Zum Inhalt der Seite gehen
So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.

Let me put the important words in uppercase.

So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.

[Edit with H/T: https://benjojo.co.uk/u/benjojo/h/cR4dJWj3KZltPv3rqX]

https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/

#cloudflare #password #cybersecurity
#cybersecurity #cloudflare #password
Dieser Beitrag wurde bearbeitet. (3 Wochen her)
Robert [KJ5ELX] :donor:
it makes sense since they function as a global reverse proxy and do MItM decryption of traffic for optimization purposes. But them calling it in such a way is creepy, and also now the cybersecurity community needs to rekon with something we technically knew was going on before but didn't consciously consider a threat, until now.
Erik van Straten
wrote: "[...] something we technically knew was going on before but didn't consciously consider a threat, until now."

I've been warning for CDN's like Cloudflare and Fastly (and cloud providers in general) for a long time.

Here's a recent toot (in Dutch, the "translate" button should do the job): https://infosec.exchange/@ErikvanStraten/114042082778156313.

If you trust Google to translate it (guaranteed NOT error-free, it *may* work in other browsers than Chrome): https://infosec-exchange.translate.goog/@ErikvanStraten/114042082778156313?_x_tr_sl=nl&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

P.S. Fastly knows your https://infosec.exchange login credentials.

@malanalysis

#Cloudflare #MitM #AitM #Fastly #CDN #TLSinterception

Erik van Straten (@ErikvanStraten@infosec.exchange)

Attached: 1 image Risico Cloudflare (+Trump) 🌦️ Achter Cloudflare Steeds meer websites zitten "achter" het Amerikaanse bedrijf Cloudflare. Stel u opent https://pvv.
Infosec Exchange
@Vern McCandlish
EndlessMason
If your adblock is good enough you always see the captchas, so you always know when a thing is cloud flair.

Also, who's not doing single use email addresses? Every site is a sea of spammy notification/cart abandonment/special offer/watch list/privacy policy update/m&a mail... And thats before they get pwned or sell your details.

Who wants all that in one mail box?

I already get a bitcoin scam call every 2 weeks because i enabled sms 2fa one place and scammers got hold of the number. At this point they know i know and they know i know that, but the guys on the phone have a call/hour quota and they gotta pay rent i guess...

@0xF21D @malanalysis
@Robert [KJ5ELX] :donor: @Vern McCandlish
skaphle
Cory Doctorow @pluralistic argued that hiding your email address from spambots is futile anyway so he doesn't worry when he publishes it regularly: https://www.theguardian.com/technology/2010/dec/21/keeping-email-address-secret-spambots

He needs a good spam filter technique though. Afaik he is still using the same email address.
@Cory Doctorow
RaymondPierreL3
A good promo for #Thunderbird , it’s a very good email client. I use it as well (not that my use is any recommendation whatsoever next to Cory’s :)
#thunderbird
Thunderbird: Free Your Inbox
We welcome any and all recommendations! They are all good, and thanks for using us (and telling your fediverse friends.) 😊 🙌