HELP! This instance will close down in one month without funds.

*WORKING BEE*

We're donating 10 SOLID HOURS of VISUAL DESIGN WORK as pro-designers ready to work for a AUD$250+ donation for this great instance. No email pls, DMs only! *some work pictured

Help 'activism' open-worlds to those who need it.

BOOST to help a miracle happen. Maybe such miracles are only reserved for those with (#MITM) "connections"?

#testFediverse @witchescauldron

#Microsoft: Verbesserter Schutz vor #MitM-Attacken in #Exchange | Security https://www.heise.de/news/Microsoft-Verbesserter-Schutz-vor-MitM-Attacken-in-Exchange-9295445.html #MicrosoftExchange #AitM

@jcbrand
We were wrong about the above — #BendigoBank is not man-in-the-middled by CloudFlare…

It's #MITM'd by #AmazonCloudFront

The landing and product pages were CloudGlare, and its seems CloudGlare palm the hapless Aussie to (sc)amazon, to watch and control the actual #banking portal part of the site.

#scAmazon #scams #medibankWasAmazonCloudFront #computerSaysNo #bankRuns #orchestratedBankRuns #australia #bitcoinNow

@RecursiveElegance Not sure where in particular, most of my old resources seem to be gone now.

But generally for #Tor users it's an annoyance as its anti-bot measures are very user-hostile.

It also makes mandatory to enable #Javascript in one's #browser, which in general but especially in conjunction with #JIT is a #security hazard.

Depending on the settings used, it can also act as a general #MitM attacker.

Using CloudFlare and other corporate MitM "services" to protect your server against DDOS attacks? Looking for an ethical replacement? Cory Doctorow is using Deflect for pluralistic.net:

https://deflect.ca/

#DDOS #MITM #CloudFlare #DeflectCA

@boingbot
The 'operative word', or phrase here, being "UK forces"?

Other #backdoors, totes okay.

Speaking of backdoors, your instance, mastodon.cloud has been #MitM attacked by #cloudFlare for years.

BT faced this in 2000/2001, when it was found that people using BT as an ISP were having the adverts changed by an #MITM attack.

BT were replacing the advverts with their own, breaking the ( limited ) Common Carrier laws in the UK, as well as the laws on computer-hacking that were UK law at that time.

According to UK case-law and precedent, every single advert would be a separate charge.

It would have bankrupted BT.

Certificate Authorities #CA are the backbone of #trust in the Internet and the #ACME protocol is the workhorse powering Let's Encrypt & Co.

A chinese CA reseller finds an bug in an ACME client that allows CAs (maybe also Man In The Middle #MITM?) to execute arbitrary code on (millions? of) client machines.

Instead of reporting this major security risk, they start using it to provide commercial CA services over ACME. And are convinced they are the good guys🥴

Update now!
https://github.com/acmesh-official/acme.sh/issues/4659

“Il existe sur différents modèles et systèmes d’exploitation” : mise à mal du système d’#authentificationdigitale, via deux vulnérabilités 0-day menant à une cyber-attaque #MITM ! (#BrutePrint…)

https://blog.sosordi.net/2023/06/il-existe-sur-differents-modeles-et-systemes-dexploitation-mise-a-mal-du-systeme-dauthentification-digitale-via-deux-vulnerabilites-0-day-menant-a-une-cyber-attaque-mitm-bruteprint.html

#securite #data #vieprivee #bruteforce

@gabriel @victor
Always nice to see the icon being used! :)

We never thought #Matrix was a particularly viable option for us over and above #XMPP. We are not surprised to hear that they have questionable backers, or are #MITM'd, given they seemed to do a lot via the matrix.org domain — a #CloudFlare'd service.

Ein Man-in-the-Middle-Angriff bezeichnet einen Cyber-Angriff, bei dem sich ein Hacker zwischen zwei Zielpersonen einschaltet, z. B. beim Lesen von E-Mails, Online-Banking, Einloggen auf Plattformen etc.
Dadurch können Daten unbemerkt abgegriffen oder verändert werden.
Die Übersicht mit unserem Glossar finden Sie auf unserer Website: https://news.neto.consulting/#Glossar
#glossar #cybersecurity #cyberangriff #itsicherheit #maninthemiddleattack #hacker #mitm

This may sound controversial but…

For suppressed people who value basic #digitalSovereignity, knowing that almost all #banks in #Australia are being man-in-the-middled (#MitMd) by the likes of #Amazon, CloudFlare et al. We propose a weirdly radical solution…

Start using #cheques.

Call the bank and ask for a #chequeBook. The current #MitM attackers cannot stop us from paying with a cheque and we can sign with a message of our choosing. *wink

#censorshipResistance #cloudFlare #stopCAGEMAFIA

📬 Sicherheitslücke: Dein WLAN-Router lässt Angreifer schnüffeln
#ITSicherheit #HiSilicon #ICMP #ICMPRedirect #MITM #Ping #Qualcomm #WiFiRouter #WLANRouter #WPA https://tarnkappe.info/artikel/it-sicherheit/sicherheitsluecke-dein-wlan-router-laesst-angreifer-schnueffeln-272633.html

Cosmic mitmproxy https://github.polettix.it/ETOOBUSY/2023/04/04/cosmic-mitmproxy/ #mitm #security #mitmproxy

So Github changed their RSA SSH host key. If you get this warning message, don't freak out (like I did for a short moment). But do check the fingerprint before updating your known_hosts file.

https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
#github #rsa #ssh #mitm #security

@h3artbl33d it never stops driving me crazy that people pay shady people to #mitm their traffic to protect their privacy 🙃

El lado del mal - Weaponizar ChatGPT para robar contraseñas WiFi y crear malware https://www.elladodelmal.com/2023/02/weaponizar-chatgpt-para-robar.html #ChatGPT #malware #WiFi #hacking #pentesting #PowerShell #Windows #pentest #pentester #RogueWiFi #MitM

So in conclusion:

A company that seems to actively try to hide who they are, markets a new browser to young german audiences via TikTok, with the promise of free access to Video content.

They say they're using a VPN to secure their users' traffic, but instead just proxy it through a shadowsocks server under their control.

On top of that, they do not show any indicators of whether you're using HTTPS in the Browser UI and even show no errors or warning messages for any of the certificate errors listed on https://badssl.com.

In my (admittedly, now very tired) mind this is the perfect setup for a large scale #MITM attack, no?

Am I completely crazy or is this a bit worrying?

@linuzifer @zerforschung [6/6]

So in conclusion:

A company that seems to actively try to hide who they are, markets a new browser to young german audiences via TikTok, with the promise of free access to Video content.

They say they're using a VPN to secure their users' traffic, but instead just proxy it through a shadowsocks server under their control.

On top of that, they do not show any indicators of whether you're using HTTPS in the Browser UI and even show no errors or warning messages for any of the certificate errors listed on https://badssl.com.

In my (admittedly, now very tired) mind this is the perfect setup for a large scale #MITM attack, no?

Am I completely crazy or is this a bit worrying?

@linuzifer
@zerforschung
[6/6]

squidr v0.1.24 released, now with 100% more squid and git

#oss #go #infosec #mitm #squid #proxy #privacy #tlsinspection