Removed extension that is no longer available #512

2018-08-21T07:39:38Z

vRobM commented

2018-08-21 07:39:38 +00:00

(Migrated from github.com)

"Block Cloudflare MiTM Attack - Firefox add-on to detect and block corporate MITM attack. "

Hillside502 commented

2018-08-21 11:54:59 +00:00

(Migrated from github.com)

https://github.com/nym-zone/block_cloudflare_mitm_fx/issues/19

kewde commented

2018-08-24 22:34:37 +00:00

(Migrated from github.com)

I think we'll have to remove this one..
If there's are no maintainers and only bug report with the extension attached as an addon, it is pretty much dead to me.

I think we'll have to remove this one.. If there's are no maintainers and only bug report with the extension attached as an addon, it is pretty much dead to me.

kewde commented

2018-08-24 22:34:46 +00:00

(Migrated from github.com)

@shifterovich

ghost commented

2018-08-24 22:58:12 +00:00

(Migrated from github.com)

If there's are no maintainers

If it's a simple script there might be no need to maintain it.

And what's the issue? FF removed some privacy addons from their addon website? Can't users install them locally from source/zip like on Chrome?

> If there's are no maintainers If it's a simple script there might be no need to maintain it. And what's the issue? FF removed some privacy addons from their addon website? Can't users install them locally from source/zip like on Chrome?

ghost commented

2018-09-07 21:17:47 +00:00

(Migrated from github.com)

https://trac.torproject.org/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi

Email I received:

I was the "developer" of this add-on.

The reason why there is no one to answer on Github is
"nullius", the AMO maintainer who control my add-on[1]
didn't answer to my emails since last year. I believe he's
gone MIA, and it seems his email account is hacked.

We(me and nullius) failed to communicate with Mozilla idiots
therefore the add-on remains hidden(or deleted, I have no idea
because my AMO account level was "developer". I deleted AMO
account after I noticed the add-on was hidden)

Alternative: https://addons.mozilla.org/en-US/firefox/addon/tprb/

https://trac.torproject.org/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi Email I received: > I was the "developer" of this add-on. > > The reason why there is no one to answer on Github is > "nullius", the AMO maintainer who control my add-on[1] > didn't answer to my emails since last year. I believe he's > gone MIA, and it seems his email account is hacked. > > We(me and nullius) failed to communicate with Mozilla idiots > therefore the add-on remains hidden(or deleted, I have no idea > because my AMO account level was "developer". I deleted AMO > account after I noticed the add-on was hidden) Alternative: https://addons.mozilla.org/en-US/firefox/addon/tprb/

beerisgood commented

2018-09-08 17:22:42 +00:00

(Migrated from github.com)

This alternative doesn't look like a alternative. It's a simple tool like RequestPolicy or better uMatrix

👍 1

ghost commented

2018-09-08 17:34:50 +00:00

(Migrated from github.com)

Anyway the xpi file still exists and users can install it even without AMO. Maybe just change the link?

ghost commented

2018-09-17 18:39:41 +00:00

(Migrated from github.com)

Wrong link, alternative: https://addons.mozilla.org/en-US/firefox/addon/bcma/

"What's the difference?"

Less permission

Less code & Easy to read

Developer is not me

So simple

Mozilla's erosman approved

Stay safe,
Ex-BCMA developer

Wrong link, alternative: https://addons.mozilla.org/en-US/firefox/addon/bcma/ > "What's the difference?" > 1. Less permission > 2. Less code & Easy to read > 3. Developer is not me > 4. So simple > 5. Mozilla's erosman approved > > > Stay safe, > Ex-BCMA developer

vRobM commented

2018-09-18 03:06:16 +00:00

(Migrated from github.com)

CF is not an Attack. It's a contractual service. Stop the FUD.

++ Rob

About me https://remote.com/r

On Mon, Sep 17, 2018 at 11:39 AM, Samuel Shifterovich <
notifications@github.com> wrote:

Wrong link, alternative: https://addons.mozilla.org/en-
US/firefox/addon/bcma/

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/privacytoolsIO/privacytools.io/pull/512#issuecomment-422124994,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AClFXUZ_zk52FDK7fJIv4K7x1Q0s4dPmks5ub-x4gaJpZM4WFQaV
.

