Ariel Millennium Thornton @arielmt@computerfairi.es

Cloudflare making headlines again, probably not the way it would prefer. From @dangoodin at Ars:

A familiar debate is once again surrounding Cloudflare, the content delivery network that provides a free service that protects websites from being taken down in denial-of-service attacks by masking their hosts: Is Cloudflare a bastion of free speech or an enabler of spam, malware delivery, harassment and the very DDoS attacks it claims to block?

https://arstechnica.com/security/2024/07/cloudflare-once-again-comes-under-pressure-for-enabling-abusive-sites/

Meanwhile, from Proofpoint:

Proofpoint is tracking a cluster of cybercriminal threat activity leveraging Cloudflare Tunnels to deliver malware. Specifically, the activity abuses the TryCloudflare feature that allows an attacker to create a one-time tunnel without creating an account. Tunnels are a way to remotely access data and resources that are not on the local network, like using a virtual private network (VPN) or secure shell (SSH) protocol.

First observed in February 2024, the cluster increased activity in May through July, with most campaigns leading to Xworm, a remote access trojan (RAT), in recent months.

Campaign message volumes range from hundreds to tens of thousands of messages impacting dozens to thousands of organizations globally. In addition to English, researchers observed French, Spanish, and German language lures. Xworm, AsyncRAT, and VenomRAT campaigns are often higher volume than campaigns delivering Remcos or GuLoader. Lure themes vary, but typically include business-relevant topics like invoices, document requests, package deliveries, and taxes.

https://www.proofpoint.com/us/blog/threat-insight/threat-actor-abuses-cloudflare-tunnels-deliver-rats

🖼

Use our cloud service instead of local copies of your documents they said, it will be more efficient, they said.

very proud fox

I don't want AI to make art or write terrible articles which destroy the middle class. I just want email applications to look for the string "Hello" "Dear" "Hi" at the top of the message and warn the sender if the name that follows doesn't match the name on the email they are replying to.

When a new Big Vuln(TM) appears right at the end of the day:

https://mstdn.social/@Remittancegirl/112747294426534225

Anyway, we took _the word "accessibility"_ and made it incomprehensible to new community members, look like a different, real but unrelated word if you use the wrong font or have weak eyesight, and screw over anyone using a screen reader.

We've made it harder for people who rely on accessible tech to so much as participate in conversations about them and the tech they rely on, to save able-bodied people a few keystrokes.

This is bullshit. There's no better term for it. It's just lazy bullshit.

@thomasfuchs That "I always check" has the same energy as "It's open source so I can audit the code"

I joke but a note about language usage and open source _cultural_ accessibility: Numeronyms are bad, and there's no meaningful distinction between "a884a5f3609f2cca635fed56d4ec5795da56fb970y" and "a11y".

Neither one is recognizable as "accessibility" to anyone new to the field - great work nerds, we've managed to give the word "accessibility" its own accessibility problem - and I gotta tell you, "not typing out long words because they're long words" seems childish as hell to most people.