close
  • chevron_right

    Phishers who breached Twilio and fooled Cloudflare could easily get you, too

    news.movim.eu / ArsTechnica · 6 days ago - 23:33

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images)

At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just employees but employees' family members as well.

In the case of Twilio, a San Francisco-based provider of two-factor authentication and communication services, the unknown hackers succeeded in phishing the credentials of an undisclosed number of employees and, from there, gained unauthorized access to the company's internal systems, the company said . The threat actor then used that access to data in an undisclosed number of customer accounts.

Two days after Twilio's disclosure, content delivery network Cloudflare, also headquartered in San Francisco, revealed it had also been targeted in a similar manner. Cloudflare said that three of its employees fell for the phishing scam, but that the company's use of hardware-based MFA keys prevented the would-be intruders from accessing its internal network.

Read 10 remaining paragraphs | Comments

  • chevron_right

    Crevette-mante, le réseau criminel d’ordinateurs infectés le plus puissant au monde

    news.movim.eu / Numerama · Tuesday, 19 July - 15:11

Cloudflare a retrouvé le botnet à l'origine de la plus importante attaque par déni de service de l'histoire. Les chercheurs de l'entreprise ont baptisé ce réseau Mantis, ou crevette-mante en français, pour décrire ce réseau limité en nombre, mais extrêmement puissant. [Lire la suite]

Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

  • To chevron_right

    Court Orders Cloudflare’s DNS Resolver 1.1.1.1 to Block Pirate Sites in Italy

    news.movim.eu / TorrentFreak · Tuesday, 19 July - 08:08 · 3 minutes

cloudflare logo Popular Internet infrastructure company Cloudflare has come under a lot of pressure from copyright holders in recent years.

The company offers its services to millions of sites, including multinationals, and governments, but also some of the world’s leading pirate sites.

Rightsholders are unhappy with the latter and some have even accused Cloudflare of facilitating copyright infringement by continuing to provide access to illicit platforms. In Italy, these complaints have been followed by legal action from key music industry players, resulting in injunctions that require Cloudflare to block several pirate sites operated by its customers.

Cloudflare fiercely protests these and other blocking demands. The company sees itself as a neutral third-party service that merely caches or passes on content. Even when Cloudflare blocks sites or customers, the associated sites remain operational.

Music Industry Demands Cloudflare DNS Blockade

Rightsholders agree that there’s no silver bullet to stop piracy, but they argue that Cloudflare can and should do more to address the problem. In a case before the Court of Milan, they argued that Cloudflare should go even further.

In court, anti-piracy outfit FPM and the music group FIMI pointed out that Cloudflare’s DNS resolver is problematic too. This DNS resolver helps people to access pirate sites, even when the sites are not using Cloudflare’s CDN services. As such, Cloudflare should be required to block problematic sites on its DNS servers too.

After hearing these arguments the Milan Court agreed. It issued an interim injunction that requires Cloudflare to block three torrent sites: kickasstorrents.to, limetorrents.pro and ilcorsaronero.pro. These sites are already blocked by ISPs in Italy following an order from local regulator AGCOM.

Landmark DNS Blocking Injunction

This is the first time that Cloudflare has been ordered to make pirate sites unavailable through its public DNS resolver 1.1.1.1. This is an important expansion since many Italians switched to public DNS resolvers to bypass ISP blocking measures. With the court order, rightsholders can remove this shortcut.

“We welcome the Court’s decision which will further strengthen the ongoing infringing site blocking program performed by AGCOM in Italy, whilst also increasing the efficiency of the enforcement actions carried out by the rightsholders to protect their online content,” says FIMI CEO Enzo Mazza.

According to Mazza, the court order is an important next step in the protection of copyrighted content online. It recognizes the responsibility of third-party intermediaries under the EU’s new Copyright Directive and clarifies that companies such as Cloudflare can be ordered to follow ISP blocking orders.

Thus far, Cloudflare has refused to take action, even when AGCOM put sites on a blocklist. With the recent court order, the company will have no other option as there are potential sanctions on the line.

Google and OpenDNS?

In theory, similar injunctions could follow against other DNS providers as well, including Google and OpenDNS. “The ruling opens the door to others that offer similar services, such as Google,” Mazza told local media.

While this type of order is new in Italy, we have seen a similar injunction in Germany last year. A local court ordered DNS provider Quad9 to block a pirate site but the decision is still under appeal.

Cloudflare is also expected to appeal the Italian injunction, which is only a preliminary ruling. For the time being, however, it is required to block the three torrent sites on its DNS resolver within 30 days. This also applies to any future domain names the sites may use.

In response to earlier orders targeted at pirate sites operated by customers, Cloudflare has chosen to implement measures that are limited to Italy. The company hasn’t commented publicly on the recent DNS blocking order, but we expect that this will only be enforced locally as well.

From: TF , for the latest news on copyright battles, piracy and more.

  • To chevron_right

    Broadest US Pirate Site Injunction Rewritten/Tamed By Cloudflare

    news.movim.eu / TorrentFreak · Monday, 4 July - 16:52 · 5 minutes

cloudflare When video and broadcasting companies take on their pirate site competitors it’s only natural that once they have their day in court, measures are taken to ensure the sites don’t just simply come back online.

While even airtight injunctions can’t work miracles, they do make it easier to disrupt a pirate site’s business to the point that it may not be worth carrying on. On the other hand, an overbroad injunction has the potential to disrupt the business of third-party services too, despite them having little to do with the infringement or any reasonable way to predict it.

Big Injunction, Big Tech Problems

That’s exactly what happened when several Israel-based video companies won three lawsuits and injunctions to shut down three streaming/IPTV platforms. The injunctions granted extreme powers , from residential ISP blocking to almost any other action the plaintiffs deemed fit to keep the sites offline.

Almost immediately that led to friction with third-party service providers and the situation only worsened when a concerned Cloudflare found itself threatened with contempt of court for non-compliance. The CDN company fought back with support from Google and EFF and that led the parties back to the negotiating table.

Filings in the case last week suggested an acceptance by the plaintiffs that the injunction cannot be enforced in its present form. The parties promised to work on a new injunction to address both sides’ concerns and as a result, a new proposal now awaits the court’s approval.

Original Injunction Undergoes Surgery

The permanent injunction handed down against pirate IPTV platform Israel.tv began in conventional fashion by permanently restraining its operators (and anyone acting in concert or participation with them) from doing anything in future that would breach the plaintiffs’ rights.

However, by also stating that the same applies to third-party services that may come into contact with the defendants’ operations, now or anytime in the future, the plaintiffs started rubbing up against companies like Cloudflare, which rejects any idea they’re ‘acting in concert’ with pirates. As a result, the proposed amended injunction looks much less threatening.

The first change comes with the removal of powers related to enforcement against “third parties providing services used in connection with Defendants’ operations.” And where the injunction initially referred to those “Operating and/or hosting Defendants’ Infringing Website,” it now reads “Operating Defendants’ Infringing Website.”

But that’s just the beginning.

Major ISPs No Longer Required to Block Pirate Sites

Before Cloudflare got involved, the first obviously broad part of the injunction was a requirement for every single ISP in the United States to block the three IPTV services, not just at their current domains but also any they might use in the future. All blocked domains were also set to be diverted to an anti-piracy landing page, as a deterrent message.

The entire section laying out the requirements and terms for such blocking has now been completely removed from the proposed amended injunction. No ISP blocking in any form is requested but the deletions go much further than just that.

The original also ordered all third parties “used in connection” with the pirate sites not to do so again, now or in the future. Those third parties included ISPs, webhosts, CDNs, DNS and VPN providers, domain name entities, advertising partners, search engines, payment processors, banks, credit card companies, plus many, many more. That section has also been removed.

Dealing With New Domains

The original injunction not only gave the plaintiffs broad powers to take action against the pirate sites’ existing domains but also any new domains registered by the defendants to replace those already seized. In common with other aspects of the order, including those that granted authority over companies like Cloudflare, there was a complete lack of judicial oversight.

The plaintiffs believed they could issue an order, without supporting evidence, and third parties must comply. In the proposed amended injunction, that is not the case. When the plaintiffs identify ‘newly detected domains’ they will be required to notify the court and request permission to further amend the injunction. When/if granted, that order will have to be served on registries and registrars.

Previously, the injunction required domain companies to make domains inactive within seven days and configure them to divert to the video companies’ anti-piracy page. That requirement has also been removed while a new section explains that if a registry or registrar wants to object to a disabling order, they are allowed to do so, without being held in contempt of court.

Continuing the theme that action can be taken against piracy-facilitating domains but only when the court has knowledge and oversight, the proposed amended injunction details an updated list of specific domains, including the following:

israel.tv, israeli.tv, israeltv.com, israel-tv.xyz, israeltv.to, t2m.is.isr, t2m.ac, isr.dev and zira.to . Newer additions include israeltv.se, israeltv.nu, israeltv.su, isratv.ru, israeltv.am, israeltv.la, israeltv.bz, israeltv.hk, israetv.eu, israeltv.is and sini.la .

Interestingly, the proposed injunction also prohibits the operators of israel.tv (and related domains) from using specific applications listed on Google Play that facilitate access to infringing content owned by the plaintiffs. The pirate operators are also restrained from accessing a Facebook account (‘TvFromIsrael’) and various other messaging channels previously used to provide customer support and new domain information.

Entire Section Dedicated to Cloudflare

With the contempt of court issue behind them, Cloudflare and the plaintiffs appear to have settled their differences. An entire section in the injunction dedicated to Cloudflare suggests that the CDN company is indeed prepared to help the video companies but they’ll have to conform to certain standards.

Before even contacting Cloudflare they’ll first need to make “reasonable, good faith efforts to identify and obtain relief for the identified domains from hosting providers and domain name registries and registrars.”

If the plaintiffs still need Cloudflare’s assistance, Cloudflare will comply with requests against domain names listed in this injunction and future injunctions by preventing access to the following:

Pass-through security services, content delivery network (CDN) services, video streaming services, and authoritative DNS services, DNS, CDN, streaming services, and any related services

An additional note states that the plaintiffs acknowledge that Cloudflare’s compliance “will not necessarily prevent the Defendants from providing users with access to Defendants’ infringing services.”

Given the agreement on the terms, the amended injunction will likely be signed off by the court in the coming days. Service providers everywhere will breathe a sigh of relief while rightsholders will have a template for similar cases moving forward.

The proposed amended injunction documents can be found here ( 1 , 2 , 3 , 4 , 5 pdf)

From: TF , for the latest news on copyright battles, piracy and more.

  • To chevron_right

    Cloudflare & Media Companies Agree to Modify “Power Grab” Piracy Injunction

    news.movim.eu / TorrentFreak · Thursday, 30 June - 19:31 · 3 minutes

cloudflare When United King Film Distribution, DBS Satellite Services, and Hot Communication won copyright lawsuit s against three pirate streaming sites in April, the court gave them everything they asked for.

In addition to millions in damages against pirate streaming/IPTV platforms Israel-tv.com, Israel.tv and Sdarot.tv, the court handed down the broadest injunction ever seen in a US piracy case.

The injunction banned every online service provider from doing any business with the pirate platforms and ordered residential ISPs to block their current domains and any that appear in the future. In hindsight, it was a case of being careful what you wish for, because you may just get it.

With extraordinary power at hand, the media companies (all members of anti-piracy group Zira) began seizing domains but mysteriously asked the court not to enforce the requirement for residential ISPs to block the sites.

It appeared that someone may have started to push back and after issuing all kinds of orders to a range of online entities, the situation began to deteriorate. After the plaintiffs asked the court to hold Cloudflare in contempt for not following their instructions, Cloudflare fired back with amicus curiae support from Google, EFF and CCIA.

‘Power Grab’ Injunction is Invalid

The briefs submitted to the court are detailed but all agree that the injunction is impermissibly broad, lacking in detail, and contrary to Federal Rule of Civil Procedure 65 and the DMCA . Perhaps surprisingly, the plaintiffs continued to insist that they knew better.

Last week they submitted documents to further support their expedited motion for a contempt ruling against Cloudflare. The filing included exhibits claiming to show that Cloudflare’s DNS servers were servicing four new domains allegedly deployed by one of the pirate sites after its other domains were seized.

None of these domains were specifically listed in the injunction and as Cloudflare previously pointed out, any reading of the injunction that attempted to stretch it to cover new domains would violate fundamental limitations on the scope of available injunctive relief. Acting on the unsupported claims of the media companies with no judicial oversight is not an option, Cloudflare added.

Then this week, a sudden and unexpected light appeared on the horizon.

Broadest Piracy Injunction in the US Needs Adjustment

In a joint status letter filed Tuesday and addressed to Judge Katherine Polk Failla, whose signature authorized the original injunction, the media companies and Cloudflare say that progress is being made.

Following negotiations the parties say they have reached an agreement in principle to solve their differences. This will be achieved by addressing the core issues that led to the plaintiffs’ attempting to hold Cloudflare in contempt while addressing concerns raised by Cloudflare during a recent conference.

The specific details are not being made available at this stage but as soon as the agreement is formalized, the plaintiffs say they will file a motion to amend the default judgment and permanent injunction handed down by the court on April 26. An amended order will be presented for the court’s approval.

The plaintiffs say they will then withdraw with prejudice the pending motion for contempt against Cloudflare while reserving the right to file future motions to enforce the court’s original order or amended order, as appropriate. In turn, Cloudflare has agreed to withdraw its request for attorneys’ fees and costs incurred in responding to the plaintiffs’ motion for contempt.

It will be of great interest to see how the amended injunction balances the interests of the plaintiffs with those of Cloudflare and, by extension, every other service provider affected by the original injunction.

Update : The docket shows no indication that the agreement in principle is now a done deal but Judge Failla responded Wednesday as follows:

“In light of the above status update, the Court hereby deems both Plaintiffs’ contempt motion and Cloudflare’s request for attorneys’ fees and costs to be withdrawn.”

The plaintiffs’ declaration can be found here and the joint status report here (both pdf)

From: TF , for the latest news on copyright battles, piracy and more.

  • chevron_right

    Apple a un plan pour tuer les CAPTCHA

    news.movim.eu / Numerama · Tuesday, 21 June - 10:20

captcha

Un web où il n'y aurait plus jamais besoin de renseigner un CAPTCHA ? C'est ce qu'imagine Apple avec un nouveau mécanisme pour iOS 16 et macOS Ventura : le Privacy Access Token. [Lire la suite]

Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

  • chevron_right

    Des soucis pour aller sur le web ? C’était peut-être à cause de Cloudflare

    news.movim.eu / Numerama · Tuesday, 21 June - 08:48

L'entreprise Cloudflare, qui fournit des services essentiels à de très nombreux sites web, a connu quelques soucis ce 21 juin. La situation est résolue, mais vous avez peut-être eu des soucis pour naviguer en ligne. [Lire la suite]

Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

  • To chevron_right

    Big Tech Protests US Pirate Site Injunction “Power Grab” Against Cloudflare

    news.movim.eu / TorrentFreak · Friday, 17 June - 09:44 · 7 minutes

cloudflare This April, United King Film Distribution, DBS Satellite Services, and Hot Communication (all members of Israel-based anti-piracy group Zira) won three copyright lawsuits against three pirate streaming sites.

