Erik van Straten<p><<<Hackers abuse free TryCloudflare to deliver remote access malware<br>By Bill Toulas | August 1, 2024 02:33 PM >>><br><a href="https://www.bleepingcomputer.com/news/security/hackers-abuse-free-trycloudflare-to-deliver-remote-access-malware/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/hackers-abuse-free-trycloudflare-to-deliver-remote-access-malware/</span></a></p><p>Big Tech is rapidly degrading the trustworthyness of the internet (see also <a href="https://infosec.exchange/@ErikvanStraten/112889004231703098" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112889004231703098</span></a>).</p><p><a href="https://infosec.exchange/tags/InternetCancer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InternetCancer</span></a> <a href="https://infosec.exchange/tags/DontBeEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DontBeEvil</span></a> <a href="https://infosec.exchange/tags/LackOfAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LackOfAuthentication</span></a> <a href="https://infosec.exchange/tags/ShortSightedness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ShortSightedness</span></a> <a href="https://infosec.exchange/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercrime</span></a> <a href="https://infosec.exchange/tags/BulletProofHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BulletProofHosting</span></a> <br><a href="https://infosec.exchange/tags/AllowingAnonymousBusinesses" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AllowingAnonymousBusinesses</span></a> <a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/Amazon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Amazon</span></a> <a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
10Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.6
#allowinganonymousbusinesses
0 posts · 0 participants · 0 posts today
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@SpaceLifeForm" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>SpaceLifeForm</span></a></span> wrote:<br><<< Why should a CDN have to police websites? >>></p><p>They don't. However, because Cloudflare abuses the knowledge that cybercriminals know that blocking Cloudflare's IP-address ranges will result in lots if false positives (for decent websites), this doesn't imply that Cloudflare should be able to get away with this. They DO have a responsibility.</p><p>The only things they have to do, instead if trying to fool us with the usual "freedom of speech" rubbish:</p><p>(1) Refuse anonymous or obviously identity-spoofing customers, such as:</p><p> • complaints-booking[.]info<br> • defi-chainfix.pages[.]de<br> • evri.mylocal-parcel-gb[.]com<br> • loginmicrosoftonlinecom.pages[.]dev<br> • ing.es-areacliente[.]com</p><p>See also <a href="https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/its-raining-phish-and-scams-how-cloudflare-pages-dev-and-workers-dev-domains-get-abused/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">trustwave.com/en-us/resources/</span><span class="invisible">blogs/spiderlabs-blog/its-raining-phish-and-scams-how-cloudflare-pages-dev-and-workers-dev-domains-get-abused/</span></a> for abuse of Cloudflare's free workers.dev and pages.dev domains (the article is 1 year old but still very to the point);</p><p>(2) Refuse customers using known malicious IP-addresses and/or registrars;</p><p>(3) Treat complaints seriously - and listen to those who know, such as Mandiant (as can be seen in for example <a href="https://www.virustotal.com/gui/ip-address/188.114.96.0/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">188.114.96.0/relations</span></a>: tap ••• a couple of times until you see Mandiant in the third column);</p><p>(4) Always first show a warning page (shown before proceeding to actual site) for new customers, and more often show such a page after receiving complaints and/or when in doubt regarding the customer's intentions.</p><p>Cloudflare is complicit to cybercrime if they continue to facilitate it for their own profit - which is exactly what they and other Big Tech firms are doing right now (I call that <a href="https://infosec.exchange/tags/internetCancer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>internetCancer</span></a> ).</p><p>It is simply unfair that, on the current internet, everybody says that nobody is to blame (except the victims) if innocent individuals have their bank accounts drained, or companies file bankrupcy after ransomware gangs managed to penetrate their network perimeters via phishing attacks and/or hosted malware.</p><p>See also <a href="https://infosec.exchange/@ErikvanStraten/112883883343165898" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112883883343165898</span></a>.