Summary

Security Now 1035: Cloudflare's 1.1.1.1 Outage Hosted by Leo Laporte and Steve Gibson Release Date: July 23, 2025

Introduction

In this episode of Security Now, Leo Laporte and Steve Gibson delve into a range of pressing security issues, with a primary focus on the recent outage of Cloudflare's popular DNS resolver, 1.1.1.1. They also discuss emerging threats in authentication technologies, governmental internet regulations, and ongoing ransomware attacks affecting major corporations worldwide.

Cloudflare's 1.1.1.1 DNS Outage

Timestamp: 00:30

The episode begins with Steve Gibson introducing the main topic: the Cloudflare 1.1.1.1 DNS outage that occurred on July 14, 2025.

Steve Gibson [02:23]: "Someone tripping over a cord at Cloudflare headquarters caused their famous 1.1.1.1 DNS server service to disappear for an hour globally."

Impact of the Outage The outage affected Cloudflare's primary DNS resolver, leading to disruptions in internet services for users relying solely on this resolver.

Steve Gibson [02:24]: "This caused a massive hour-long worldwide outage of their flagship DNS resolver."

Technical Breakdown Steve provides a detailed analysis of the outage, explaining the role of Anycast routing in distributing DNS services globally and how a misconfiguration led to the inadvertent withdrawal of DNS prefixes, rendering the service unreachable.

Steve Gibson [125:40]: "The Quad One IP is an Anycast address where the IP does not refer to any specific physical resolver hardware. Any traffic addressed to that IP is automatically routed to the closest Cloudflare data center."

Cloudflare's Response Cloudflare acknowledged the outage, attributing it to an internal configuration error rather than an external attack. They have since committed to improving their deployment methodologies to prevent similar incidents.

Cloudflare Statement [136:53]: "We are sorry for the disruption this incident caused for our customers. We are actively making these improvements to ensure improved stability moving forward and to prevent this problem from happening again."

Passkey Bypass and Authentication Vulnerabilities

Timestamp: 05:22

Steve discusses a passkey bypass vulnerability uncovered by Expel Security, highlighting how attackers can exploit downgrade attacks to compromise FIDO2 passkeys.

Steve Gibson [22:16]: "Bad actors have figured out how to downgrade FIDO key authentication when compromising accounts."

Mitigation Strategies They explore potential solutions, emphasizing the importance of on-device authentication to strengthen passkey security and prevent adversary-in-the-middle attacks.

Steve Gibson [28:15]: "Cross device authentication cannot be as safe as on device authentication. So that's what you want to use whenever you can."

Governmental Clampdowns on Internet Usage

Timestamp: 33:22

The hosts shift focus to Russia's new legislation criminalizing online searches for extremist content, marking a significant tightening of digital freedoms.

Steve Gibson [120:43]: "Russia is criminalizing online searches for controversial content, expanding their already restrictive digital laws."

They draw parallels to similar moves in other countries like Belarus and express concerns over the global trend of governments exerting more control over internet usage.

Steve Gibson [121:28]: "The need for age verification is today... The Supreme Court just approving measures that can criminalize Internet speech is worrisomely broad."

Ransomware Attacks on Major Corporations

Timestamp: 33:23

Steve highlights recent ransomware attacks impacting South Korea's largest insurance company and the grocery distributor United Natural Foods, causing significant operational disruptions and financial losses.

Steve Gibson [31:53]: "Ransomware attacks are now a steady state, constant background pain that companies are suffering when bad guys get in."

Age Verification Challenges

Timestamp: 58:01

The discussion shifts to the challenges of online age verification, with Steve outlining the technical and privacy hurdles that make it a complex issue to address effectively.

Steve Gibson [120:43]: "We need a privacy-preserving age assertion system that everyone understands isn't revealing anything about them but can verify their age."

He proposes a cryptographic protocol involving zero-knowledge proofs to balance age verification with user privacy, emphasizing the need for biometric integration.

Steve Gibson [123:07]: "Any technology that asserts someone's age must absolutely must somehow be tied to unspoofable biometric parameters."

Q&A and Listener Feedback

Timestamp: 100:27

Steve responds to listener feedback, discussing the feasibility of using government databases and cryptographic methods for secure and private age verification.

Steve Gibson [121:28]: "The problem is how to prevent the spoofing of anyone's age assertion, which necessitates tight biometrics integrated with authentication systems."

Conclusion

Leo Laporte wraps up the episode by encouraging listeners to stay informed and engaged through various platforms, emphasizing the importance of community support in addressing these ongoing security challenges.

Leo Laporte [124:38]: "Security Now deals with intractable issues of the day and attempts to solve them with logic and thought."

Notable Quotes

Steve Gibson [22:16]: "Bad actors have figured out how to downgrade FIDO key authentication when compromising accounts."
Steve Gibson [120:43]: "We need a privacy-preserving age assertion system that everyone understands isn't revealing anything about them but can verify their age."
Leo Laporte [124:38]: "Security Now deals with intractable issues of the day and attempts to solve them with logic and thought."

Final Thoughts

This episode of Security Now provides an in-depth analysis of significant security events and challenges, particularly emphasizing the vulnerabilities in current authentication systems and the increasing governmental control over internet freedoms. The hosts offer thoughtful insights and potential solutions, underscoring the evolving landscape of online security and privacy.

Note: For detailed charts and real-time DNS resolver performance, listeners are encouraged to visit the GRC DNS Benchmark and Cloudflare Radar as mentioned during the episode.

Summary

Security Now 1035: Cloudflare's 1.1.1.1 Outage Hosted by Leo Laporte and Steve Gibson Release Date: July 23, 2025

Introduction

Cloudflare's 1.1.1.1 DNS Outage

Timestamp: 00:30

The episode begins with Steve Gibson introducing the main topic: the Cloudflare 1.1.1.1 DNS outage that occurred on July 14, 2025.

Steve Gibson [02:23]: "Someone tripping over a cord at Cloudflare headquarters caused their famous 1.1.1.1 DNS server service to disappear for an hour globally."

Impact of the Outage The outage affected Cloudflare's primary DNS resolver, leading to disruptions in internet services for users relying solely on this resolver.

Steve Gibson [02:24]: "This caused a massive hour-long worldwide outage of their flagship DNS resolver."

Steve Gibson [125:40]: "The Quad One IP is an Anycast address where the IP does not refer to any specific physical resolver hardware. Any traffic addressed to that IP is automatically routed to the closest Cloudflare data center."

Cloudflare Statement [136:53]: "We are sorry for the disruption this incident caused for our customers. We are actively making these improvements to ensure improved stability moving forward and to prevent this problem from happening again."

Passkey Bypass and Authentication Vulnerabilities

Timestamp: 05:22

Steve discusses a passkey bypass vulnerability uncovered by Expel Security, highlighting how attackers can exploit downgrade attacks to compromise FIDO2 passkeys.

Steve Gibson [22:16]: "Bad actors have figured out how to downgrade FIDO key authentication when compromising accounts."

Mitigation Strategies They explore potential solutions, emphasizing the importance of on-device authentication to strengthen passkey security and prevent adversary-in-the-middle attacks.

Steve Gibson [28:15]: "Cross device authentication cannot be as safe as on device authentication. So that's what you want to use whenever you can."

Governmental Clampdowns on Internet Usage

Timestamp: 33:22

The hosts shift focus to Russia's new legislation criminalizing online searches for extremist content, marking a significant tightening of digital freedoms.

Steve Gibson [120:43]: "Russia is criminalizing online searches for controversial content, expanding their already restrictive digital laws."

They draw parallels to similar moves in other countries like Belarus and express concerns over the global trend of governments exerting more control over internet usage.

Steve Gibson [121:28]: "The need for age verification is today... The Supreme Court just approving measures that can criminalize Internet speech is worrisomely broad."

Ransomware Attacks on Major Corporations

Timestamp: 33:23

Steve Gibson [31:53]: "Ransomware attacks are now a steady state, constant background pain that companies are suffering when bad guys get in."

Age Verification Challenges

Timestamp: 58:01

The discussion shifts to the challenges of online age verification, with Steve outlining the technical and privacy hurdles that make it a complex issue to address effectively.

Steve Gibson [120:43]: "We need a privacy-preserving age assertion system that everyone understands isn't revealing anything about them but can verify their age."

He proposes a cryptographic protocol involving zero-knowledge proofs to balance age verification with user privacy, emphasizing the need for biometric integration.

Steve Gibson [123:07]: "Any technology that asserts someone's age must absolutely must somehow be tied to unspoofable biometric parameters."

Q&A and Listener Feedback

Timestamp: 100:27

Steve responds to listener feedback, discussing the feasibility of using government databases and cryptographic methods for secure and private age verification.

Steve Gibson [121:28]: "The problem is how to prevent the spoofing of anyone's age assertion, which necessitates tight biometrics integrated with authentication systems."

Conclusion

Leo Laporte [124:38]: "Security Now deals with intractable issues of the day and attempts to solve them with logic and thought."

Notable Quotes

Steve Gibson [22:16]: "Bad actors have figured out how to downgrade FIDO key authentication when compromising accounts."
Steve Gibson [120:43]: "We need a privacy-preserving age assertion system that everyone understands isn't revealing anything about them but can verify their age."
Leo Laporte [124:38]: "Security Now deals with intractable issues of the day and attempts to solve them with logic and thought."

Final Thoughts

Note: For detailed charts and real-time DNS resolver performance, listeners are encouraged to visit the GRC DNS Benchmark and Cloudflare Radar as mentioned during the episode.

wavePod

Security Now 1035: Cloudflare's 1.1.1.1 Outage

Powered by Wave AI

Summary

Introduction

Cloudflare's 1.1.1.1 DNS Outage

Passkey Bypass and Authentication Vulnerabilities

Governmental Clampdowns on Internet Usage

Ransomware Attacks on Major Corporations

Age Verification Challenges

Q&A and Listener Feedback

Conclusion

Notable Quotes

Final Thoughts

Summary

Introduction

Cloudflare's 1.1.1.1 DNS Outage

Passkey Bypass and Authentication Vulnerabilities

Governmental Clampdowns on Internet Usage

Ransomware Attacks on Major Corporations

Age Verification Challenges

Q&A and Listener Feedback

Conclusion

Notable Quotes

Final Thoughts