Tag Archives: Cloudflare

September 8, 2023 · 09:28

Has the world gone mad?

Yup, this was my very first thought, it was not a nice thought (I’ll admit to that) and it was given to me by Al Jazeera (at https://www.aljazeera.com/news/2023/9/6/us-eu-uk-officials-visit-uae-to-discuss-russia-sanctions-cnn-report) where we are given ‘Western officials visit UAE in efforts to halt exports to Russia: Report’ the byline of “The Wall Street Journal initially reported plans to jointly press the UAE to halt shipments of goods to Russia” does not help much. In all honesty, who the fuck do they think they are? You see, we were only given a week ago ‘Beer giant Heineken sells its business in Russia for one euro’ (at https://www.news.com.au/finance/business/beer-giant-heineken-sells-its-business-in-russia-for-one-euro/news-story/1f6e65254890bfbd6d1757d70deb351c). In part I think that it is nice that it happens after well over a year when things should have stopped, but let things flow (especially beer). You see, the largest problem is that places like Align Technology (USA), Cloudflare (USA), BT Technologies (UK), Fenzi group (Italy) and a whole range more are according to sources still operating in Russia. Yale is giving us a list (at https://som.yale.edu/story/2022/over-1000-companies-have-curtailed-operations-russia-some-remain) where we find ‘Over 1,000 Companies Have Curtailed Operations in Russia—But Some Remain’ after 560 days of war. I admit that the list is from 2022, yet there Heineken wasn’t even on the list. So I would kindly like to request that the representatives from the United States, British and European Union who are visiting the United Arab Emirates amid concerns regarding shipments of goods, including computer chips, to Russia that could help Moscow in its war on Ukraine would kindly ‘Shut the fuck up’ and clean their houses first. This group of snivelling little clowns do not get to tell anyone anything until their citizens and corporations seized all operations. I think that same message could be given to anyone visiting any Middle Eastern nation with a similar request. I do not disagree with the sentiment, but to do that whilst your places are still operating in Russia is just too hypocritical for any consideration. And even after that, there is still China to consider, they will never consider that request beyond certain levels and as such, why is this request coming to the UAE? Are the American parties making money of puppets in the UAE to keep their hands clean? I cannot say that this is happening, but there are plenty of ways for zero tax nations to make a bundle being the front person of a large deliverer. Oh, and by the way in 2021 on September 20th, Jesse Benton and Doug Wead pleaded not guilty in the U.S. District Court for the District of Columbia to charges of making a straw donation to the Trump campaign in 2016 on behalf of a Russian national. So is that case going? I am just asking, because On February 17, 2023, Jesse Benton was sentenced to 18 months in prison, the other one died in time to avoid conviction. With the US in shambles and the US setting up all kinds of foundations of avoidance by US Republicans into stopping assistance to the Ukraine, I think that envoy should take a breather and stop being silly. Some of that ‘anti-assistance is less than a month old’, as such I wonder who on earth would be this stupid. So when we are given “The senior Western officials arrived in the Gulf nation this week to discuss sanctions on Russia, as concerns mounted that Moscow was bypassing them through various means, a US embassy spokesperson told CNN on Wednesday.” All whilst the US, UK and EU are still very much invested in Russia is just too crazy for words. 

I am not stating that you should believe me, I added the sources that were available to me and that list, I made mention of it earlier this year (might have been in 2022), so when I saw this article in Al Jazeera I wondered why the other media are shunning investigating businesses with vested interests in Russia, there are apparently well over 1000. So why is the UAE such an issue? I honestly do not know, but the idea that there are western politicians with a ‘look there’ all whilst they are filling their pockets (the Trump Case) is just too silly for words and these representatives should take a hard look at what they are not doing at home. Just a thought to entertain.

Enjoy the upcoming weekend that is for most a mere day away.

Leave a comment

Filed under Finance, Law, Media, Politics

Tagged as , , , , , , , , , , , , ,

February 27, 2017 · 12:18

How much for just the planet?

It is the title of a novel and as per today, considering this approach is not that bad an idea. You see, some brain boffin at Google found out that we are all in trouble. The article in Forbes (at https://www.forbes.com/sites/thomasbrewster/2017/02/24/google-just-discovered-a-massive-web-leak-and-you-might-want-to-change-all-your-passwords), gives now voice to one of the issues I have been trying to raise a few times and some of those so called ‘IT Experts‘ all stated on how this would never be an option. So let’s take you through the motions.

One of the earlier blogs on this was on June 5th 2015, so almost 2 years ago. Here we see: “This is how it begins, this is about certain events that just occurred, but I will specify this momentarily, you see, it goes back to an issue that Sony remembers rather well they got hacked. It was a long and hard task to get into that place Login=BigBossKazuoHirai; Password=WhereDreamsComeTrue; Soon thereafter no more firewall, no more routers, just the bliss of cloud servers and data, so much data! The people behind it were clever, and soon it was gone and the blame fell to the one nation that does not even have the bandwidth to get 10% past anything” (at https://lawlordtobe.com/2015/06/05/in-reference-to-the-router/), in regard to the fact that this is 2 years old, and several other issues were reported by me last year, the entire issue we see in “not dissimilar to the infamous Heartbleed bug of 2015 (though possibly more severe in terms of the potential for data leakage). It’s similar to Heartbleed in that CloudFlare, which hosts and serves content for a at least 2 million websites, was returning random chunks of memory from vulnerable servers when requests came in“, in addition, when we realise that the quote “Famous Google bug hunter Tavis Ormandy uncovered the issue, describing it in a brief post, noting that he informed CloudFlare of the problem on February 17. In his own proof-of-concept attack he was able to have the server return encryption keys, passwords and even HTTPS requests of other users from major CloudFlare-hosted sites” gives rise to several issues, not just account issues, but the bleeding of data, so how does this impact national security, because in several nations the defence agencies and defence contractors have their goods somewhere on a cloud.

Here we now have a twofold problem, not only do we get this from Forbes and 1-2 other sides, the press at large has steered clear of this. This now gives rise to the corrupt press that we see mentioned by President Trump. We see for example that au.finance.yahoo.com mentions it (why the finance and not the tech section is another cause for concern), yet the fact that the Australian three (Channel 7, 9 and 10) remains silent (according to Google Search) is additional cause for concern.

Yet all is not good on several levels (at http://www.bbc.com/news/technology-39077611), we see “Chief operating officer John Graham-Cumming said it was likely that in the last week, around 120,000 web pages per day may have contained some unencrypted private data, along with other junk text, along the bottom“, now considering that the BBC article got to most of us on February 24th. Forbes gives us another time line. The quote “The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through CloudFlare potentially resulting in memory leakage (that’s about 0.00003 per cent of requests)“. It admitted that the earliest date memory could have leaked was September 22nd 2016. CloudFlare also said one of its own private keys leaked, one for internal machine-to-machine encryption” implies that the damage could have started as early as September 2016, which gives us a security gap surpassing 5 months. That is a very different kettle of fish that Cloudflare is trying to present to the BBC. I will agree that ‘as early as’ does not imply that it happened this early, but ‘memory leakage’ should never ever happen, so there is a massive issue with the safety and security of hundreds of sites and we are not talking about small places either, we are talking about companies that have values now surpassing some of the Fortune 500. In that case 0.00003 per cent of requests, knowing that this over 100 million requests per day could imply 300 codes and blocks of confidential data per day. And in all that, it only requires one block to be the wanted block out in the open for others to go at the throat of those losing their data. It represents a clear and present danger to data accounts and websites. And even now, the news outlets remain predominantly silent on an issue that is so important on many levels.

So when I see that the Mirror gives us “‘That’s how dictators get started’: Trump slammed for suppressing press freedom as White House bars some media from briefing“, the NY Times gives us “Trump Is Damaging Press Freedom in the U.S. and Abroad“, yet they remain VERY silent when there is a serious technical issue with the safety of websites online. The information is limited to Forbes, the BBC and USA Today, whilst Forbes is not even a newspaper, so where are all the others? It seems to me that after the 2012 Sony PS4 debacle the Newspaper should have learned, but that seems to be a lesson far far away. Whilst one does not imply the other, that the lack of reporting dos not mean that President Trump is not attacking the Freedom of the Press, yet after all the junk that transpired regarding News of the World, when the Guardian and others started to cry regarding Freedom of the Press, the Mail Online was up to no good even before the ink of the verdict had dried. In that atmosphere, the press is claiming foul? They must be out of their minds.

What is now an issue is that the visibility of this danger needs to be spread fast and those working on the possible compromised systems need to make changes and alter the approach to data and fat, before long term damage is handed to competitors. All these issues as people wanted to push the cloud faster and faster, an issue myself and several others warned against. Now we have the scenario that needed to be avoided. Yet, in equal measure we need to realise that actual damage has to the best of our knowledge not been ascertained, there might not be any danger at present, yet the optional fact that this has been going on for 5 months makes that statement of no damage very unlikely.

The question that will be rising more and more is where the press is at and why they kept quiet on something local businesses on an international level had to be warned about, is that not weird? Does that not pose any serious questions on your side?

 

Leave a comment

Filed under Media, Science

Tagged as , , , , , , , , ,