Topic: Cloudflare (Read 1309 times)
PS please use incapsula instead.
You should be pgping the downloads anyway
What the hell are you talking about? This has nothing to do with verifying Armory setup files with PGP. Wrong thread?
I thought the context was the cloudflare attack on this site which redirected it through another server and harvested cookies. Op states cloudflare attack, which could mean switched out downloads. My answer was pgp. I think it was relevant no?
Otherwise, why would op be concerned how the site is served if he didn't mean compromised setup files.
You should be pgping the downloads anyway
What the hell are you talking about? This has nothing to do with verifying Armory setup files with PGP. Wrong thread?
In the context that you download Armory through a VPN or a proxy, or anything remotely critical for that matter, you should verify you got what you expected with PGP.
I think his comment was that regardless of how you acquired Armory, you should check it against the provided signature, which is good practice.
You should be pgping the downloads anyway
What the hell are you talking about? This has nothing to do with verifying Armory setup files with PGP. Wrong thread?
You should be pgping the downloads anyway
Out of curiosity, do they [China] block Cloudflare port 80, too, or only Cloudflare port 443?
Both http and https not working.
Most Chinese Armory users would be skillful enough to use proxies or VPN, but that open them up to the danger of MITM attack.
Out of curiosity, do they [China] block Cloudflare port 80, too, or only Cloudflare port 443?
https://bitcointalksearch.org/topic/todays-man-in-the-middle-354565 and also https://bitcointalksearch.org/topic/cloudflare-354365 (EDIT: actually probably got those the wrong way round - the second thread there has more info. There may well be other thread in the Meta forum. EDIT: Also https://bitcointalksearch.org/topic/login-historyman-in-the-middle-354570)
The main story is that someone compromised the bitcointalk.com account at the domain registrar, and then changed the nameservers so they could mount a man-in the-middle attack on the forums. (I haven't seen any details of what they actually did, if it is known, but my personal guess would be that they intended to harvest passwords in the hope that some people would use the same credentials on online wallets or exchanges.)
The interesting detail is that the attackers used Cloudflare to host their mitm site. Cloudflare does some (slightly controvertial) SSL hackery whereby they automatically get GlobalSign to issue a cert on your behalf when you sign up with them (techically they include your domain in the subjectAltName extension of one of their server's certs). They'll present your site as SSL to the web at large using that GlobalSign cert even if you don't bother to implement SSL yourself (or if you only use a self-signed cert).
No doubt you agree to this in the small print when you sign up with them, and of course, once an attacker controlls your DNS, they can trivially obtain a cert by hand in half an hour or so, using any of the dozens of providers that just validate domain ownership by checking you can respond to a mail to [email protected] or some such.... But the Cloudflare solution makes things very easy for lazy hackers wanting to spoof an SSL site :-)
roy
The main story is that someone compromised the bitcointalk.com account at the domain registrar, and then changed the nameservers so they could mount a man-in the-middle attack on the forums. (I haven't seen any details of what they actually did, if it is known, but my personal guess would be that they intended to harvest passwords in the hope that some people would use the same credentials on online wallets or exchanges.)
The interesting detail is that the attackers used Cloudflare to host their mitm site. Cloudflare does some (slightly controvertial) SSL hackery whereby they automatically get GlobalSign to issue a cert on your behalf when you sign up with them (techically they include your domain in the subjectAltName extension of one of their server's certs). They'll present your site as SSL to the web at large using that GlobalSign cert even if you don't bother to implement SSL yourself (or if you only use a self-signed cert).
No doubt you agree to this in the small print when you sign up with them, and of course, once an attacker controlls your DNS, they can trivially obtain a cert by hand in half an hour or so, using any of the dozens of providers that just validate domain ownership by checking you can respond to a mail to [email protected] or some such.... But the Cloudflare solution makes things very easy for lazy hackers wanting to spoof an SSL site :-)
roy
Indeed, we are using cloudflare. Although it looks like all cloudflare sites are being blocked in China, so we are discussing internally if there's another way to handle this.
Haven't heard much about what happened with the forums, anyone got a link?
Haven't heard much about what happened with the forums, anyone got a link?
I notice that bitcoinarmory.com is using Cloudflare. Since an unauthorized change of DNS to point to Cloudflare was implicated in the recent attack on bitcointalk, it would be nice to have confirmation from etotheipi that bitcoinarmory.com is supposed to be using Cloudflare.
roy
roy
Jump to: