![Robert [KJ5ELX]](https://friendica.hellquist.eu/photo/contact/320/335727?ts=1743933412)
So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.
Let me put the important words in uppercase.
So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.
[Edit with H/T: benjojo.co.uk/u/benjojo/h/cR4d…]
blog.cloudflare.com/password-r…
#cloudflare #password #cybersecurity
Password reuse is rampant: nearly half of observed user logins are compromised
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.The Cloudflare Blog
This entry was edited (3 weeks ago)
reshared this
Schnur
in reply to Robert [KJ5ELX] • • •📡 RightToPrivacy & Tech Tips
in reply to Schnur • • •@schnur Wow. We knew this was possible and huge reason for all the anti cloudflare stance.
I recall a hearing w/gov said "you realize the access you have is very important".
Might have to cover this. Thanks for sharing.
ᥫ᭡ 𐑖ミꪜᴵ𝔦 ᥫ᭡
in reply to 📡 RightToPrivacy & Tech Tips • • •@RTP @schnur This is why I call it "clownflare" .. That US company owns over 80% of the CDN market share, which makes it the world's largest >MITM< reverse proxy
Source: w3techs.com/technologies/histo…
You would think that developers would know better to configure their own infrastructure, but nah.. they choose convenience, i guess it's a human nature..
Market share trends for reverse proxy services, March 2025
w3techs.comVern McCandlish
in reply to Robert [KJ5ELX] • • •Robert [KJ5ELX]
in reply to Vern McCandlish • • •Erik van Straten
in reply to Robert [KJ5ELX] • • •wrote: "[...] something we technically knew was going on before but didn't consciously consider a threat, until now."
I've been warning for CDN's like Cloudflare and Fastly (and cloud providers in general) for a long time.
Here's a recent toot (in Dutch, the "translate" button should do the job): infosec.exchange/@ErikvanStrat….
If you trust Google to translate it (guaranteed NOT error-free, it *may* work in other browsers than Chrome): infosec-exchange.translate.goo…
P.S. Fastly knows your infosec.exchange login credentials.
@malanalysis
#Cloudflare #MitM #AitM #Fastly #CDN #TLSinterception
Erik van Straten (@ErikvanStraten@infosec.exchange)
Infosec ExchangeEndlessMason
in reply to Erik van Straten • • •@ErikvanStraten
If your adblock is good enough you always see the captchas, so you always know when a thing is cloud flair.
Also, who's not doing single use email addresses? Every site is a sea of spammy notification/cart abandonment/special offer/watch list/privacy policy update/m&a mail... And thats before they get pwned or sell your details.
Who wants all that in one mail box?
I already get a bitcoin scam call every 2 weeks because i enabled sms 2fa one place and scammers got hold of the number. At this point they know i know and they know i know that, but the guys on the phone have a call/hour quota and they gotta pay rent i guess...
@0xF21D @malanalysis
skaphle
in reply to EndlessMason • • •@EndlessMason @ErikvanStraten @malanalysis Cory Doctorow @pluralistic argued that hiding your email address from spambots is futile anyway so he doesn't worry when he publishes it regularly: theguardian.com/technology/201…
He needs a good spam filter technique though. Afaik he is still using the same email address.
Keeping an email address secret won't hide it from spambots
Cory Doctorow (The Guardian)Cory Doctorow
in reply to skaphle • • •@skaphle @EndlessMason @ErikvanStraten @malanalysis
Still am.
RaymondPierreL3
in reply to skaphle • • •@skaphle @EndlessMason @ErikvanStraten @malanalysis @pluralistic
A good promo for #Thunderbird , it’s a very good email client. I use it as well (not that my use is any recommendation whatsoever next to Cory’s :)
Thunderbird: Free Your Inbox
in reply to RaymondPierreL3 • • •