LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-25-2020, 11:41 PM   #16
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,841
Blog Entries: 3

Rep: Reputation: 2399Reputation: 2399Reputation: 2399Reputation: 2399Reputation: 2399Reputation: 2399Reputation: 2399Reputation: 2399Reputation: 2399Reputation: 2399Reputation: 2399

Quote:
Originally Posted by vincix View Post
I don't understand, what do you mean by that, that the problem comes and goes? LQ has chosen Cloudflare to route the website through their network. There's no problem in that, it's intentional.
That Cloudflare is far from well-intention, yes, sure, that's rather clear, but I don't understand your rationale
My mistake, if you point openssl at www.linuxquestions.org one gets a different certificate than from pointing at linuxquestions.org, without the www. prefix.

Code:
openssl s_client \
        -showcerts \
        -servername www.linuxquestions.org \
        -connect www.linuxquestions.org:443 </dev/null \
| less
That will show the certificate chain, which is generally only two deep due to the excessive number registered in either browser. Certificates are just signed public keys. It's an admirable scam but one that has gone on for too long. The browsers don't warn about MitM certificates in general, even if they seem to be used increasingly and not just with Cloudflare. How encryption is on in the browser is long overdue an overhaul.

Back to the current situations, if you want just the certificate names,

Code:
openssl s_client \
         -showcerts \
         -servername www.linuxquestions.org \
         -connect www.linuxquestions.org:443 </dev/null 2>/dev/null \
| grep -A1 -P '^\s+\d+\s+'
It's their choice to run behind Cloudflare or not, and risk letting them become the gatekeeper for LQ, but it is something they could warn about since the browsers themselves don't make a warning for MitM attacks.
 
1 members found this post helpful.
Old 05-26-2020, 02:27 AM   #17
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,247

Original Poster
Rep: Reputation: 57
Quote:
Originally Posted by jmgibson1981 View Post
I'm amazed people are shocked when they find stuff like this. That is the real surprise to me. If you are connected in any way shape or form, someone is watching.
The shock is that security and privacy experts are ignoring it, not that Cloudflare exists.

The even bigger shock: the Tor Browser developers are ignoring it too. This is the best browser I know for privacy and there is no need to use it with Tor and raise flags, it can be used without Tor with a few tweaks. In fact I am about to switch to this as my main browser, minus the Tor functionality. But what is the matter with these people, why isn't there any warning that a MITM scheme is going on, what happened to the pretense of privacy?
 
Old 05-26-2020, 01:21 PM   #18
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 14,599
Blog Entries: 9

Rep: Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093
Quote:
Originally Posted by vincix View Post
@hazel Yes, the TLS certificate is provided by Cloudflare. There you go...
Oh, it's more than that. Some scripts from cdnjs.cloudflare.com.

I am far from even remotely expert in this, but I know one or two sites that work perfectly without javascript - except for Cloudflare's despicable "DDOS protection", which would require me to enable javascript only for that once redirected to the actual site, it's not required anymore). Ah, thankfully there's the Tor Browser for cases like that...

Nota bene, LQ works perfectly without javascript, be it from cloudflare or elsewhere.

I am aware this thread is about Cloudflare and not javascript, but: giving up encryption while going through their servers is one thing, but being sucked dry by their sniffing scripts is a whole extra serving of bad.
 
3 members found this post helpful.
Old 06-25-2020, 12:46 PM   #19
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,247

Original Poster
Rep: Reputation: 57
Wtf? This site says I have a cloudflare IP:

http://ipinfo.info/html/privacy-check.php

and at the same time the following site reports the ISP-provided public IP as expected:

https://browserleaks.com/ip
 
Old 06-25-2020, 02:36 PM   #20
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 14,599
Blog Entries: 9

Rep: Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093
Quote:
Originally Posted by Ulysses_ View Post
Wtf? This site says I have a cloudflare IP:

http://ipinfo.info/html/privacy-check.php

and at the same time the following site reports the ISP-provided public IP as expected:

https://browserleaks.com/ip
Well, who is your ISP???
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
my english is getting worst..., but everyone talk in english :-) aizkorri General 20 08-02-2010 11:41 PM
Is there English-to-English dictionary in linux? uishen Linux - General 27 06-03-2009 10:36 PM
Can I have english menu with chinese/english/spanish input? codec Linux - General 9 10-04-2003 07:18 PM
english-english dictionary for linux zozia Linux - Software 4 09-21-2003 02:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration