[tor-talk] Cloudflare's captcha problems: google's fault
Andreas Krey
a.krey at gmx.de
Wed Jun 10 05:02:29 UTC 2015
On Tue, 09 Jun 2015 21:31:11 +0000, m8asyom80 at sigaint.org wrote:
...
> I hope they don't but it's just a worst case scenario that should be taken
> into account. Even though they can redirect you from https://1111.com to
> https://11l1.com if they wish and MTIM you from there, provided you don't
> notice the address substitution,
They don't need to - when you go to, say, http://questionablecontent.net,
you already end up on their systems, and instead of serving you
the captcha page, they could just as well serve you any malware.
Or additionally. There is no need for a redirect.
As I understand it they also do the SSL termination for their
customer's pages.
And given just how awfully many pages are on cloudflare nowadays
they're either the NSA or a prime target of them.
...
> Someone should ask google: PLEASE, ALLOW YOUR CAPTCHAS TO BE SOLVED WITH
> JAVASCRIPT OFF AGAIN. If google is not intentionally doing this, there
> must be a bug in their captcha system they have not been made aware of.
Seconded, even if it's not my personal issue.
Andreas
--
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
More information about the tor-talk
mailing list