Menu
What's new
By:
Filters Better Search

Cloudflare Security bypass

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

coxhaus said:
This is the second time I have seen this posted.
Click to expand...
Why not post the original source rather than a reprint by a news aggregator site? I assume the first instance you saw was the Bleeping Computer article. I see that article has been updated with a response from Cloudflare.

Update 10/4 - A Cloudflare spokesperson has sent BleepingComputer the following comment regarding Certitude's report:

In our analysis, we found that the firm's findings would have required a customer to disable certain default security configurations on their Cloudflare account and their origin.
Even in this instance, any such abuse can be prevented through the use of custom certificates to manage the communications between Cloudflare and their origin server (e.g. website), or by utilizing Cloudflare Tunnels to communicate from the origin to Cloudflare.
Click to expand...
Click to expand...
 
"Even in this instance, any such abuse can be prevented through the use of ..."

I don't know how to take that. It sounds like they are giving an excuse of 'well, you could do this or that, but only if you know about it, and it may cost extra $$ ... we have bugs but there are ways to work around them'.
 
Justinh said:
"Even in this instance, any such abuse can be prevented through the use of ..."

I don't know how to take that. It sounds like they are giving an excuse of 'well, you could do this or that, but only if you know about it, and it may cost extra $$ ... we have bugs but there are ways to work around them'.
Click to expand...
I think the preceding sentence is the important part, "would have required a customer to disable certain default security configurations on their Cloudflare account and their origin". Which sounds to me like "If you're stupid enough to do this then...". But I'm not one of their customers so what do I know. 🤷‍♂️
 
And no customer would ever do that, correct?

www.snbforums.com

The never ending story...

https://arstechnica.com/security/2023/10/vulnerabilities-in-supermicro-bmcs-could-allow-for-unkillable-server-rootkits/ Not only are BMCs vulnerable (of course), but even 'super admins' don't feel they need to take the precautions they should. Why should you update for security issues? Here's...
www.snbforums.com www.snbforums.com
 
You must log in or register to reply here.

Similar threads

C
eScan Needs Software Update if you run it
Replies
4
Views
215
jerry6
jerry6
C
Cisco looking to the future for Wireless.
Replies
2
Views
476
L&LD
L&LD
C
Cisco NEW Perpetual Licenses for the Catalyst 1200 and 1300 Switches
Replies
4
Views
588
coxhaus
C
C
We are soon to get faster than 1 gig internet
2
Replies
20
Views
3K
Maverick009
Maverick009
Seria17hri11er
News CloudFlare Sees Surge in Hyper Volumetric DDOS Attacks
Replies
0
Views
309
Seria17hri11er
Seria17hri11er

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 923 (members: 18, guests: 905)
Top