The operators of Israel-tv.com, Israel.tv and Sdarot.tv failed to appear, so the court held them liable for millions in statutory damages and signed off on an extremely broad injunction requiring every ISP in the country to block subscriber access to the sites.

While that element was later suspended , the injunction also prohibits any company (ISPs, webhosts, CDN providers, DNS providers, domain companies, advertising services, financial institutions, payment processors) from doing any business with the sites, now or in the future.

Early June, after seizing several ‘pirate’ domains, the plaintiffs’ informed the New York court that since Cloudflare had continued to service Israel.tv, it had failed to comply with the injunction and should be held in contempt of court. A timeline reported in our earlier article indicated that the plaintiffs’ allegations were likely incorrect, since they themselves had seized the domain around May 26.

According to a 24-page response just filed by Cloudflare, the company appears to agree, but its opposition goes much further. Broad injunctions that attempt to deal with future ‘pirate’ countermeasures (such as domain changes) may seem reasonable to the plaintiffs, but this case shows that rightsholders can issue powerful orders without any due process or judicial oversight.

Cloudflare: We Can’t Discontinue Service That Doesn’t Exist

Our timeline linked above indicates that the Israel.tv domain was likely seized by the plaintiffs on May 26, meaning that it was no longer linked to the infringing activity mentioned in the injunction. In its response, Cloudflare confirms that on that same date, Israel.tv stopped using its services, meaning that there was no action it could take, i.e it’s impossible to withdraw services that aren’t being used.

“Cloudflare cannot possibly be ‘in active concert or participation’ with Defendants [Israel.tv] with respect to copyright infringement or other prohibited acts on the Website, when no such acts are occurring. The Court should deny Plaintiffs’ Motion as moot on that basis alone,” Cloudflare writes.

New Domains Aren’t Covered By The Injunction

In addition to their complaints relating to Israel.tv, the media company plaintiffs go even further in their motion for contempt. They allege that five additional domains “associated with the infringing Website” were created and new accounts were opened with Cloudflare around May 22.

Since the injunction covers “any domain address known today…or to be used in the future by the Defendants”, they believe that Cloudflare should take action when notified of these “Add-On Domains”.

Cloudflare’s response states that none of the advised domains are plausibly covered by the injunction, and the unsupported bare claims of the media companies fail to convince otherwise.

“Plaintiffs fail to provide a shred of evidence, or even any argument, that any of the Add-On Domains are connected to Israel.tv, or that they are owned or operated by Defendants or their agents. Any reading of the Injunction that attempted to stretch it to cover the Add-On Domains would violate fundamental limitations on the scope of available injunctive relief..,” the company’s opposition reads.

Cloudflare says that under Federal Rule of Civil Procedure 65(d) and Section 512(j) of the DMCA, injunctive relief must be narrowly targeted to specific, identified defendants and their agents, and/or third parties in active concert or participation with such defendants.

“None of those conditions are satisfied here,” Cloudflare notes.

Describing the contempt motion as a “blatant attempt at a power grab” by media companies seeking to enforce an overbroad injunction, solely on their say-so, and without any due process or judicial oversight, Cloudflare says the motion “flies in the face of the law” and should be denied for violating basic legal principles.

For clarity, Cloudflare says it reviewed its records for the new ‘Add-On Domains” and found that none match the subscriber information associated with Israel.tv.

Big Tech Gets Involved After Cloudflare Was Singled Out

Cloudflare’s opposition questions why the plaintiffs singled out Cloudflare for a motion of contempt, especially on an “emergency” basis when it was obvious the company hadn’t been servicing the domain for some time (due to the plaintiffs’ domain seizure), so was in effect already complying with the injunction.

