YourAnonRiots, to hacking Japanese

#Cloudflare, a web infrastructure company, suffered nation-state attack. Hackers accessed documentation, source code, and attempted data center breach.

https://thehackernews.com/2024/02/cloudflare-breach-nation-state-hackers.html

#cyberattack #hacking #cybersecurity #infosec

cybernews, to Cybersecurity

Cloudflare reveals Thanksgiving breach by 'sophisticated actor'⤵️
#Cloudflare #databreach #datasecurity #cybersecurity #infosec

https://cybernews.com/news/cloudflare-breach-thanksgiving-okta-cyberattack/?utm_source=mastodon&utm_medium=social&utm_campaign=cybernews&utm_content=post

governa, to random
@governa@fosstodon.org avatar

hacked using auth tokens stolen in attack

https://www.bleepingcomputer.com/news/security/cloudflare-hacked-using-auth-tokens-stolen-in-okta-attack/

simontsui, to random

Cloudflare blog on Thanksgiving 2023 security incident:

"Based on our collaboration with colleagues in the industry and government, we believe that this attack was performed by a nation state attacker with the goal of obtaining persistent and widespread access to Cloudflare’s global network."

The attack started in October with the compromise of Okta, but the threat actor only began targeting our systems using those credentials from the Okta compromise in mid-November.
🔗 https://blog.cloudflare.com/thanksgiving-2023-security-incident

fsf, to random
@fsf@hostux.social avatar

Did you know that associate members of the Free Software Foundation (FSF) who live in the US are eligible to join the Digital Federal Credit Union (DCU) for their banking as one of the FSF's associate member benefits? https://u.fsf.org/42l https://www.fsf.org/associate/benefits

digitalRightsNinja,

@fsf I’ve wondered what ’s attraction to is based on. DCU’s app is proprietary closed-source and exclusively distributed in Google and Apple stores.

It’s really a bad idea to use because their website proxies through , a privacy abuser. For the moment, it looks like they only use CF for their sales site not the login host. But many CUs actually let CF be a MitM on their logins and sensitive financial transactions. DCU’s poor judgement could spill over to the transactional site at any time. is not a good to endorse.

Also worth noting that Cloudflare is antithetical to software freedom, according to ¶2 of this article:

https://git.disroot.org/cyberMonk/liberethos_paradigm/src/branch/master/rap_sheets/cloudflare.md

nhoizey, to random French
@nhoizey@mamot.fr avatar

Judging by this @speedcurve graph comparing TTFB from last 3 months to the 3 months before, it looks like TTFB has improved lately with #Netlify, while it has degraded with #Cloudflare:

I'm currently using Cloudflare in front of Netlify, but I'm not sure it's worth it anymore. 🤔

#TTFB

⚓️ https://nicolas-hoizey.com/notes/2024/02/01/2/

ai6yr, to random
@ai6yr@m.ai6yr.org avatar

Okay, what the heck was that... Key and access details on Cloudflare R2 all changed and new endpoints, etc. Unscheduled change? Had to reconfigure all my S3 storage. The life of a sysadmin!

strypey, to random
@strypey@mastodon.nzoss.nz avatar

Hey anyone who gives CloudGlare money only to get protection from DDoS attacks, be aware there are other options. Eg;

https://deflect.ca/about-deflect/

#CloudFlare #DDOS #DeflectCA

czottmann, to random
@czottmann@norden.social avatar

Discovered Tunnel today, and it didn’t disappoint. I was able to set it up locally, and I’ve used it to temporarily expose a little webhook project to the net. The docs were straightforward, it asked me to auth once via browser, the rest happened in the terminal.

https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-local-tunnel/

Yes, I know exists but I didn't feel like signing up for yet another service.

Taffer, to firefox
@Taffer@mastodon.gamedev.place avatar

Was going to see which courses I bought on Zenva last year, but Clownflare there is broken too: https://academy.zenva.com/

Please, Cloudflare, stop breaking the Internet! I have Firefox's fingerprinting protection enabled because of crap like Facebook, not so I can pwn courseware.

irfan, to random

While it’s nice that it’s been twice now we’ve gotten free internet speed upgrades from TM (ISP), both under the PH gov, it still sucks that TM’s fuckin stingy in terms of upload speed.

To get upload speeds not as ridiculous as 50Mbps, you have to be on the 500Mbps download speed plan which still only gives you 100Mbps upload. I was on 50Mbps down years ago, got free upgrade to 500Mbps down (100Mbps up), then recently another free upgrade to 800Mbps down (200Mbps up). My partner’s house tho was upgraded for free from 100Mbps down to 300Mbps down, but still have only 50Mbps up. Get good, TM.

irfan,

I do appreciate that TM haven’t gotten full evil corpo on residential consumers tho and we are not subjected to CGNAT, and all (critical) ports like HTTP/HTTPS etc. remain open, in fact they’ve mentioned that they don’t close any ports whatsoever so self-hosting is pretty easy. Only (notable) thing that might differ from “enterprise” fibre plans are the static IPs, but dynamic IP’s pretty easy to deal with using something like #Cloudflare. Seeing others’ internet subjected to these crap mentioned give me nightmares of TM/other ISP here following suit to do the same.

Motherboard, to Discord

People who posted their layoff are flooded with DMs from others saying they feel less alone. Experts say the videos hold "isolated" bosses accountable.
https://www.vice.com/en/article/y3w4g7/cloudflare-firing-tiktok-remote-layoffs-corporate-accountability?at_medium=Social%20media&at_campaign=Mastodon

alexdeathway, to django

Upgraded my project from Django 3.2.19 to 5.1.0.

Now facing status code 403 forbidden(Origin checking failed - null does not match any trusted origins).

Tried adding CSRF_TRUSTED_ORIGINS in settings.py with no success.

Live: https://gecom.alexdeathway.me Github: https://github.com/alexdeathway/gecom

Techstack: #django , #gunicorn , #nginx, #docker , #certbot (for SSL), #HTML and #bootstrap

Other relevant info: Using #CloudFlare as a DNS resolver.

Anybody who faced similar issue?

iampytest1, to random

#CloudFlare mistreats it's workers. Shocking.

https://web.archive.org/web/https://www.theregister.com/2024/01/15/cloudflare_viral_firing_video/

brawaru, (edited ) to random
@brawaru@mstdn.social avatar

nastiest #DDoS attack on modrinth today. annoying

how sad do you have to be to ddos a site hosting silly block game mods

#cloudflare not doing anything doesn't help either

aby, to tech
@aby@aus.social avatar

These tech companies that are having mass firings.. like cloudflare and discord - they're saying it's because of wanting to cut down on labour and increase efficiency (blah blah blah read maximise profits).

What are the chances it's because they're going to start (have started?) using AI?

(yes, i know AI isn't real and it's machine learning and deep learning.. but it's a misnomer that's become a title so don't lecture, thanks)

trezzer, to privacy

Wow. This is some seriously smelly bullshit.

airtower,

@trezzer "You have to deactivate a #privacy feature so we can protect your privacy!" Did they hire whoever designed the #Cloudflare "checking if your connection is secure" con?

eric_capuano, to random

Hey, so, uh... WTF #cloudflare ?

https://www.reddit.com/r/therewasanattempt/comments/1958yf9/to_lay_off_an_employee/

whynothugo, to random
@whynothugo@fosstodon.org avatar

I don’t know why people assume that #cloudflare has any incentive to reduce DDOS attacks or create any real solutions.

Their business model depends on the proliferation of DDOS attacks and lack of techniques to prevent/mitigate them.

mo8it, to random
@mo8it@fosstodon.org avatar

It sounds like a conspiracy theory, don't take it seriously.

I was just thinking about who could have interest in a long DDoS against a non-profit organization like Blender or Codeberg?

Normally, people run to CloudFlare in such panic situations and put a lot of money on the table out of emergency.

Did anyone think of the possibility that providers like Cloudflare are interested in such actions?

Just thinking loudly…

#Codeberg #DDoS #CloudFlare

Taffer, to godot
@Taffer@mastodon.gamedev.place avatar

Hey @godotengine, the website is giving me a loop of Clownflare's "security" check over and over. GitLab was doing this a month ago...

I'm using Firefox with ad blockers and privacy settings that try to prevent browser finger printing. Clownflare breaks on this frequently. (Looks like they're trying to access cross-origin objects they don't have permission for.)

#godotengine #cloudflare

nicksanspasty, to firefox

Interesting I've had issues with #cloudflare and #firefox recently I just tried switching the user agent name plugin to "firefox linux" and behold the problem went away, I can login to Gitlab again now, not sure why "default" didn't work still but oh well if it works it works

ben, to journalism
@ben@werd.social avatar

Molly White, who has been one of the most important voices on technology and society, has moved her newsletter from Substack to Ghost because of the Nazi problem. #Media https://citationneeded.news/citation-needed-has-a-new-home/?utm_source=werd.io&utm_campaign=mastodon&utm_channel=mastodon

deflarerOfClouds,

@mjgardner
Indeed. I never read molly white’s blog because it’s not open.. #Cloudflare is an exclusive walled garden that excludes me.

#CitationNeeded has the same problem as #substack so nothing changes for me. It’s still in the portion of web that’s dark to proponents of an open free web.
@ben @molly0xfff

deflarerOfClouds,

@ben @molly0xfff @mjgardner @deflarerOfClouds #Cloudflare is not like AWS because CF is an access-restricted service that blocks various groups of people. It’s exclusive. If you can access CF’s websites then it means you are not in any of the excluded groups. They designed the garden walls to be invisible to people who are included, so to you it just looks like any other website.

I don’t see Mark’s screenshot in my textual environment, but I suspect he posted what it looks like when you are in one of Cloudflare’s excluded groups of people.

activistPnk, to xmpp in Matrix vs. XMPP, Security, Privacy, Apps, Efficiency ?

Similar to IRC, where I never found nice usable apps for my taste, I thought XMPP was deprecated, but that doesnt seem so?

A very easy to use phone app is #Snikket. When I force normies to reach me over XMPP, I generally suggest Snikket to them. For the desktop I like the text UI of profanity. But it is glitchy and would be hard to use for anyone who lives in the shelter of a GUI.

#Matrix is theoretically decentralized but the mere fact that the flagship instance is on #Cloudflare suggests the developers are not on the ball about privacy or digital rights. Whenever I have been asked to join a Matrix room, there was reference to that Cloudflare instance, so I refuse it.

#Signal has many problems. I won’t even consider touching it as long as supplying a mobile phone number is a registration requirement.

(btw, i did not see the youtube video so I don’t know if it covered the problems I mention)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • megavids
  • tacticalgear
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • lostlight
  • All magazines
    •