented here: https://developers.cloudflare.com/waf/detections/leake…
Post #As9ikEXoYcdRwAbyRE by [email protected]
0 likes, 1 repeats
@0xF21D : Cloudflare is evil anyway.Cloudflare reverse-proxies (or -proxied):-c…
Post #As9m2mPpfBfm3uPfhQ by [email protected]
0 likes, 1 repeats
@0xF21D @GossiTheDog
Post #As9njaCj2aBcayFxQ0 by [email protected]
0 likes, 1 repeats
@0xF21D netwatch
Post #As9swnSBagNPDsbl7w by [email protected]
0 likes, 0 repeats
@ErikvanStratenIf your adblock is good enough you always see the captchas, so y…
Post #As9swnZd90Kbay5hjM by [email protected]
0 likes, 1 repeats
@EndlessMason : thanks for responding!You wrote:"Every site is a sea of sp…
Post #As9z9E5H0LO912CW2a by [email protected]
0 likes, 1 repeats
Here's a followup of this post: https://infosec.exchange/@0xF21D/1141802048…
Post #As9zztpx0tjRZI9Oam by [email protected]
0 likes, 1 repeats
@ErikvanStraten @malanalysis its safe to assume that any US corporation is alig…
Post #AsA3bsYOX46KSHjxj6 by [email protected]
0 likes, 0 repeats
@0xF21D As an American who uses Cloudflare DNS, WTF should I use now?
Post #AsA3bseQAevCkyYm7U by [email protected]
0 likes, 1 repeats
@DarthAstrius I use Cloudflare 1.1.1.1 for DNS as well. It's good DNS. I wo…
Post #AsA3wVRBfnIMqJClYu by [email protected]
0 likes, 0 repeats
@0xF21D Did they do this study using actual passwords or just hashes?
Post #AsA3wVXDJO7F901ZxI by [email protected]
0 likes, 1 repeats
@slashdottir I'm not sure. Though I suspect a little from columns A and B i…
Post #AsA4i0rEfgzztv2eX2 by [email protected]
0 likes, 1 repeats
@0xF21D If you pay Cloudflare* to handle your website traffic encryption for yo…
Post #AsACNgooGYglamj9Ga by [email protected]
0 likes, 0 repeats
@0xF21D all your kiwifarms passwords belong to us
Post #AsACO03Kkmb1FKfW2i by [email protected]
0 likes, 0 repeats
@0xF21D if i understand the docs, it's an optional feature you can enable.n…
Post #AsACPBbvGcdhNkPfai by [email protected]
0 likes, 0 repeats
@0xF21D it's long known that the cloudflare proxy in the free tier will ter…
Post #AsACPBiera1jidZ35c by [email protected]
0 likes, 0 repeats
@hannsr DNS verification for Let's Encrypt can be hard to automate for sure…
Post #AsACPBpkRDhM4csi8m by [email protected]
0 likes, 0 repeats
@0xF21D @hannsr My traefik instance does DNS Auth with INWX just fine? Also the…
Post #AsACPR1dxH7tBrYvGS by [email protected]
0 likes, 0 repeats
@0xF21D wtf, carl! Damn pirates.
Post #AsACPnPqhxYodJ3Z32 by [email protected]
0 likes, 0 repeats
@0xF21D Your one stop compromise shop! Four out of five police states recommen…
Post #AsACWf3aBYs4jbunU8 by [email protected]
0 likes, 0 repeats
@0xF21D So cloudflare knows everyone's passwords and what sites they visit?
Post #AsACWf9xnpyX3OttQm by [email protected]
0 likes, 0 repeats
@BuckRogers1965 at this point I think it is safe to assume the answer has been …
Post #AsACWfH3NTe9PODYTw by [email protected]
0 likes, 0 repeats
@0xF21D @BuckRogers1965 how Does cloudstrike use their CA key for this purpose…
Post #AsACWfO8x7JllNXDX6 by [email protected]
0 likes, 0 repeats
@clusterfcku @0xF21D @BuckRogers1965 If you want to use a proxy like CF you nee…
Post #AsACX0ac7wlrW8WyO0 by [email protected]
0 likes, 0 repeats
@0xF21D yes 🧐
Post #AsACYkNDOCDznr5nUm by [email protected]
0 likes, 0 repeats
@0xF21D to be clear, the blog post states they got their data from a feature yo…
Post #AsACYkTF1n2s6XubtA by [email protected]
0 likes, 0 repeats
@soviut @0xF21DThey're blog post refers to a "built in" feature a…
Post #AsACYkZce49KQKthpo by [email protected]
0 likes, 0 repeats
@adamsaidsomething @soviut @0xF21D speaking as a cloudflare customer, I can con…
Post #AsACZJ0Od1lhDDgZHs by [email protected]
0 likes, 0 repeats
@scatty_hannah @hannsr thnaks! I'll check that out.
Post #AsACiIlos7f75b9o2K by [email protected]
0 likes, 0 repeats
@clusterfcku @0xF21D @BuckRogers1965 how would they know what cached URL you re…
Post #AsACkGPibWTQMNksWe by [email protected]
0 likes, 0 repeats
@hannsr I thought people already know all about that. To be fair, I find it rea…
Post #AsACw7IiJOavZV8A9Q by [email protected]
0 likes, 0 repeats
@0xF21D Thank you for pointing this out.
Post #AsAD0reVv4iqUFaiwq by [email protected]
0 likes, 0 repeats
@EndlessMason that sounds more like you might be signing up to the wrong places…
Post #AsAD3e5OocQZHRUcjY by [email protected]
0 likes, 0 repeats
@JessTheUnstill @0xF21D @malanalysis you're still the product even if you p…
Post #AsAD4JL5RCKzDy9ENU by [email protected]
0 likes, 0 repeats
@0xF21D When you employ a middleman, he will be the mitm.
Post #AsAD4RxfNdx1xwG9ce by [email protected]
0 likes, 0 repeats
@clusterfcku @0xF21D @BuckRogers1965Most governments have their own CA. Maybe n…
Post #AsAD6T5SANS82Hrdc8 by [email protected]
0 likes, 1 repeats
@0xF21D So, CloudFlare, IS the Mos Eisley of the internet providers.
Post #AsAD6TBTnyH0KygS0W by [email protected]
0 likes, 0 repeats
@krypt3ia @0xF21D I'm glad I never used any cloud storage. Avoiding 'sc…
Post #AsAD7djK567rKn4Ukq by [email protected]
0 likes, 0 repeats
@hannsr @0xF21D I also used cf only for DNS but recently I noticed they create …
Post #AsADBZMkFV2uxQNuRE by [email protected]
0 likes, 0 repeats
@adamsaidsomething @0xF21D I spoke with a few people on the CloudFlare discord …
Post #AsADHYpz7tsR3Xv01Q by [email protected]
0 likes, 0 repeats
@malanalysis @0xF21D
Post #AsADN2xsXcDHwUE6Wu by [email protected]
0 likes, 0 repeats
@scott @clusterfcku @0xF21D Yeah, I get that, but you can put the authenticatio…
Post #AsADVvtKD2xubvKkQi by [email protected]
0 likes, 0 repeats
@0xF21D I may have a suggested edit for them, for brevity's sake:Keeping us…
Post #AsADWzAxU2gz5R5FRI by [email protected]
0 likes, 0 repeats
@0xF21D 👀 What with the WHO THE FUCK NOW ??:: sheesh ::
Post #AsADX15iMVgb1ke5Xk by [email protected]
0 likes, 0 repeats
@hannsr, you might want to check out https://desec.io/. According to https://de…
Post #AsADX4FkbeUqpkMe6S by [email protected]
0 likes, 0 repeats
@0xF21D HTTP only, opt-in.You can (should) do this at home. “Once enabled, le…
Post #AsADX4NY8ejdDw0sG8 by [email protected]
0 likes, 0 repeats
@juddy @0xF21D Lowkey hate how nobody read the article and noticed that it'…
Post #AsADZDM3jlZLdpL3tw by [email protected]
0 likes, 0 repeats
@0xF21D So cloudflare is the man in the middle attack we have always been warne…
Post #AsADZDTVI5WY0up0VM by [email protected]
0 likes, 0 repeats
@pgreer @0xF21D the "man in the middle" who also happens to be a ̶n…
Post #AsADc4WT20457MZNCK by [email protected]
0 likes, 0 repeats
@0xF21D good reminder that I still need to move a couple of things away from th…
Post #AsADf9ka3FqKCRdqDI by [email protected]
0 likes, 0 repeats
@0xF21D all your data belong to US big tech companies for profit you dumb europ…
Post #AsADlCXQbD8maFN8HA by [email protected]
0 likes, 0 repeats
@groxx @clusterfcku @0xF21D But the web site could be designed to not use the c…
Post #AsADnwe29BR49xloAq by [email protected]
0 likes, 0 repeats
@0xF21D As bad as the optics are on this one, they're doing the moral equiv…
Post #AsAE0O1mADXeYro9iq by [email protected]
0 likes, 0 repeats
@0xF21D "Are you afraid of MitM between you and our website? Don't wor…
Post #AsAE0mTbGQ3iO70iQK by [email protected]
0 likes, 0 repeats
@nightoo Sure, this site looks sketchy, but this is the platform the vendor dec…
Post #AsAE0o973YrLZ9RNlg by [email protected]
0 likes, 0 repeats
@pgreer @0xF21DYes, Cloudflare "protecting" sites again with they&#39…
Post #AsAE30xUOHxrsm3XAe by [email protected]
0 likes, 0 repeats
@cygnathreadbare @pgreer @0xF21DAre they tho? I thought they had a very inconsi…
Post #AsAE40NU2G0EN3geem by [email protected]
0 likes, 0 repeats
@ErikvanStraten @0xF21D @malanalysis This is not an exclusive-or choice. In fac…
Post #AsAE4oX7YhQ9vQa3cW by [email protected]
0 likes, 0 repeats
@clusterfcku @0xF21D Yes, they can just ask with a letter that says the CA can …
Post #AsB0IzpJA93anxuqBs by [email protected]
0 likes, 0 repeats
@pgreer we should have known that earlier.
Post #AsB0QlkhNHlXTFSxvM by [email protected]
0 likes, 0 repeats
@0xF21D @malanalysisThis is wild because I *always* knew they were a problem, f…
Post #AsB0vFMxp5mk0wthKK by [email protected]
0 likes, 0 repeats
@JessTheUnstill @0xF21D @malanalysis > which includes leaked credentials det…
Post #AsB0z9QXrGRSk8QyVU by [email protected]
0 likes, 0 repeats
@EndlessMason hm maybe the problem is more pronounced wherever you're livin…
Post #AsBHXd4Nkjfzn3Wuga by [email protected]
0 likes, 0 repeats
@0xF21D this toot is a bit misleading imo.Saying it like like you did sounds li…
Post #AsBHXdBpJ3dCA90rI0 by [email protected]
0 likes, 1 repeats
@qz I posted a second toot as a response: https://infosec.exchange/@0xF21D/1141…
Post #AsBHrSuJFKSo40HEki by [email protected]
0 likes, 1 repeats
@alexlunaview https://infosec.exchange/@0xF21D/114180204895647789
Post #AsBHtd3UUFQc7HbSfQ by [email protected]
0 likes, 1 repeats
@BenAveling see my followup https://infosec.exchange/@0xF21D/114180204895647789
Post #AsBHvQfbVQryHdHxz6 by [email protected]
0 likes, 0 repeats
@0xF21D So if you give your private key and certificate to a third party to MIT…
Post #AsBHvQlHALPGZDwUpE by [email protected]
0 likes, 1 repeats
@dascandy see my followup https://infosec.exchange/@0xF21D/114180204895647789
Post #AsBHzLHZTl22jSuhlI by [email protected]
0 likes, 0 repeats
@[email protected] you are implying they are MitMing plaintext passwords …
Post #AsBHzLNx628V3Ftnhw by [email protected]
0 likes, 1 repeats
@m https://infosec.exchange/@0xF21D/114180204895647789
Post #AsBI2dCfJ2JxBKBfRA by [email protected]
0 likes, 0 repeats
@0xF21D this seems to be a little overacting. M$ stores your passwords for thir…
Post #AsBI2dIgwd8pU10TpY by [email protected]
0 likes, 1 repeats
@CriticalSilence Please see my followup: https://infosec.exchange/@0xF21D/11418…
Post #AsBI9ea6a4XXTzV1rk by [email protected]
0 likes, 0 repeats
@0xF21D is there something we can do against this from an end user perspective?…
Post #AsBI9eg8DfMPmgJqG8 by [email protected]
0 likes, 1 repeats
@smartphone I think calling attention to the fact that Cloudflare is a US compa…
Post #AsBIEV8t6OcLek52jQ by [email protected]
0 likes, 0 repeats
@0xF21D Are you aware that this is a feature that you need to enable? In other …
Post #AsBIEVEujzRDxQtr7o by [email protected]
0 likes, 1 repeats
@sbeyer please see my followup: https://infosec.exchange/@0xF21D/11418020489564…
Post #AsBacU0Wlt9gGGkruC by [email protected]
0 likes, 1 repeats
@dt @juddy @0xF21D "Opt in" is relative. Did the users opt into the r…
Post #AsBj9uOYU1ozI4RXTE by [email protected]
0 likes, 0 repeats
@tychotithonus @dt @0xF21D What part of "For other purposes for which we o…
Post #AsBj9uVe3fUbe3lCWO by [email protected]
0 likes, 1 repeats
@juddy @dt @0xF21DOh, I understand. The question is whether ordinary users shou…
Post #AsBpcIC8Bpryw9Y8XY by [email protected]
0 likes, 0 repeats
@RTP ehhh
Post #AsBpcIJDlTXbI8rnai by [email protected]
0 likes, 0 repeats
@schnur Wow. We knew this was possible and huge reason for all the anti cloudfl…
Post #AsBpcIOtQO4tZjWKQq by [email protected]
0 likes, 2 repeats
@RTP @schnur This is why I call it "clownflare" .. That US company ow…
Post #AsDTyz1hoUNDTO0Xaa by [email protected]
0 likes, 0 repeats
I wonder why anyone thinks they are the good guys?They run half the internet al…
Post #AsDTyzT0B0Cwq2mL8S by [email protected]
0 likes, 1 repeats
@menel it sounds like communism and everyone knows that communism is a good thi…
Post #AsHMqYMf8UQPQ1gPFw by [email protected]
0 likes, 0 repeats
@0xF21D Any more reason to switch to FIDO2 with hardware tokens or #Passkeys.Th…
Post #AsHMqYUoeAwlpJUuxs by [email protected]
0 likes, 1 repeats
@publicvoit @0xF21D passkeys can be saved to both security keys and credential …
Post #AsNxqdILfQIPxkKGEy by [email protected]
0 likes, 0 repeats
@0xF21D What software is that guy using? It looks like people are repyling fro…
Post #AsNxqdONJ17IGR94dM by [email protected]
0 likes, 1 repeats
@crazyeddie I'm not sure, but it is quite nice.
You are viewing proxied material from pleroma.anduin.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.