 |
Post AsEBf2FqUvKdfyv6Lw by [email protected] |
 |
More posts by [email protected] |
|
Post #AsAqiaMhS1lVpE67cW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised… |
|
|
|
Post #AsAqiaU90LiiCJa4Dw by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@corsac I’m 100% behind this, and I think you’re wrong if you’re not 🙂… |
|
|
|
Post #AsC0SXEMWxaSAc8w0u by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@troyhunt thanks for the feedback! I'm not against Cloudfare providing TLS … |
|
|
|
Post #AsC0SXKOAYPKTIxkPI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@corsac how is someone deciding to use them as a WAF an affront to neutrality? |
|
|
|
Post #AsC0SXQPo9EClzmYng by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@troyhunt They’re deciding on their own to check passwords. And the client do… |
|
|
|
Post #AsC0SXWnQQKf5mlekK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@corsac it's meant to be opt-in, agree it's an issue if it's on by … |
|
|
|
Post #AsEBFIfspHqP4YpMMC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@corsacThat is a very good reason for encouraging people to migrate to passkeys… |
|
|
|
Post #AsEBFInKNbnbReJIxc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@x_cli @corsac if you can inspect traffic and observe a password, then you can … |
|
|
|
Post #AsEBFItM1CcTkL87M0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@troyhuntPasswords are PII. I wonder how CloudFlare managed to get consent for … |
|
|
|
Post #AsEBFIzjdTiw487DIe by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@x_cli @corsac passwords alone aren’t PII as they don’t identify anyone, th… |
|
|
|
Post #AsEBf282xv5rHnGsCG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@troyhunt It's on by default on the free plan (https://developers.cloudflar… |
|
|
|
Post #AsEBf2FqUvKdfyv6Lw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@troyhunt That being said, besides totally getting rid of passwords, maybe it w… |
|
|
|
Post #AsEBf2LAB9aLwTPLdo by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@corsac thanks for the link re being on by default, I assume I’m not seeing i… |
|
|
|
Post #AsEFVz3LQp96xO0oCm by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@troyhunt Passkeys do not work that way. They use public key cryptography, sign… |
|
|
|
Post #AsEJ9XjiiG5fgLO6im by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@tychotithonus @troyhunt @x_cli @corsac the weakness is the key storage. Compet… |
|
|
|
Post #AsEJu9Mx7x49icxjSy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@tjbutt58I don't disagree. From the thread, it should be clear that interce… |
|
|
|
Post #AsELPucBcQEbBDnTl2 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@tychotithonus @x_cli @corsac my bad, I rushed and interpreted it as "pass… |
|
|
|
Post #AsET9an8LxykhNe9lg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@troyhunt I would 100% hesitate to say "only" here, especially consid… |
|
|
|
Post #AsET9auZuHvx4T86N6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@tychotithonus @x_cli @corsac I'm trying and struggling to find a reference… |
|
|
|
Post #AsET9b1fTvbZQSRlQG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@troyhunt Oh, sure -- my "de facto" and "if regulations do not s… |
|
|
|
Post #AsEU9iyK2Rig1YVU00 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Side story:On an password-cracking engagement once, I saw a password go by that… |
|
|
|
Post #AsFuKntwqKj8SqMezA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@troyhuntOkay, but "personal data" as defined by the GDPR is *any* da… |
|
|
|
Post #AsFuKo0gRI7AnjW2U4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Foxboron @x_cli @corsac that's certainly not my understanding, got a refer… |
|
|
|
Post #AsFuKo7m0vmn9iphXE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@troyhuntSure.https://gdpr-info.eu/art-4-gdpr/ @x_cli @corsac |
|
|
|
Post #AsFuKoE9dCtFTVonTs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Foxboron @x_cli @corsac where’s the password bit? |
|
|
|
Post #AsFuKoKtEAHHoOyAym by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@troyhuntThat's not how regulations are written. They are vague to encompas… |
|
|
|
Post #AsFuKoQurl6A75mzNA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Foxboron @x_cli @corsac there are plenty of regulations that refer to specific… |
|
|
|
Post #AsFzVZRDSQqUYxsXLc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Foxboron @troyhunt @x_cli In this context Cloudflare is already handling a lot… |
|
|
|
Post #AsFzVZXx3OEWtr1uqW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@corsac @Foxboron @x_cli I’m sure it’s in the terms and conditions we all r… |
|
|
|
Post #AsFzVZfObiBjGwVrRw by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@troyhunt @corsac @Foxboron My understanding is that, under GDPR, it is the con… |