Those questions remain unanswered but new developments overnight indicate that, by obtaining such a broad injunction and then wrongly attempting to hold Cloudflare in contempt, plaintiffs United King Film Distribution, DBS Satellite Services, and Hot Communication have managed to stir up a Big Tech hornets’ nest in the United States.

In a letter to Judge Katherine Polk Failla at the US District Court for the Southern District of New York, Google LLC says that it was identified in the injunction as a “vendor providing services” to Israel.tv and also as an ISP in the form of Google Fiber Inc. The big news is that Google is in talks with the media companies’ counsel in advance of a potential motion to either modify or dissolve the injunction.

Google says that it does not want its services to be used to violate an injunction but, as they stand, the injunctions covering the three pirate sites are problematic in both scope and terms.

“Google is not in active concert or participation with the activities of the Defendants, and for that reason cannot properly be bound by an injunction in these cases,” the company informs the Court.

Google also holds the same position as Cloudflare, noting that under Federal Rule of Civil Procedure, injunctions need to “describe in reasonable detail…the act or acts restrained or required.” In this case the injunctions do not name the defendants (all were defaulting ‘Does’) so Google says it has no idea who it shouldn’t be doing business with.

The ‘Add-On Domains’ are also a problem, since the injunctions “appear to contemplate additional domains being added simply based on the unsupervised say-so of counsel for Plaintiff.” Finally, the injunctions only describe general categories of behavior rather than specific activities with respect to specific, identified copyrighted works, a requirement under copyright law.

“Google is discussing with Plaintiffs what voluntary action Google is willing to take to assist in effectuating this Court’s remedies against the Defendants, while taking into account Google’s concerns regarding both the proper scope of injunctive relief in this matter and the parties against whom such relief may be granted,” Google informs the court.

EFF and CCIA Request Permission to File Amicus Curiae Brief

Shortly after Google filed its letter, the Electronic Frontier Foundation (EFF) and Computer and Communications Industry Association (CCIA) requested permission to file an amicus curae brief. CCIA is a large tech advocacy group counting the likes of Amazon, Apple, eBay, Facebook, Mozilla, Nord Security, and Twitter among its members.

Both EFF and CCIA are troubled by the injunction, noting that the plaintiffs requested a sweeping injunction that purports to bind “hundreds, perhaps thousands” of non-party internet communications businesses.

“The injunction is impermissibly broad. It is contrary to both Federal Rule of Civil Procedure 65 and the Digital Millennium Copyright Act,” EFF and CCIA inform the Court.

“It will cause collateral harm to numerous Internet services and their users by imposing unnecessary costs and compliance burdens. Plaintiffs’ motion for contempt against Cloudflare is likewise improper. It illustrates the harm that Plaintiffs can cause, and appear ready to cause, through the injunction.”

Noting that an injunction cannot be a “blank check to fill in” with the details of any business that touches a defendant’s infringing materials, EFF and CCIA say that the plaintiffs have provided no “clear and convincing proof” that any non-party service provider, including Cloudflare, is “substantially intertwined” with the defendants and actively working with them to bypass the injunction.

The proposed amicus brief broadly aligns with the concerns raised by Cloudflare/Google and highlights how injunctions that aim to be proactive (by covering new domains, for example) can have a chilling effect due to a lack of specificity.

“Requiring service providers to actively detect and block websites that are not explicitly named in an order, on pain of contempt sanctions, would create a strong incentive for those service providers to preemptively block sites that show any appearance of being affiliated with an enjoined defendant, but in fact are not,” the brief adds.

EFF and CCIA conclude by asking the Court to deny the motion of contempt against Cloudflare and “treat with skepticism” any future attempts by the plaintiffs to enforce the injunction against nonparty service providers.

Cloudflare’s Opposition to Plaintiffs’ Motion for Contempt can be found here , Google’s letter here , and the EFF/CCIA proposed amicus brief here (all pdf)

From: TF , for the latest news on copyright battles, piracy and more.