EurAsiayour console hacking resource
Select topic
  Create an account Home  ·  Your Account  ·  Online Shop  ·  Forums  ·  Downloads new  ·  Wiki  
Main Menu
· Home
· About Us
· Downloads
· FAQ
· Forums
· Info Pages
· Members List
· Online Shop
· PDA - AvantGo
· Private Messages
· Search Stories
· Statistics
· Stories Archive
· Submit Story
· Top 10
· Topics
· Upload
· WAP
· Web Links
· Wiki
· Your Account
· Switch to HTTPS!

Online Shop
Credit Card

Bitcoin

EurAsia Online Shop
enter

new products
· PsNee modchip PSX
· R4i Gold 3DS RTS
· Mars Pro GM-816HD
· EurAsia File Collection 2017
· Matrix Infinity 2.0
· Modbo 5.0
· Screwdriver GC/SNES
· X360ACE V3
· E3 NOR Flasher
· Corona Postfix Adapter V2
· SuperCIC SNES kit
· SuperCIC cart key
· Gateway 3DS
· X360ACE V1
· 3k3y 3KR (SATA)
· Mtx Glitcher v1
· HAKKO WICK
· HAKKO PRESTO 980
· ULTRACORE Solder
· Crystal Oscillator 48MHz

complete price list

Tor Hidden Service
Tor Project
EurAsia Onion URL: wrqgfbrcgttkp6pi.onion

Who's Online
There are currently 1331 guest(s) and 6 member(s) online.

fred1005 - gavinfza - milkawax - pstwo4u - wildboy6666 - Wintergrey

Welcome honored guest. You can register for free by clicking here.

Site Protection
INFOSEC
BM

Hot Wikis
PS4 Exploit using Raspberry Pi
Switch Key List
PS4 firmware updates
3k3y nokeys ISO tutorial
3DS game fw updates
3k3y microSD recovery
PS3 SKU Models
PS3 Metldrpwn
Xk3y microSD recovery
Xbox360 motherboards
Xbox360 Reset Glitch Hack
PS3 Blu-ray Drive
Homemade Sputnik360
PS3 BD drive swap
PSP Crypto Keys
PS3_Crypto_Keys
PS3 Hypervisor RE
PS3 Dongle User Guide
PSGroove tutorial
Xecuter LT Fakir
PS3 YLOD Fix
NSMB Modchip Tutorial
PS3 Glitch Hack
Xbox360NoDvdRom
Ps3FactoryRestore
Free60JtagHack
Ps3HddDecrypt
WiiKey2EjectFix
SaveMiiFree
WiiHwDiagram
Ps3OsRels
PandoraNoHomebrewPsp
GcOsMultiGameWiiHowTo
Xbox360LinuxBurn
Xbox360EraserFix
Xbox360Kernel
Xbox360DisasmXtreme
Ps2HdlPatchTutorial
Ps2VersionTable
XboxErrorCodes
XboxVersionTable
GameCubeLaserTweak
ModchipSolderingGuide
PspUmdIsoHaxorLinux

RSS Feed
News & Downloads & Wiki

IRC
#eur
EFnet

Hosted By

Ad

Respected Sites
Home of the Hitmen
radare
gc-forever
pouet.net
English Amiga Board
GXArena OFW Repo
WiiBrew
WiiUBrew
3DBrew
SwitchBrew
Games and Consoles
Maxconsole.com
Console Wizard
GameCube Linux
Xbox Linux
Xbox-Scene.com
XboxHacker.Net
xbins.org
Doom9.net
bunnie's blog
debugmo.de
GX-Mod.com
ElOtroLado.net
uCON64
GBADEV.ORG
GBAtemp.net
PocketHeaven.com
PDRoms
GameSX.com
ASSEMbler
phrack.org
Woz.org

Support...

Bitcoin

Namecoin

radare

OpenCores
Electronic Frontier Foundation
Amnesty International

Nectarine Radio

Demovibes Radio

GNU
Linux
Mozilla

Total Page Views
We received
156349772
page views since June 2002


Moderated by: Robert

EurAsia : Index Free speech CloudFlare; your favorite Man In The Middle
New Topic   Post Reply
Author CloudFlare; your favorite Man In The Middle
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6406
Status: Offline
 _#34880 posted 2016-07-02 @ 09:18 GMT   
Introduction:
There is a growing trend for website owners/admins on internet to use a service called CloudFlare which mitigates any kind of DDoS attack by the means of network topology and software, it can also serve as a static mirror when the website is down.


