What's new
By:

Cloudflare Security bypass

coxhaus said:
This is the second time I have seen this posted.
Click to expand...
Why not post the original source rather than a reprint by a news aggregator site? I assume the first instance you saw was the Bleeping Computer article. I see that article has been updated with a response from Cloudflare.

Update 10/4 - A Cloudflare spokesperson has sent BleepingComputer the following comment regarding Certitude's report:

In our analysis, we found that the firm's findings would have required a customer to disable certain default security configurations on their Cloudflare account and their origin.
Even in this instance, any such abuse can be prevented through the use of custom certificates to manage the communications between Cloudflare and their origin server (e.g. website), or by utilizing Cloudflare Tunnels to communicate from the origin to Cloudflare.
Click to expand...
Click to expand...
 
"Even in this instance, any such abuse can be prevented through the use of ..."

I don't know how to take that. It sounds like they are giving an excuse of 'well, you could do this or that, but only if you know about it, and it may cost extra $$ ... we have bugs but there are ways to work around them'.
 
Justinh said:
"Even in this instance, any such abuse can be prevented through the use of ..."

I don't know how to take that. It sounds like they are giving an excuse of 'well, you could do this or that, but only if you know about it, and it may cost extra $$ ... we have bugs but there are ways to work around them'.
Click to expand...
I think the preceding sentence is the important part, "would have required a customer to disable certain default security configurations on their Cloudflare account and their origin". Which sounds to me like "If you're stupid enough to do this then...". But I'm not one of their customers so what do I know. 🤷‍♂️
 
And no customer would ever do that, correct?

www.snbforums.com

The never ending story...

https://arstechnica.com/security/2023/10/vulnerabilities-in-supermicro-bmcs-could-allow-for-unkillable-server-rootkits/ Not only are BMCs vulnerable (of course), but even 'super admins' don't feel they need to take the precautions they should. Why should you update for security issues? Here's...
www.snbforums.com www.snbforums.com
 
You must log in or register to reply here.

Similar threads

128bit
Yes, Wi-Fi Routers Can Detect Movement in Your House - Here's How
Replies
3
Views
2K
sfx2000
sfx2000
C
eScan Needs Software Update if you run it
Replies
4
Views
898
jerry6
jerry6
C
Cisco looking to the future for Wireless.
Replies
2
Views
1K
L&LD
L&LD
C
Cisco NEW Perpetual Licenses for the Catalyst 1200 and 1300 Switches
Replies
4
Views
3K
coxhaus
C
P
Why Asus new Password security policy is ridiculous
2 3 4
Replies
61
Views
7K
scajjr2
S

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 5,213 (members: 10, guests: 5,203)
Back
Top