</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dangoodin</span></a></span> : thanks for the article: <a href="https://arstechnica.com/security/2024/07/cloudflare-once-again-comes-under-pressure-for-enabling-abusive-sites/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">07/cloudflare-once-again-comes-under-pressure-for-enabling-abusive-sites/</span></a></p><p><a href="https://infosec.exchange/tags/DontBeEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DontBeEvil</span></a> <a href="https://infosec.exchange/tags/LackOfAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LackOfAuthentication</span></a> <a href="https://infosec.exchange/tags/ShortSightedness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ShortSightedness</span></a> <a href="https://infosec.exchange/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercrime</span></a> <a href="https://infosec.exchange/tags/BulletProofHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BulletProofHosting</span></a> <br><a href="https://infosec.exchange/tags/AllowingAnonymousBusinesses" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AllowingAnonymousBusinesses</span></a> <a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/Amazon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Amazon</span></a> <a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://social.coop/@eb" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>eb</span></a></span> :</p><p>It's <a href="https://infosec.exchange/tags/InternetCancer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InternetCancer</span></a> .</p><p>Cloudflare, with a couple of other Big Techs (including Google), increasingly profit from cybercrime. They have turned into criminal organizations themselves. Short sighted, because they're destroying the internet.</p><p>From <a href="https://blog.cloudflare.com/why-we-terminated-daily-stormer" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.cloudflare.com/why-we-ter</span><span class="invisible">minated-daily-stormer</span></a>:<br><<< There are a number of different organizations that work in concert to bring you the Internet. They include:<br>[...]<br>Any of the above could regulate content online. The question is: which of them should? >>></p><p>EACH of them says it's NOT THEM who should.</p><p>But EACH of them SHOULD if they are complicit to cybercrime.</p><p>ALL of them, either directly or indirectly, earn an increasing part of their income by, at the very least condoning, the robbing of innocent individuals. But also of companies, NGO's and govermental organizations.</p><p>THEY HAVE BECOME CRIMINALS THEMSELVES.</p><p>If they'd claim "Wir haben es nicht gewußt" (that a customer is a criminal) then it is the RESPONSIBILITY of each of them in the chain to find out.</p><p>It's fixed by performing thorough authentication (decently verified and proven identities) from the start to the end.</p><p>Anonymous web presences (in particular related to making money), without ANYONE FEELING RESPONSIBLE - and eventually nobody BEING HELD ACCOUNTABLE, will wreak havoc.</p><p>WHOIS it, is where it all starts:<br>————<br>Registrant Contact Information:<br>Name<br>REDACTED FOR PRIVACY<br>Organization<br>REDACTED FOR PRIVACY<br>Address<br>REDACTED FOR PRIVACY<br>Address<br>REDACTED FOR PRIVACY<br>City<br>REDACTED FOR PRIVACY<br>————</p><p>Big Tech facilitates cybercriminals using suggestive pseudonyms (aka domain names) like can be seen here: <a href="https://crt.sh/?q=payments-2-myrogers-acc.net" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crt.sh/?q=payments-2-myrogers-</span><span class="invisible">acc.net</span></a><br>Note the BS: " Domain Validation SECURE SERVER" and "Google TRUST Services".</p><p>It should have been: Let's AUTHENTICATE (see also <a href="https://infosec.exchange/@ErikvanStraten/112882437562055760" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112882437562055760</span></a>).</p><p>Also from <a href="https://blog.cloudflare.com/why-we-terminated-daily-stormer" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.cloudflare.com/why-we-ter</span><span class="invisible">minated-daily-stormer</span></a> (written in 2017):<br><<< For context, Cloudflare currently handles around 10% of Internet requests. >>></p><p>Cloudflare has become the biggest ever bullet-proof hoster (see <a href="https://www.virustotal.com/gui/ip-address/188.114.96.0/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">188.114.96.0/relations</span></a> and tap ••• a couple of times).</p><p>OTOH, the FISA section 702 guys still love them.</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dangoodin</span></a></span> </p><p><a href="https://infosec.exchange/tags/DontBeEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DontBeEvil</span></a> <a href="https://infosec.exchange/tags/LackOfAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LackOfAuthentication</span></a> <a href="https://infosec.exchange/tags/ShortSightedness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ShortSightedness</span></a> <a href="https://infosec.exchange/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercrime</span></a> <a href="https://infosec.exchange/tags/BulletProofHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BulletProofHosting</span></a> <br><a href="https://infosec.exchange/tags/AllowingAnonymousBusinesses" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AllowingAnonymousBusinesses</span></a> <a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/Amazon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Amazon</span></a> <a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload