Hope @CloudFlare can make a statement about this: http://zeroscience.mk/files/wafreport2013.pdf … (http://news.ycombinator.com/item?id=5306519 ) - I'm pretty annoyed as a paying customer.
@eastdakota @bluetidepro @CloudFlare @mikedamm Serious gaps in your WAF were reported over a year ago. None fixed. Now this...
-
-
@attritionorg@bluetidepro@CloudFlare@mikedamm heuristic-based spam filters emerge starting in 2002 (e.g., Postini, MessageLabs, MXLogic). -
@eastdakota@bluetidepro@CloudFlare@mikedamm Don't need history refresher. Your WAF didn't stop 48 known attacks. You claim it "works". -
@attritionorg@bluetidepro@CloudFlare@mikedamm server response sometimes better indication of vulnerability than request. -
@eastdakota@bluetidepro@CloudFlare@mikedamm "sometimes", so why bother filtering known bad attacks? doesn't seem like a good strategy
End of conversation
New conversation -
-
-
@attritionorg@bluetidepro@CloudFlare@mikedamm best analogy is spam filters. In 1998, everyone used rules-based SpamAssassin. -
@eastdakota@bluetidepro@mikedamm With that analogy, a@CloudFlare spam filter "works" by allowing all spam through.#derp
End of conversation
New conversation -
-
-
@attritionorg@bluetidepro@CloudFlare@mikedamm difference between rules-based approach and heuristic-based approach. -
@eastdakota@bluetidepro@CloudFlare@mikedamm You don't stop 48 known attacks. How does your "Heuristic" approach "work" then?
End of conversation
New conversation -
-
-
@attritionorg@bluetidepro@CloudFlare@mikedamm and it blows everything else away: upload your mod_sec rules, fully customizable, and fast.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@attritionorg@bluetidepro@CloudFlare@mikedamm that said, we've realized that some orgs like rules-based WAFs. So we built one. Out soon.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@attritionorg@bluetidepro@CloudFlare@mikedamm heuristic approach: easy to configure, hard to test, much harder to bypass (self-learning).Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@attritionorg@bluetidepro@CloudFlare@mikedamm SpamAssassin: hard to configure, easy to test, easy to bypass. Similar to traditional WAFs.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.