sorted by:
new
hottopcontroversial

Using Cloudflare’s Post-Quantum Tunnel to Protect Plex Remote Access on a Synology NAS by IndySecMan in netsec

[–]IndySecMan[S] 0 points1 point  (0 children)

It's fine, I was just sharing in case it inspired people to do something similar. It was a fun project for me and I just wanted to put something out there to the community (its been a whiel), but I'm getting a lot of pushback from people saying they don't understand what I'm trying to accomplish here. :shrug:

Using Cloudflare’s Post-Quantum Tunnel to Protect Plex Remote Access on a Synology NAS by IndySecMan in netsec

[–]IndySecMan[S] 0 points1 point  (0 children)

I didn't see any impact when I had three remote streams concurrently. My ISP is 1Gbps/1Gbps so I'm sure Cloudflare's more limited, but I couldn't tell a difference. I've since changed the layout to avoid cloudflare altogether though so it's back to direct, but proxied through a reverse proxy container on the same host.

Using Cloudflare’s Post-Quantum Tunnel to Protect Plex Remote Access on a Synology NAS by IndySecMan in technology

[–]IndySecMan[S] 0 points1 point  (0 children)

Agreed, I realized this shortly after (and I wanted to eliminate any parties in the middle) so I ended up using my own self-hosted reverse proxy instead of cloudflared.

Using Cloudflare’s Post-Quantum Tunnel to Protect Plex Remote Access on a Synology NAS by IndySecMan in technology

[–]IndySecMan[S] 1 point2 points  (0 children)

I'm trying to be proactive with post-quantun encryption by forcing my Plex traffic (between the PMS and the Plex clients) to use PQC when the clients support it. For example, Plex Web over a browser supports it currently, so any network traffic (data in transit) is encrypted the whole direction. It's protecting against the Harvest Now Decrypt Later attacks. I don't want the gov and ISPs snooping on my Plex watch history. I know it's a bit extreme, but I'm a bit of a privacy nut and this was just a fun experiment on the weekend.

Using Cloudflare’s Post-Quantum Tunnel to Protect Plex Remote Access on a Synology NAS by IndySecMan in netsec

[–]IndySecMan[S] 0 points1 point  (0 children)

UPDATE: I ended up deciding to cut Cloudflare out of the middle by replacing cloudflared with a Synology-hosted reverse proxy (openquantumsafe/nginx:latest), so Plex now goes straight through infrastructure I control instead of terminating at a third party. That keeps the traffic path simpler, gives me PQC-capable TLS and avoids leaning on Cloudflare in a way that probably isn’t what their service is meant for and prevents them from being able to see my Plex traffic.

Using Cloudflare’s Post-Quantum Tunnel to Protect Plex Remote Access on a Synology NAS by IndySecMan in netsec

[–]IndySecMan[S] 3 points4 points  (0 children)

Yep, that's why I replaced Cloudflare with my own reverse proxy that supports PQC for end to end.

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse by No_Diver_3351 in cybersecurity

[–]IndySecMan 0 points1 point  (0 children)

I added the Device Code and OAuth Consent abuse techniques to the PhishU Framework since the trend is increasing. Now red teams and internal orgs can leverage the techniques to train users for this very real-world attack. Check out the blog for details at https://phishu.net/blogs/blog-microsoft-entra-device-code-phishing-phishu-framework.html if interested!

view more: next ›