The good:
As far as functionality goes I applaud CloudFlare's efforts, it really works as intended. Technically their services scale well and the filter system deciding when to present the website visitor with a visual captcha seem to be carefully balanced by both internal statistics and external black lists.


The bad:
By definition, the website owners/admins who decide to use the CloudFlare service are voluntarily signing up for a MITM (Man In The Middle). I guess this is about trust, and if you choose to trust CloudFlare this is not a problem, right? Well, I wish it was that simple, but it turns out that CloudFlare, like any other US based company, has to hand over information to the US government. You can read about what CloudFlare officially admit handing over in their public transparency report.

Another drawback is that their "balanced filter system" I mentioned previously tends to block anything coming from the Tor network, which effectively puts legit users concerned about privacy behind annoying captchas (yes, not all Tor users are bad).


Conclusion:
CloudFlare technically solves a big problem, but please think twice about using their service, it's not just the target website but all your visitors who will be forced to accept this MITM. There are so many weak single points security wise on the internet which can be attacked, but at least you can choose to avoid this one by not signing up.

I recommend rolling your own DoS protection [canned laughter]. Sure, go ahead and laugh at simple 'iptables' hacks and firewall rules, but at least our visitors at eurasia.nu can use Tor without getting annoyed by captchas, and retain the free spirit of the web as it was initially intended.

[ This message was edited by modrobert on 2016-07-02 @ 09:54 GMT ]
  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
GregoryRasputin



private

Registered: 2010-11-10
Messages: 8
Status: Offline
 _#34882 posted 2016-07-02 @ 12:02 GMT   
I don't use CloudFlare, did at the start, but it seemed better without it.
Also i have never seen you on the best IRC

 Profile  pm  www    Quote
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6406
Status: Offline
 _#34883 posted 2016-07-02 @ 13:00 GMT   
And what is the best IRC? I've been on efnet the past 20 years or so (and in #eur the past 10 years). Anyway, as long as you don't recommend facebook it's a win.
  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
GregoryRasputin



private

Registered: 2010-11-10
Messages: 8
Status: Offline
 _#34885 posted 2016-07-04 @ 21:41 GMT   
Quote:
On 2016-07-02 @ 13:00 GMT, modrobert wrote:
And what is the best IRC? I've been on efnet the past 20 years or so (and in #eur the past 10 years). Anyway, as long as you don't recommend facebook it's a win.



Its the IRC server my friend owns, i run it for him, have been doing so from 2008, it used to be the IRC server for ps3hax, but after i left, i made it the server for my site

2008 is the first time i used IRC, having only got the internet for the first time in 2007, my experience is solely limited to that IRC server, i never really feel comfortable on other servers, perhaps thats because i don't have any control on them

Anyway i think i am taking your thread off topic.

 Profile  pm  www    Quote
InsaneNutter



private

Registered: 2009-09-08
Messages: 3
Status: Offline
 _#34894 posted 2016-07-11 @ 19:37 GMT   
I use CloudFlare on my own site as it drastically improves page load times for visitors at the other side of the world to where I host the site from.

In additional its a very good extra layer of security against SQL injection attacks and various other automated attacks.

The vast majority of my visitors have no problems with CloudFlare, even if you do get asked to enter a captcha it's rare most people will be asked to enter one again.

As a webmaster I learned a long time ago no matter what you do, you will never please everyone.

I try my best to do what pleases the majority, the majority don't have a problem with CloudFlare. If they did I certainly wouldn't be paying $20 a month for it.



 Profile  pm    Quote
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6406
Status: Offline
 _#34895 posted 2016-07-11 @ 20:07 GMT   
Quote:
On 2016-07-11 @ 19:37 GMT, InsaneNutter wrote:
I use CloudFlare on my own site as it drastically improves page load times for visitors at the other side of the world to where I host the site from.

In additional its a very good extra layer of security against SQL injection attacks and various other automated attacks.

