this post was submitted on 03 Aug 2025
1 points (51.6% liked)

Technology

3729 readers
544 users here now

Which posts fit here?

Anything that is at least tangentially connected to the technology, social media platforms, informational technologies and tech policy.

Post guidelines

[Opinion] prefixOpinion (op-ed) articles must use [Opinion] prefix before the title.

Rules

1. English onlyTitle and associated content has to be in English.
2. Use original linkPost URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
3. Respectful communicationAll communication has to be respectful of differing opinions, viewpoints, and experiences.
4. InclusivityEveryone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
5. Ad hominem attacksAny kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.
6. Off-topic tangentsStay on topic. Keep it relevant.
7. Instance rules may applyIf something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.

Companion communities

!globalnews@lemmy.zip
!interestingshare@lemmy.zip

Icon attribution | Banner attribution

If someone is interested in moderating this community, message @brikox@lemmy.zip.

founded 2 years ago
MODERATORS
BrikoX@lemmy.zip
1
One Third of the Web Will Stop Working in 4 Days: Massive-Scale CDN Compromise Starts Wednesday (lowendbox.com)
submitted 2 days ago by BrikoX@lemmy.zip to c/technology@lemmy.zip
5 comments fedilink hide all child comments
 

About 34% of the web is still powered by HTTP/1.1 and that protocol will likely come under severe attack starting on Wednesday. Get a preview of what's in store for the latest security headache.

top 5 comments
sorted by: hot top controversial new old
[–] fullofredgoo@lemmy.world 42 points 2 days ago (1 children)

First comment on the post:

James Kettle: Hi, I’m the author of this research. It’s great to see interest and I can promise some quality research and a strong argument to kill HTTP/1.1 but the headline of this article goes a bit too far. The specific CDN vulnerabilities have been disclosed to the vendors and patched (hence the past tense in the abstract) – I wouldn’t drop zero day on a CDN! That said I do expect to see fresh critical CDN vulnerabilities in future – hopefully found by a white hat!

[–] 9point6@lemmy.world 21 points 2 days ago

Blogs and misreporting research to drive clicks

Name a more iconic combo

[–] floofloof@lemmy.ca 11 points 2 days ago* (last edited 2 days ago)

If we know about these attacks, then the bad guys know too. Even if they weren't yet given the details they've been told where to look and could quickly figure them out. Why then would they wait until Wednesday to start attacking? We have to assume they're already attacking, and 1/3 of the web has not gone down.

Besides, the author of the research says the vulnerabilities have been disclosed to CDN providers and patched already. So it's a significant discovery but the headline is doubly silly.

[–] PleaseLetMeOut@lemmy.dbzer0.com 6 points 2 days ago* (last edited 2 days ago)

I remember people on IRC doing something similar to Cloudflare years back. Using a malformed HTTP header to get a server's real host IP. It didn't give you admin panel access or anything like this does, but you could deanonymize sites.

And to sit on this for 6 years?! I don't even know what to say about that...

[–] perishthethought@piefed.social 3 points 2 days ago

Y2K energy