Items tagged with: cloudflare

Search

Items tagged with: cloudflare

wrote: "[...] something we technically knew was going on before but didn't consciously consider a threat, until now."

I've been warning for CDN's like Cloudflare and Fastly (and cloud providers in general) for a long time.

Here's a recent toot (in Dutch, the "translate" button should do the job): infosec.exchange/@ErikvanStrat….

If you trust Google to translate it (guaranteed NOT error-free, it *may* work in other browsers than Chrome): infosec-exchange.translate.goo…

P.S. Fastly knows your infosec.exchange login credentials.

@malanalysis

#Cloudflare #MitM #AitM #Fastly #CDN #TLSinterception


Erik van Straten (@ErikvanStraten@infosec.exchange)

Attached: 1 image Risico Cloudflare (+Trump) 🌦️ Achter Cloudflare Steeds meer websites zitten "achter" het Amerikaanse bedrijf Cloudflare. Stel u opent https://pvv.
Infosec Exchange
#cloudflare #mitm #fastly #AiTM #cdn #tlsinterception @Vern McCandlish

So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.

Let me put the important words in uppercase.

So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.

[Edit with H/T: benjojo.co.uk/u/benjojo/h/cR4d…]

blog.cloudflare.com/password-r…

#cloudflare #password #cybersecurity


Password reuse is rampant: nearly half of observed user logins are compromised

Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.
The Cloudflare Blog
#cloudflare #cybersecurity #password

Hi @helpers@forum.friendi.ca! Trying to get Friendica installed and working on one of my domains but having some issues with the s3_storage addon and Cloudflare R2.

Has anyone successfully been able to get the #Friendica #s3_storage #addon to work with #Cloudflare #r2 buckets?

This is what I've got in my local.config.php...

	'storage' => [
    	'name' => 's3',
    	'bucket' => 'friendica',
    	'region' => 'wnam',
    	'endpoint' => 'https://[REDACTED].r2.cloudflarestorage.com',
    	'credentials' => [
	        'key'    => '[REDACTED]',
	        'secret' => '[REDACTED]',
	    ],
	    'options' => [
	        'use_path_style_endpoint' => true,
          'S3_PERMISSION' => 'private',
	    ],
	],
But when I load the Storage settings page under Admin -> Configuration -> Storage, I just get a blank page.

If I forego the config file approach and add the settings under the Addon Configuration page, I just get an "Access Denied" message.

The bucket for this domain is set up identically to the other buckets I use for Sharkey. Public Access for the URL is enabled, and I'm using a freshly created Access Key & Secret that have access to the R2 bucket for this domain.

Any thoughts or help would be appreciated!

#friendica #cloudflare #addon #s3_storage #r2 @Friendica Support

#webdev #RSS #cloudflare

A long two days of coding, but I've finally got a good method of sending #Grafana and #Cloudflare alerts to #XMPP set up: github.com/deuill/webhook-gate…

A number of similar projects exist, but none that could set up multiple pipelines/gateways. Hopefully this is useful to someone; blog-post covering the setup here, including deployment on the Google Cloud Run free tier, is coming soon!


GitHub - deuill/webhook-gateway: A service for transporting WebHooks from Grafana, Cloudflare Notifications, etc. to XMPP, IRC, etc.

A service for transporting WebHooks from Grafana, Cloudflare Notifications, etc. to XMPP, IRC, etc. - deuill/webhook-gateway
GitHub
#xmpp #cloudflare #grafana

#cloudflare #generativeAI #aidependence

#cloudflare #curl #leak

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls

In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.

thehackernews.com/2023/01/mali…#Cloudflare#PyPi#Firewalls


Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls

Six malicious Python packages distributed via PyPI deploying info stealers and use Cloudflare tunnels to sneak through firewalls.
The Hacker News
#cloudflare #pypi #firewalls

#cloudflare #BCMA

#cloudflare #captcha #Tor #lynx

@Bubu I don’t think that’s true. I heard a talk pimping #Matrix at #FOSDEM years back, and I remember because I was a bit repulsed that a pro- #Cloudflare org was getting talking time there. It was the same year that #DuckDuckGo abused a time slot to advertise their #Microsoft-driven service.
#matrix #fosdem #microsoft #cloudflare #duckduckgo @Bubu