https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/ the only way for cloudflare to have this data is if it is inside the ssl channel, analyzing traffic to their customers who are logging in. ssssoooooooo i guess this makes the […] [Original post on mastodon.social] - ThreadSky

About ThreadSky

Viss.mastodon.social.ap.brid.gy • 3 days ago

https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/

the only way for cloudflare to have this data is if it is inside the ssl channel, analyzing traffic to their customers who are logging in.

ssssoooooooo i guess this makes the […] https://mastodon.social/@Viss/114178938573128987

Comments

Viss.mastodon.social.ap.brid.gy•3 days ago

okay so several people have responded to this thread, pointing at me and figuratively waving off this as "well, duh. cloudflare terminates ssl. theres no surprise here"

so i feel like i have to point this out to the non-security folks.

the part where they, without consent, intercept the […]

Viss.mastodon.social.ap.brid.gy•3 days ago

i would further argue, that if that in of itself doesn't straight up smack, to you, of 'crimes', or 'gross violations of privacy', then perhaps its time for your to revisit your moral compass.

because on this planet, when you steal fucking credentials from people who havent given you […]

giggls.bsky.geggus.net•3 days ago

@Viss I suppose they just often do SSL-Termination for their customers mainly for performance reasons.

Viss.mastodon.social.ap.brid.gy•3 days ago

@giggls yeah, ssl termination is something theyve done for years.

what they have not done for years, though, is MITM the traffic and analyze users credentials without consent

giggls.bsky.geggus.net•3 days ago

@Viss I suppose that is just the most simple Method:
buyer -> https -> Cloudflare -> Plain http -> Seller
If you want https without cloudflare involved this will get a more difficult setup.

Posting Rules

Be respectful to others
No spam or self-promotion
Stay on topic
Follow Bluesky's terms of service

Comments

Posting Rules

Reply