Author

Topic: Cloudflare (Read 1321 times)

legendary
Activity: 2912
Merit: 1060
December 21, 2013, 01:35:33 AM
#10
PS please use incapsula instead.
legendary
Activity: 2912
Merit: 1060
December 21, 2013, 01:34:35 AM
#9
You should be pgping the downloads anyway

What the hell are you talking about? This has nothing to do with verifying Armory setup files with PGP. Wrong thread?

I thought the context was the cloudflare attack on this site which redirected it through another server and harvested cookies. Op states cloudflare attack, which could mean switched out downloads. My answer was pgp. I think it was relevant no?

Otherwise, why would op be concerned how the site is served if he didn't mean compromised setup files.
legendary
Activity: 3766
Merit: 1364
Armory Developer
December 20, 2013, 03:41:03 PM
#8
You should be pgping the downloads anyway

What the hell are you talking about? This has nothing to do with verifying Armory setup files with PGP. Wrong thread?

In the context that you download Armory through a  VPN or a proxy, or anything remotely critical for that matter, you should verify you got what you expected with PGP.

I think his comment was that regardless of how you acquired Armory, you should check it against the provided signature, which is good practice.
sr. member
Activity: 331
Merit: 250
December 20, 2013, 02:34:43 PM
#7
You should be pgping the downloads anyway

What the hell are you talking about? This has nothing to do with verifying Armory setup files with PGP. Wrong thread?
legendary
Activity: 2912
Merit: 1060
December 19, 2013, 10:06:10 AM
#6
You should be pgping the downloads anyway
hero member
Activity: 784
Merit: 1000
December 06, 2013, 01:20:26 AM
#5
Out of curiosity, do they [China] block Cloudflare port 80, too, or only Cloudflare port 443?

Both http and https not working.

Most Chinese Armory users would be skillful enough to use proxies or VPN, but that open them up to the danger of MITM attack.
hero member
Activity: 563
Merit: 500
December 03, 2013, 06:03:27 PM
#4
Out of curiosity, do they [China] block Cloudflare port 80, too, or only Cloudflare port 443?
hero member
Activity: 563
Merit: 500
December 03, 2013, 05:52:07 PM
#3
https://bitcointalksearch.org/topic/todays-man-in-the-middle-354565 and also https://bitcointalksearch.org/topic/cloudflare-354365 (EDIT: actually probably got those the wrong way round - the second thread there has more info.  There may well be other thread in the Meta forum. EDIT: Also https://bitcointalksearch.org/topic/login-historyman-in-the-middle-354570)

The main story is that someone compromised the bitcointalk.com account at the domain registrar, and then changed the nameservers so they could mount a man-in the-middle attack on the forums.  (I haven't seen any details of what they actually did, if it is known, but my personal guess would be that they intended to harvest passwords in the hope that some people would use the same credentials on online wallets or exchanges.)

The interesting detail is that the attackers used Cloudflare to host their mitm site.  Cloudflare does some (slightly controvertial) SSL hackery whereby they automatically get GlobalSign to issue a cert on your behalf when you sign up with them (techically they include your domain in the subjectAltName extension of one of their server's certs).  They'll present your site as SSL to the web at large using that GlobalSign cert even if you don't bother to implement SSL yourself (or if you only use a self-signed cert).

No doubt you agree to this in the small print when you sign up with them, and of course, once an attacker controlls your DNS, they can trivially obtain a cert by hand in half an hour or so, using any of the dozens of providers that just validate domain ownership by checking you can respond to a mail to [email protected] or some such.... But the Cloudflare solution makes things very easy for lazy hackers wanting to spoof an SSL site :-)

roy

legendary
Activity: 1428
Merit: 1093
Core Armory Developer
December 03, 2013, 04:25:21 PM
#2
Indeed, we are using cloudflare.  Although it looks like all cloudflare sites are being blocked in China, so we are discussing internally if there's another way to handle this.

Haven't heard much about what happened with the forums, anyone got a link?
hero member
Activity: 563
Merit: 500
December 02, 2013, 07:35:49 PM
#1
I notice that bitcoinarmory.com is using Cloudflare.  Since an unauthorized change of DNS to point to Cloudflare was implicated in the recent attack on bitcointalk, it would be nice to have confirmation from etotheipi that bitcoinarmory.com is supposed to be using Cloudflare.

roy
Jump to: