nuclearspaceheater:

nuclearspaceheater:

acertainaccountofevents:

acertainaccountofevents:

So, turns out the SHA1 collision was not what P0 people were ominously hinting at last night.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1139

like, wowwwwww

A buffer overrun in C is not news.

On second thought, I think that the memory problems in C are, in this case, more the proximate cause than the root cause, at least in terms of the dispersal of private information.

The root cause being that sensitive information even existed in clear-text on the machines in the first place.

The intermediate servers that your data passes thru can’t inadvertently disperse clear-text that you don’t give them.

image

So, credit where it’s due, addressing the lack of end-to-end encryption is a big part of Cloudflare’s thing, so at least it’s not like they aren’t working on the mess we’ve inherited.

Many of Cloudflare’s services depend on having access to the cleartext though

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s