mastodon - Link to source

So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.

Let me put the important words in uppercase.

So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.

[Edit with H/T: benjojo.co.uk/u/benjojo/h/cR4d…]

blog.cloudflare.com/password-r…

#cloudflare #password #cybersecurity


Password reuse is rampant: nearly half of observed user logins are compromised

Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.
The Cloudflare Blog
#cloudflare #cybersecurity #password
This entry was edited (2 weeks ago)

reshared this

in reply to Vern McCandlish

mastodon - Link to source

Robert [KJ5ELX]

@malanalysis it makes sense since they function as a global reverse proxy and do MItM decryption of traffic for optimization purposes. But them calling it in such a way is creepy, and also now the cybersecurity community needs to rekon with something we technically knew was going on before but didn't consciously consider a threat, until now.
@Vern McCandlish
in reply to Robert [KJ5ELX]

mastodon - Link to source

Erik van Straten

wrote: "[...] something we technically knew was going on before but didn't consciously consider a threat, until now."

I've been warning for CDN's like Cloudflare and Fastly (and cloud providers in general) for a long time.

Here's a recent toot (in Dutch, the "translate" button should do the job): infosec.exchange/@ErikvanStrat….

If you trust Google to translate it (guaranteed NOT error-free, it *may* work in other browsers than Chrome): infosec-exchange.translate.goo…

P.S. Fastly knows your infosec.exchange login credentials.

@malanalysis

#Cloudflare #MitM #AitM #Fastly #CDN #TLSinterception


Erik van Straten (@ErikvanStraten@infosec.exchange)

Attached: 1 image Risico Cloudflare (+Trump) 🌦️ Achter Cloudflare Steeds meer websites zitten "achter" het Amerikaanse bedrijf Cloudflare. Stel u opent https://pvv.
Infosec Exchange
#cloudflare #mitm #fastly #AiTM #cdn #tlsinterception @Vern McCandlish
in reply to Erik van Straten

mastodon - Link to source

EndlessMason

@ErikvanStraten

If your adblock is good enough you always see the captchas, so you always know when a thing is cloud flair.

Also, who's not doing single use email addresses? Every site is a sea of spammy notification/cart abandonment/special offer/watch list/privacy policy update/m&a mail... And thats before they get pwned or sell your details.

Who wants all that in one mail box?

I already get a bitcoin scam call every 2 weeks because i enabled sms 2fa one place and scammers got hold of the number. At this point they know i know and they know i know that, but the guys on the phone have a call/hour quota and they gotta pay rent i guess...

@0xF21D @malanalysis

@Vern McCandlish @Robert [KJ5ELX] @Erik van Straten
in reply to EndlessMason

mastodon - Link to source

skaphle

@EndlessMason @ErikvanStraten @malanalysis Cory Doctorow @pluralistic argued that hiding your email address from spambots is futile anyway so he doesn't worry when he publishes it regularly: theguardian.com/technology/201…

He needs a good spam filter technique though. Afaik he is still using the same email address.


Keeping an email address secret won't hide it from spambots

The spam wars aren't going away soon but treating public email addresses as secret is of no benefit
Cory Doctorow (The Guardian)
@Cory Doctorow @Vern McCandlish @EndlessMason @Erik van Straten