CF is not an Attack. It's a contractual service. Stop the FUD. ++ Rob About me <https://remote.com/r> On Mon, Sep 17, 2018 at 11:39 AM, Samuel Shifterovich < notifications@github.com> wrote: > Wrong link, alternative: https://addons.mozilla.org/en- > US/firefox/addon/bcma/ > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <https://github.com/privacytoolsIO/privacytools.io/pull/512#issuecomment-422124994>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/AClFXUZ_zk52FDK7fJIv4K7x1Q0s4dPmks5ub-x4gaJpZM4WFQaV> > . >

ghost commented

2018-09-18 14:34:02 +00:00

(Migrated from github.com)

@vRobM The TLS certificate for remote.com is a typical CF SNI certificate and covering

DNS Name: ssl379641.cloudflaressl.com
DNS Name: *.algartoldo.com
DNS Name: *.blackmoonparanormalresearch.com
DNS Name: *.glasscityhog3753.com
DNS Name: *.go123.ph
DNS Name: *.hurricosmo.com
DNS Name: *.iloveecigs.com
DNS Name: *.lumbininepal-ca.org
DNS Name: *.philosophyofglass.com
DNS Name: *.physmodo.com
DNS Name: *.pinbadgememories.com
DNS Name: *.poliplex.net
DNS Name: *.remote.com
DNS Name: *.sahaltravel.com
DNS Name: *.solidaluminiumcane.co.uk
DNS Name: *.stoutbordeaux.com
DNS Name: *.texasstarwindows.com
DNS Name: *.thedaviesmusicacademy.com
DNS Name: algartoldo.com
DNS Name: blackmoonparanormalresearch.com
DNS Name: glasscityhog3753.com
DNS Name: go123.ph
DNS Name: hurricosmo.com
DNS Name: iloveecigs.com
DNS Name: lumbininepal-ca.org
DNS Name: philosophyofglass.com
DNS Name: physmodo.com
DNS Name: pinbadgememories.com
DNS Name: poliplex.net
DNS Name: remote.com
DNS Name: sahaltravel.com
DNS Name: solidaluminiumcane.co.uk
DNS Name: stoutbordeaux.com
DNS Name: texasstarwindows.com
DNS Name: thedaviesmusicacademy.com

The TLS traffic apparently terminating at CF's edge and thus is accessible/legible (MitM) to CF.

How is that for trusting?

Concur it is a business model (contractual service) but certainly not inspiring trust in the uninterrupted TLS chain with any such domain and thus there is nothing wrong with creating user awareness.

@vRobM The TLS certificate for remote.com is a typical CF SNI certificate and covering 1. DNS Name: ssl379641.cloudflaressl.com 2. DNS Name: *.algartoldo.com 3. DNS Name: *.blackmoonparanormalresearch.com 4. DNS Name: *.glasscityhog3753.com 5. DNS Name: *.go123.ph 6. DNS Name: *.hurricosmo.com 7. DNS Name: *.iloveecigs.com 8. DNS Name: *.lumbininepal-ca.org 9. DNS Name: *.philosophyofglass.com 10. DNS Name: *.physmodo.com 11. DNS Name: *.pinbadgememories.com 12. DNS Name: *.poliplex.net 13. DNS Name: *.remote.com 14. DNS Name: *.sahaltravel.com 15. DNS Name: *.solidaluminiumcane.co.uk 16. DNS Name: *.stoutbordeaux.com 17. DNS Name: *.texasstarwindows.com 18. DNS Name: *.thedaviesmusicacademy.com 19. DNS Name: algartoldo.com 20. DNS Name: blackmoonparanormalresearch.com 21. DNS Name: glasscityhog3753.com 22. DNS Name: go123.ph 23. DNS Name: hurricosmo.com 24. DNS Name: iloveecigs.com 25. DNS Name: lumbininepal-ca.org 26. DNS Name: philosophyofglass.com 27. DNS Name: physmodo.com 28. DNS Name: pinbadgememories.com 29. DNS Name: poliplex.net 30. DNS Name: remote.com 31. DNS Name: sahaltravel.com 32. DNS Name: solidaluminiumcane.co.uk 33. DNS Name: stoutbordeaux.com 34. DNS Name: texasstarwindows.com 35. DNS Name: thedaviesmusicacademy.com The **TLS traffic** apparently **terminating at CF's edge** and thus is **accessible/legible (MitM) to CF**. How is that for trusting? Concur it is a business model (contractual service) but certainly not inspiring trust in the uninterrupted TLS chain with any such domain and thus there is nothing wrong with creating user awareness.

ghost commented

2018-09-18 15:25:22 +00:00

(Migrated from github.com)

@vRobM Google is not an attack. It's a search engine. Stop the FUD.

As if there were no other things than "attacks" to protect yourself from.

@vRobM Google is not an attack. It's a search engine. Stop the FUD. As if there were no other things than "attacks" to protect yourself from.

This repo is archived. You cannot comment on pull requests.

No reviewers