Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Cloudflare MitM keylogger

Would you like to explain what you mean by this?



Different responder, but I imagine they are referring to CloudFlare's stated ability to:

Provide command logs and session recordings to allow administrators to audit and replay their developers’ interactions with the organization’s infrastructure.

The only way they can do this is if they record and store the session text, effectively a keylogger between you and the machine you are SSH'ing into.


Keylogger has a specific meaning which doesn’t refer to audit logging. Trying to scare people by misusing loaded terms has the opposite effect from what you intend.


Keyloggers are absolutely used for audit logging. I've implemented these MiTM patterns specifically so we could log all keystrokes. The addition of a keylogger is only an issue if you don't trust Cloudflare, but usually a checklist item for these kinds of bastion hosts in certain compliance environments.


Yes, but it’s not a man in the middle attack when it’s monitoring your own servers any more than it’s a privacy breach when HR looks at your file. My intent was simply that trying to make things sound scary by using language normally used in adversarial contexts really isn’t helpful when talking about things companies need to do. There isn’t an expectation of privacy what what you do on company servers.


"mitm keylogger" has a specific meaning and refers to a party in the middle of a connection, logging the keystrokes.


Both terms are used to refer to attacks, not oversight of your own systems.


No, here's a counter example: https://www.interguardsoftware.com/keylogger-software/


I’ll concede that keylogger is sometimes used in a corporate workstation monitoring context but it isn’t really the same as session monitoring on servers. The main thrust of my comment was simply that using loaded language to make common needs sound scary is distracting from rather than helping matters.


I think the original poster's intention was to be somewhat inflammatory as a way to draw attention to the very high level of trust you are granting to CloudFlare in this model. You are effectively giving them whatever privileges you yourself have on those boxes.

Of course, CloudFlare is making it their business to be and convince others that they are that trusted third-party.


In Privilege access management platform (including ours [1]), every operation that a user does is multiplexed via (stdout/stdin) and captured for auditing. This is a compliance requirement for SOX, PCI etc.

[1] https://adaptive.dev




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: