Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.8K
active users

social.tchncs.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

Public *
Robert [KJ5ELX] :donor:

So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.

Let me put the important words in uppercase.

So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.

[Edit with H/T: benjojo.co.uk/u/benjojo/h/cR4d]

blog.cloudflare.com/password-r

benjojo.co.ukbenjojo:It feels quite uncomfortable that cloudflare is somewhat openly admitting to analysing login credentials that are going through the reverse proxy, and providing...
#cloudflare#password#cybersecurity
Critical Silence

@0xF21D this seems to be a little overacting. M$ stores your passwords for third-party mail providers in their cloud, nobody talks about that anymore. Crowdstrike disabled major parts of the world with an update leading to Kernel panic, still nobody went to jail.
Microsoft will cause millions of computers dying this year, still people are fan of M$.
I'll give it a week and then nobody cares about Cloudflare either.

Mar 17, 2025, 10:05 PM·Public
0boosts·1favorite
Public
Robert [KJ5ELX] :donor:

@CriticalSilence Please see my followup: infosec.exchange/@0xF21D/11418

Infosec ExchangeRobert [KJ5ELX] :donor: (@0xF21D@infosec.exchange)Recently I boosted a couple of links about cloudflare doing some sort of password re-use analysis on passwords they saw through their WAF. This was not a technical post. It was a call to attention. Some of the responses I got suggested that my post was misleading or blowing this way out of proportion. I assure you that neither of these are true. Don't focus so much on the idea that #cloudflare has access to passwords that come through their systems. In better times I'd welcome such an effort. At least they didn't chastize someone who really loved a silly movie, like Netflix did long ago. Instead, focus on the fact that they are a company based in the United States meaning they are subject to the whim of a fascist regime that is proving it doesn't care about the letter of the law. I'm not concerned about my password security for the sites that transit their service. I am a cishet middle class white male. I'm pretty low on the target list. *** I AM concerned about the password security for at risk populations who access sites crucial for them, that transit through cloudflare. I'm concerned about the LGBTQIA+ population in the United States. I'm concerned about pregnant women. I'm concerned about Jews, and Muslims, and Bhuddists, and everyone else who doesn't fit into the narrow worldview of the fascist reich that is the republican party and their bootlickers. The FBI, Justice Department, State Department, etc no longer serve the american people. They serve an emperor. This is a time of great danger any website or service that attracts at risk populations should seriously consider if using some of cloudflare's features is worth it, or if they should take their business elsewhere. #ally #uspol
Quiet public
Critical Silence

@0xF21D hey! Thanks for your link, didn't expect to get a response to my "tiny rant", really appreciated :)

Quiet public
Robert [KJ5ELX] :donor:

@CriticalSilence you're welcome. This is why I like the Fediverse. :)

ExploreLive feeds
About