Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/josephcox/statuses/113866861954795655">Joseph Cox (josephcox@infosec.exchange)'s status on Wednesday, 22-Jan-2025 06:28:38 JST</a><a href="https://infosec.exchange/@josephcox" title="josephcox@infosec.exchange"><img src="https://gnusocial.jp/avatar/163273-48-20230825063445.webp" width="48" height="48" alt="Joseph Cox" style="position: absolute; left: 0; top: 0;">Joseph Cox</a></section><article><p>A bug in Cloudflare (and just the nature of how CDNs work) let an attacker learn the broad location of Discord, Signal, Twitter users by just sending them an image, according to a security researcher. It works because you can then check which Cloudflare data center cached the image <a href="https://www.404media.co/cloudflare-issue-can-leak-chat-app-users-broad-location/" rel="nofollow">https://www.404media.co/cloudflare-issue-can-leak-chat-app-users-broad-location/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4420443#notice-8647455">In conversation</a><time datetime="2025-01-22T06:28:38+09:00" title="Wednesday, 22-Jan-2025 06:28:38 JST">about a month ago</time> <span>from <span><a href="https://infosec.exchange/@josephcox/113866861954795655" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@josephcox/113866861954795655">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: www.404media.co</div><h5><a href="https://www.404media.co/cloudflare-issue-can-leak-chat-app-users-broad-location/">Cloudflare Issue Can Leak Chat App Users' Broad Location</a></h5><div> from <span>@josephfcox</span></div></header><div>A security researcher made a tool that let them quickly check which of Cloudflare's data centers had cached an image, which allowed them to figure out what city a Discord, Signal, or Twitter/X user might be in.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Joseph Cox (josephcox@infosec.exchange)'s status on Wednesday, 22-Jan-2025 06:28:38 JST Joseph Cox
A bug in Cloudflare (and just the nature of how CDNs work) let an attacker learn the broad location of Discord, Signal, Twitter users by just sending them an image, according to a security researcher. It works because you can then check which Cloudflare data center cached the image https://www.404media.co/cloudflare-issue-can-leak-chat-app-users-broad-location/
In conversationabout a month ago from infosec.exchangepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.404media.co
  Cloudflare Issue Can Leak Chat App Users' Broad Location
  from @josephfcox
  A security researcher made a tool that let them quickly check which of Cloudflare's data centers had cached an image, which allowed them to figure out what city a Discord, Signal, or Twitter/X user might be in.

Public

Embed Notice

HTML Code

Corresponding Notice