This latest security issue involving Cloudflare’s reverse proxies has confused me regarding encryption, HTTPS, etc.
I think they are saying that Cloudflare was offloading/accelerating SSL from their clients webservers, and a Cloudflare bug was leaking information via webpages. Normally you would think the data would be encrypted at that point, but evidently not, given the way the reverse proxy works. Every expert seems to be saying we should change our passwords for the affected websites and that will fix everything. I’m not following the logic. Cloudflare leaked our private transactions, and search engines cached the leaked data, how does changing our password fix any of that? The only good news seems to be that Google discovered the bug, informed Cloudflare, who fixed the bug and got search engines to delete most of the cached pages. And they did it quickly and probably before it was exploited. But now that we have Cloudflare and AWS and CDNs, the simple model in my brain of encrypted browser-webserver communication seems obsolete. We used to talk about man-in-the-middle attacks, but it seems like now there are usually a bunch of men in the middle because that’s how the web works. And if the webserver is delegating SSL to the men in the middle, things might not be as secure as we think. From: Af [mailto:[email protected]] On Behalf Of Josh Luthman Sent: Sunday, February 26, 2017 2:54 PM To: [email protected] Subject: Re: [AFMUG] OT: Google knows Wait you're comparing encrypted iMessages to Android SMS text messages. Not exactly the same thing. If you're comparing iMessage SMS to Android SMS, I fully expect everyone's reading them. If you're comparing iMessage/Hangouts encrypted messages, those are encrypted and unable to be read. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, Feb 25, 2017 at 2:00 PM, Travis Johnson <[email protected] <mailto:[email protected]> > wrote: Nope... iMessage is encrypted and not even Apple can read the messages. Travis On 2/25/2017 11:47 AM, Bill Prince wrote: Just like iMessage and Siri. bp <part15sbs{at}gmail{dot}com> On 2/25/2017 8:12 AM, Travis Johnson wrote: Now Google will be reading all of your text messages as well... if you use an Android phone that is... LOL https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/ Travis
