Post AsBI2dCfJ2JxBKBfRA by [email protected] | |
More posts by [email protected] | |
Post #As9PhPUbUuN7tX39hQ by [email protected] | |
0 likes, 4 repeats | |
So, Cloudflare analyzed passwords people are using to log in to sites they prot… | |
Post #As9PzHpUj9R9LBLU5g by [email protected] | |
0 likes, 1 repeats | |
@0xF21D | |
Post #As9QB3ePGmJwqBlw9o by [email protected] | |
0 likes, 1 repeats | |
@malanalysis it makes sense since they function as a global reverse proxy and d… | |
Post #As9Rex0iccE4t91hNQ by [email protected] | |
0 likes, 0 repeats | |
@0xF21D I will assume that this is only on the cloudflare WAF feature where the… | |
Post #As9Rex76EtKXCw0nK4 by [email protected] | |
0 likes, 1 repeats | |
@Erwinvb sites using cloudflare's free plan. Looks like it's a feature … | |
Post #As9TufMsBUkwiE0hUm by [email protected] | |
0 likes, 1 repeats | |
@0xF21D wrote: "[...] something we technically knew was going on before bu… | |
Post #As9UShbiMgLxVHBLZQ by [email protected] | |
0 likes, 0 repeats | |
@0xF21D why are websites still using custom login forms with plaintext credenti… | |
Post #As9UShhk0HApny09xo by [email protected] | |
0 likes, 1 repeats | |
@hyc with cloudflare, anything is possible. :( | |
Post #As9ezgZkDlFvOwcvj6 by [email protected] | |
0 likes, 0 repeats | |
@0xF21D It's almost like Cloudflare is in fact this huge vulnerability that… | |
Post #As9ezgflrM4nhdRk7U by [email protected] | |
0 likes, 1 repeats | |
@Infoseepage or pretending like they can’t be compelled to turn over informat… | |
Post #As9fZsmQK2k9g5ok2C by [email protected] | |
0 likes, 1 repeats | |
But it's okay because it's just our Cloudflare free accounts!As usual, … | |
Post #As9hINV1ZNDFeFSa8m by [email protected] | |
0 likes, 1 repeats | |
@0xF21D Documented here: https://developers.cloudflare.com/waf/detections/leake… | |
Post #As9ikEXoYcdRwAbyRE by [email protected] | |
0 likes, 1 repeats | |
@0xF21D : Cloudflare is evil anyway.Cloudflare reverse-proxies (or -proxied):-c… | |
Post #As9m2mPpfBfm3uPfhQ by [email protected] | |
0 likes, 1 repeats | |
@0xF21D @GossiTheDog | |
Post #As9njaCj2aBcayFxQ0 by [email protected] | |
0 likes, 1 repeats | |
@0xF21D netwatch | |
Post #As9swnSBagNPDsbl7w by [email protected] | |
0 likes, 0 repeats | |
@ErikvanStratenIf your adblock is good enough you always see the captchas, so y… | |
Post #As9swnZd90Kbay5hjM by [email protected] | |
0 likes, 1 repeats | |
@EndlessMason : thanks for responding!You wrote:"Every site is a sea of sp… | |
Post #As9z9E5H0LO912CW2a by [email protected] | |
0 likes, 1 repeats | |
Here's a followup of this post: https://infosec.exchange/@0xF21D/1141802048… | |
Post #As9zztpx0tjRZI9Oam by [email protected] | |
0 likes, 1 repeats | |
@ErikvanStraten @malanalysis its safe to assume that any US corporation is alig… | |
Post #AsA3bsYOX46KSHjxj6 by [email protected] | |
0 likes, 0 repeats | |
@0xF21D As an American who uses Cloudflare DNS, WTF should I use now? | |
Post #AsA3bseQAevCkyYm7U by [email protected] | |
0 likes, 1 repeats | |
@DarthAstrius I use Cloudflare 1.1.1.1 for DNS as well. It's good DNS. I wo… | |
Post #AsA3wVRBfnIMqJClYu by [email protected] | |
0 likes, 0 repeats | |
@0xF21D Did they do this study using actual passwords or just hashes? | |
Post #AsA3wVXDJO7F901ZxI by [email protected] | |
0 likes, 1 repeats | |
@slashdottir I'm not sure. Though I suspect a little from columns A and B i… | |
Post #AsA4i0rEfgzztv2eX2 by [email protected] | |
0 likes, 1 repeats | |
@0xF21D If you pay Cloudflare* to handle your website traffic encryption for yo… | |
Post #AsACNgooGYglamj9Ga by [email protected] | |
0 likes, 0 repeats | |
@0xF21D all your kiwifarms passwords belong to us | |
Post #AsACO03Kkmb1FKfW2i by [email protected] | |
0 likes, 0 repeats | |
@0xF21D if i understand the docs, it's an optional feature you can enable.n… | |
Post #AsACPBbvGcdhNkPfai by [email protected] | |
0 likes, 0 repeats | |
@0xF21D it's long known that the cloudflare proxy in the free tier will ter… | |
Post #AsACPBiera1jidZ35c by [email protected] | |
0 likes, 0 repeats | |
@hannsr DNS verification for Let's Encrypt can be hard to automate for sure… | |
Post #AsACPBpkRDhM4csi8m by [email protected] | |
0 likes, 0 repeats | |
@0xF21D @hannsr My traefik instance does DNS Auth with INWX just fine? Also the… | |
Post #AsACPR1dxH7tBrYvGS by [email protected] | |
0 likes, 0 repeats | |
@0xF21D wtf, carl! Damn pirates. | |
Post #AsACPnPqhxYodJ3Z32 by [email protected] | |
0 likes, 0 repeats | |
@0xF21D Your one stop compromise shop! Four out of five police states recommen… | |
Post #AsACWf3aBYs4jbunU8 by [email protected] | |
0 likes, 0 repeats | |
@0xF21D So cloudflare knows everyone's passwords and what sites they visit? | |
Post #AsACWf9xnpyX3OttQm by [email protected] | |
0 likes, 0 repeats | |
@BuckRogers1965 at this point I think it is safe to assume the answer has been … | |
Post #AsACWfH3NTe9PODYTw by [email protected] | |
0 likes, 0 repeats | |
@0xF21D @BuckRogers1965 how Does cloudstrike use their CA key for this purpose… | |
Post #AsACWfO8x7JllNXDX6 by [email protected] | |
0 likes, 0 repeats | |
@clusterfcku @0xF21D @BuckRogers1965 If you want to use a proxy like CF you nee… | |
Post #AsACX0ac7wlrW8WyO0 by [email protected] | |
0 likes, 0 repeats | |
@0xF21D yes 🧐 | |
Post #AsACYkNDOCDznr5nUm by [email protected] | |
0 likes, 0 repeats | |
@0xF21D to be clear, the blog post states they got their data from a feature yo… | |
Post #AsACYkTF1n2s6XubtA by [email protected] | |
0 likes, 0 repeats | |
@soviut @0xF21DThey're blog post refers to a "built in" feature a… | |
Post #AsACYkZce49KQKthpo by [email protected] | |
0 likes, 0 repeats | |
@adamsaidsomething @soviut @0xF21D speaking as a cloudflare customer, I can con… | |
Post #AsACZJ0Od1lhDDgZHs by [email protected] | |
0 likes, 0 repeats | |
@scatty_hannah @hannsr thnaks! I'll check that out. | |
Post #AsACiIlos7f75b9o2K by [email protected] | |
0 likes, 0 repeats | |
@clusterfcku @0xF21D @BuckRogers1965 how would they know what cached URL you re… | |
Post #AsACkGPibWTQMNksWe by [email protected] | |
0 likes, 0 repeats | |
@hannsr I thought people already know all about that. To be fair, I find it rea… | |
Post #AsACw7IiJOavZV8A9Q by [email protected] | |
0 likes, 0 repeats | |
@0xF21D Thank you for pointing this out. | |
Post #AsAD0reVv4iqUFaiwq by [email protected] | |
0 likes, 0 repeats | |
@EndlessMason that sounds more like you might be signing up to the wrong places… | |
Post #AsAD3e5OocQZHRUcjY by [email protected] | |
0 likes, 0 repeats | |
@JessTheUnstill @0xF21D @malanalysis you're still the product even if you p… | |
Post #AsAD4JL5RCKzDy9ENU by [email protected] | |
0 likes, 0 repeats | |
@0xF21D When you employ a middleman, he will be the mitm. | |
Post #AsAD4RxfNdx1xwG9ce by [email protected] | |
0 likes, 0 repeats | |
@clusterfcku @0xF21D @BuckRogers1965Most governments have their own CA. Maybe n… | |
Post #AsAD6T5SANS82Hrdc8 by [email protected] | |
0 likes, 1 repeats | |
@0xF21D So, CloudFlare, IS the Mos Eisley of the internet providers. | |
Post #AsAD6TBTnyH0KygS0W by [email protected] | |
0 likes, 0 repeats | |
@krypt3ia @0xF21D I'm glad I never used any cloud storage. Avoiding 'sc… | |
Post #AsAD7djK567rKn4Ukq by [email protected] | |
0 likes, 0 repeats | |
@hannsr @0xF21D I also used cf only for DNS but recently I noticed they create … | |
Post #AsADBZMkFV2uxQNuRE by [email protected] | |
0 likes, 0 repeats | |
@adamsaidsomething @0xF21D I spoke with a few people on the CloudFlare discord … | |
Post #AsADHYpz7tsR3Xv01Q by [email protected] | |
0 likes, 0 repeats | |
@malanalysis @0xF21D | |
Post #AsADN2xsXcDHwUE6Wu by [email protected] | |
0 likes, 0 repeats | |
@scott @clusterfcku @0xF21D Yeah, I get that, but you can put the authenticatio… | |
Post #AsADVvtKD2xubvKkQi by [email protected] | |
0 likes, 0 repeats | |
@0xF21D I may have a suggested edit for them, for brevity's sake:Keeping us… | |
Post #AsADWzAxU2gz5R5FRI by [email protected] | |
0 likes, 0 repeats | |
@0xF21D 👀 What with the WHO THE FUCK NOW ??:: sheesh :: | |
Post #AsADX15iMVgb1ke5Xk by [email protected] | |
0 likes, 0 repeats | |
@hannsr, you might want to check out https://desec.io/. According to https://de… | |
Post #AsADX4FkbeUqpkMe6S by [email protected] | |
0 likes, 0 repeats | |
@0xF21D HTTP only, opt-in.You can (should) do this at home. “Once enabled, le… | |
Post #AsADX4NY8ejdDw0sG8 by [email protected] | |
0 likes, 0 repeats | |
@juddy @0xF21D Lowkey hate how nobody read the article and noticed that it'… | |
Post #AsADZDM3jlZLdpL3tw by [email protected] | |
0 likes, 0 repeats | |
@0xF21D So cloudflare is the man in the middle attack we have always been warne… | |
Post #AsADZDTVI5WY0up0VM by [email protected] | |
0 likes, 0 repeats | |
@pgreer @0xF21D the "man in the middle" who also happens to be a ̶n… | |
Post #AsADc4WT20457MZNCK by [email protected] | |
0 likes, 0 repeats | |
@0xF21D good reminder that I still need to move a couple of things away from th… | |
Post #AsADf9ka3FqKCRdqDI by [email protected] | |
0 likes, 0 repeats | |
@0xF21D all your data belong to US big tech companies for profit you dumb europ… | |
Post #AsADlCXQbD8maFN8HA by [email protected] | |
0 likes, 0 repeats | |
@groxx @clusterfcku @0xF21D But the web site could be designed to not use the c… | |
Post #AsADnwe29BR49xloAq by [email protected] | |
0 likes, 0 repeats | |
@0xF21D As bad as the optics are on this one, they're doing the moral equiv… | |
Post #AsAE0O1mADXeYro9iq by [email protected] | |
0 likes, 0 repeats | |
@0xF21D "Are you afraid of MitM between you and our website? Don't wor… | |
Post #AsAE0mTbGQ3iO70iQK by [email protected] | |
0 likes, 0 repeats | |
@nightoo Sure, this site looks sketchy, but this is the platform the vendor dec… | |
Post #AsAE0o973YrLZ9RNlg by [email protected] | |
0 likes, 0 repeats | |
@pgreer @0xF21DYes, Cloudflare "protecting" sites again with they'… | |
Post #AsAE30xUOHxrsm3XAe by [email protected] | |
0 likes, 0 repeats | |
@cygnathreadbare @pgreer @0xF21DAre they tho? I thought they had a very inconsi… | |
Post #AsAE40NU2G0EN3geem by [email protected] | |
0 likes, 0 repeats | |
@ErikvanStraten @0xF21D @malanalysis This is not an exclusive-or choice. In fac… | |
Post #AsAE4oX7YhQ9vQa3cW by [email protected] | |
0 likes, 0 repeats | |
@clusterfcku @0xF21D Yes, they can just ask with a letter that says the CA can … | |
Post #AsB0IzpJA93anxuqBs by [email protected] | |
0 likes, 0 repeats | |
@pgreer we should have known that earlier. | |
Post #AsB0QlkhNHlXTFSxvM by [email protected] | |
0 likes, 0 repeats | |
@0xF21D @malanalysisThis is wild because I *always* knew they were a problem, f… | |
Post #AsB0vFMxp5mk0wthKK by [email protected] | |
0 likes, 0 repeats | |
@JessTheUnstill @0xF21D @malanalysis > which includes leaked credentials det… | |
Post #AsB0z9QXrGRSk8QyVU by [email protected] | |
0 likes, 0 repeats | |
@EndlessMason hm maybe the problem is more pronounced wherever you're livin… | |
Post #AsBHXd4Nkjfzn3Wuga by [email protected] | |
0 likes, 0 repeats | |
@0xF21D this toot is a bit misleading imo.Saying it like like you did sounds li… | |
Post #AsBHXdBpJ3dCA90rI0 by [email protected] | |
0 likes, 1 repeats | |
@qz I posted a second toot as a response: https://infosec.exchange/@0xF21D/1141… | |
Post #AsBHrSuJFKSo40HEki by [email protected] | |
0 likes, 1 repeats | |
@alexlunaview https://infosec.exchange/@0xF21D/114180204895647789 | |
Post #AsBHtd3UUFQc7HbSfQ by [email protected] | |
0 likes, 1 repeats | |
@BenAveling see my followup https://infosec.exchange/@0xF21D/114180204895647789 | |
Post #AsBHvQfbVQryHdHxz6 by [email protected] | |
0 likes, 0 repeats | |
@0xF21D So if you give your private key and certificate to a third party to MIT… | |
Post #AsBHvQlHALPGZDwUpE by [email protected] | |
0 likes, 1 repeats | |
@dascandy see my followup https://infosec.exchange/@0xF21D/114180204895647789 | |
Post #AsBHzLHZTl22jSuhlI by [email protected] | |
0 likes, 0 repeats | |
@[email protected] you are implying they are MitMing plaintext passwords … | |
Post #AsBHzLNx628V3Ftnhw by [email protected] | |
0 likes, 1 repeats | |
@m https://infosec.exchange/@0xF21D/114180204895647789 | |
Post #AsBI2dCfJ2JxBKBfRA by [email protected] | |
0 likes, 0 repeats | |
@0xF21D this seems to be a little overacting. M$ stores your passwords for thir… | |
Post #AsBI2dIgwd8pU10TpY by [email protected] | |
0 likes, 1 repeats | |
@CriticalSilence Please see my followup: https://infosec.exchange/@0xF21D/11418… | |
Post #AsBI9ea6a4XXTzV1rk by [email protected] | |
0 likes, 0 repeats | |
@0xF21D is there something we can do against this from an end user perspective?… | |
Post #AsBI9eg8DfMPmgJqG8 by [email protected] | |
0 likes, 1 repeats | |
@smartphone I think calling attention to the fact that Cloudflare is a US compa… | |
Post #AsBIEV8t6OcLek52jQ by [email protected] | |
0 likes, 0 repeats | |
@0xF21D Are you aware that this is a feature that you need to enable? In other … | |
Post #AsBIEVEujzRDxQtr7o by [email protected] | |
0 likes, 1 repeats | |
@sbeyer please see my followup: https://infosec.exchange/@0xF21D/11418020489564… | |
Post #AsBacU0Wlt9gGGkruC by [email protected] | |
0 likes, 1 repeats | |
@dt @juddy @0xF21D "Opt in" is relative. Did the users opt into the r… | |
Post #AsBj9uOYU1ozI4RXTE by [email protected] | |
0 likes, 0 repeats | |
@tychotithonus @dt @0xF21D What part of "For other purposes for which we o… | |
Post #AsBj9uVe3fUbe3lCWO by [email protected] | |
0 likes, 1 repeats | |
@juddy @dt @0xF21DOh, I understand. The question is whether ordinary users shou… | |
Post #AsBpcIC8Bpryw9Y8XY by [email protected] | |
0 likes, 0 repeats | |
@RTP ehhh | |
Post #AsBpcIJDlTXbI8rnai by [email protected] | |
0 likes, 0 repeats | |
@schnur Wow. We knew this was possible and huge reason for all the anti cloudfl… | |
Post #AsBpcIOtQO4tZjWKQq by [email protected] | |
0 likes, 2 repeats | |
@RTP @schnur This is why I call it "clownflare" .. That US company ow… | |
Post #AsDTyz1hoUNDTO0Xaa by [email protected] | |
0 likes, 0 repeats | |
I wonder why anyone thinks they are the good guys?They run half the internet al… | |
Post #AsDTyzT0B0Cwq2mL8S by [email protected] | |
0 likes, 1 repeats | |
@menel it sounds like communism and everyone knows that communism is a good thi… | |
Post #AsHMqYMf8UQPQ1gPFw by [email protected] | |
0 likes, 0 repeats | |
@0xF21D Any more reason to switch to FIDO2 with hardware tokens or #Passkeys.Th… | |
Post #AsHMqYUoeAwlpJUuxs by [email protected] | |
0 likes, 1 repeats | |
@publicvoit @0xF21D passkeys can be saved to both security keys and credential … | |
Post #AsNxqdILfQIPxkKGEy by [email protected] | |
0 likes, 0 repeats | |
@0xF21D What software is that guy using? It looks like people are repyling fro… | |
Post #AsNxqdONJ17IGR94dM by [email protected] | |
0 likes, 1 repeats | |
@crazyeddie I'm not sure, but it is quite nice. |