The vast majority of my visitors have no problems with CloudFlare, even if you do get asked to enter a captcha it's rare most people will be asked to enter one again.

As a webmaster I learned a long time ago no matter what you do, you will never please everyone.

I try my best to do what pleases the majority, the majority don't have a problem with CloudFlare. If they did I certainly wouldn't be paying $20 a month for it.



Yes, I can understand and relate to your situation. It's better to have a running site protected by a service based in a country with serious lack of respect for privacy, than a hacked or DOSed site no one can reach.

My beef was mostly about TOR users getting the captcha treatment by CloudFlare, and I also wanted to highlight the fact about CloudFlare handing over data to the US government. My point, to make it clear, was about signing up for a service which affects all your visitors/users, since they will be logged by CloudFlare with no apparent way to opt out. Unless your site is down (or show a captcha), your visitors/users will not even know that they are being logged.

The irony is that many websites (CMS) theses days asks the visitor for approval to use cookies, as if they care about privacy, but then they happily log everyone through third party without approval.

[ This message was edited by modrobert on 2016-07-11 @ 20:33 GMT ]
  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6406
Status: Offline
 _#35064 posted 2017-01-01 @ 09:28 GMT   
Second thought. Message to all web admins (site owners): Stop using CloudFlare, you really don't want them as man in the middle, and certainly not all your visitors/users forced to it without any way to opt out. I bet the gov requests towards CloudFlare will increase dramatically in 2017, perhaps to a degree they will be forced to stop reporting it.
  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
BonerBoy



lt

Registered: 2006-02-22
Messages: 69
Status: Offline
 _#35065 posted 2017-01-01 @ 10:19 GMT   
forget transparency reports in the future .. gag orders for everyone
      )
     (
      )
  _.-~(~-.
 (@\`---'/.             Tea,     
('  `._.'  `)             anyone?
 `-..___..-' 

 Profile  pm    Quote
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6406
Status: Offline
 _#35164 posted 2017-02-24 @ 07:54 GMT   


Quote:
Big-name websites leaked people's private session keys and personal information into strangers' browsers, due to a Cloudflare bug uncovered by Google researchers.

As we'll see, a single character '>' rather than '=' in Cloudflare's software source code sparked the security blunder.



Mainstream news:
https://www.theregister.co.uk/2017/02/24/cloudbleed_buffer_overflow_bug_spaffs_personal_data/

In depth:
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

taviso:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139


While Cloudbleed was fixed, the government leaking still continues.

[ This message was edited by modrobert on 2017-02-24 @ 08:47 GMT ]
  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6406
Status: Offline
 _#35999 posted 2018-05-17 @ 06:40 GMT   
This "man in the middle" (MITM) just keeps growing.

Quote:
CloudFlare is used by 73.9% of all the websites whose reverse proxy service we know. This is 6.8% of all websites.



https://w3techs.com/technologies/details/cn-cloudflare/all/all

The percentage is a lot higher when including only high traffic websites, and as you can see it's not just CloudFlare, they have some competition, and Google recently launched Cloud Armor.

As a website visitor, for those who promote HTTPS, the benefits of MITM protection using HTTPS is defunct if you access a website which is using CloudFlare (or similar service).

The problem is not only that CloudFlare give user/visitor information on US government request, it's the fact that so much HTTPS traffic pass through their servers which makes them an attractive target for attackers. The more website visitors passing through a single point of failure the worse it gets.

[ This message was edited by modrobert on 2018-05-17 @ 07:14 GMT ]
  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6406
Status: Offline
 _#36001 posted 2018-05-17 @ 12:06 GMT   
Quote:
Fired Uber cybersecurity chief Joe Sullivan was just hired to run security at start-up Cloudflare

* Sullivan was fired by Uber in November for his reported role in covering up a data breach.
* He said he chose Cloudflare because the company matches his passion for "securing the whole internet."
* The announcement comes at a pivotal time in the technology industry, as major tech companies grapple the challenges of securing user data.



Source:
https://www.cnbc.com/2018/05/16/fired-uber-cybersecurity-chief-joe-sullivan-joins-start-up-cloudflare.html

  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
_
New Topic   Post Reply
Jump To
 

All trademarks and copyrights on this page are owned by their respective owners.
Comments and forum messages are owned by the Poster.