#www

anonymiss@despora.de

#WordPress installer #attack race

source: https://smitka.me/2022/07/01/wordpress-installer-attack-race/

The attacker uses the #Certificate Transparency Log to find new WordPress #installations. It works because you usually generate the #SSL certificate when you set up a hosting space. When the certificate is issued, the record appears in the public log.

...

It takes only 4 minutes from the certificate issue to abuse the installer (but in some cases, the attacker managed to do it in under 1 minute).

#internet #blog #security #backdoor #problem #www #web #software #install #news

anonymiss@despora.de
anonymiss@despora.de

Check out #Iceraven a #Mozilla based #browser for #Android ...

Github: https://github.com/fork-maintainers/iceraven-browser
Screenshots: https://iceraven-browser.en.uptodown.com/android

Our goal is to be a close fork of the new Firefox for Android that seeks to provide users with more options, more opportunities to customize (including a broad extension library), and more information about the pages they visit and how their browsers are interacting with those pages.

#software #internet #firefox #fork #www #web #opensource #mobile #smartPhone

canoodle@nerdpol.ch

Rant: wordpress & privacy - self hosted instances upload all content to their CDN servers i2.wp.com imho without consent and no possibility to delete?

correct if wrong but…

checkout this picture, just uploaded to this self-hosted wordpress instance recently:

it “suddenly” and without consent it also exists on this server i2.wp.com, the “cool” wordpress CDN, that is supposed to speed up loading time of a blog… well… not this blog eh?

https://i2.wp.com/dwaves.de/wp-content/uploads/2022/05/S21_Ultra_Sample_Test_Photo_RawTherapie_post_processed_20220525_sky.jpg

if the user would have wanted that, instead of going self-hosting, the user could have just spared all the hazzle and used wordpress.org.

so even when the author-user deletes that image from the user’s blog… (just tested) it will be still there on https://i2.wp.com/dwaves.de/wp-content/uploads/2022/05/S21_Ultra_Sample_Test_Photo_RawTherapie_post_processed_20220525_sky.jpg

“great” isn’t it? so much for “control over one’s data”.

“This is happening because you’re using Jetpack’s built-in Image CDN that relies on WordPress.com. If you like to disable that feature go to your Dashboard > Jetpack > Settings > Performance and toggle off the Enable site accelerator option under the Performance & speed section. You can read more about this feature here:

https://jetpack.com/support/site-accelerator/” (src)

no – this blog is NOT using jetpack site accelerator.

also the option described is not available on self hosted wordpress.

#wtf?

wordpress – a giant content “sucking up ur content and storing it forever” machine?

time for alternatives.

if the visitor Firefox -> F12 -> network checks where the parts of this blog are coming from, they are all coming from dwaves.de and not some wordpress CDN for “faster loading time”.

the only external content are the smileys: https://s.w.org/images/core/emoji/14.0.0/svg/1f61c.svg

(those evil smileys probably “report back” to wordpress… how much that article was visited… and they (probably) sell it again… to G*** and M$ and whoever is willing to pay for that data)

…ah there it is:

https://wordpress.org/about/privacy/

https://wordpress.org/about/privacy/

https://wordpress.org/about/privacy/

so this is how wordpress argues, that they have “legitimate interests” to store all pictures uploaded to self-hosted wordpress instances on: ipv4.de-cix.fra.de.as2635.automattic.com (80.81.193.69)

hosted by: https://www.northdata.de/de-CIX+Management+GmbH,+K%C3%B6ln/HRB+51135

associated with:

https://www.northdata.de/deutsche+medienakademie+GmbH,+K%C3%B6ln/HRB+57192

https://www.northdata.de/7P+Business+Solutions+GmbH,+K%C3%B6ln/HRB+65133

#linux #gnu #gnulinux #opensource #administration #sysops #wordpress #privacy #cdn #cms #web #www #html

Originally posted at: https://dwaves.de/2022/06/06/rant-wordpress-privacy-self-hosted-instances-upload-all-content-to-their-cdn-servers-i2-wp-com-imho-without-consent-and-no-possibility-to-delete/