Back to Home11/18/2025, 12:36:54 PM

GoSign Desktop RCE flaws affecting users in Italy

ascii

3 points

1 comments

Mood

thoughtful

Sentiment

negative

Discussion Activity

Active discussion

First comment

-134173s

Peak period

Hour 2

Avg / period

3.1

Comment distribution25 data points

Based on 25 loaded comments

Key moments

01Story posted
11/18/2025, 12:36:54 PM
9h ago
Step 01
02First comment
11/16/2025, 11:20:41 PM
-134173s after posting
Step 02
03Peak activity
12 comments in Hour 2
Hottest window of the conversation
Step 03
04Latest activity
11/18/2025, 8:06:10 PM
1h ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (1 comments)

Showing 25 comments

gritzko

8h ago

4 replies

Paris Cloudflare Error

chasing0entropy

8h ago

2 replies

AI scrapes internet from millions of IPs worldwide proving an orchestrated, intelligent, botnet effectually becoming a large percentage of total internet traffic overnight.

Internet responds by retreating to behind a single cloud provider who can mysteriously keep ai at bay... Same provider network is probably responsible for the near instantaneous distribution of AI traffic to begin with.

Internet's last bastion of hope is attacked, rather quickly, and half of the internet is scrambling to remember how to administer DNS (The other half never knew).

agos

8h ago

1 reply

Cloudflare was already a thing before AI scrapers

immibis

8h ago

4 replies

And they were strongly suspected to DDoS their prospective customers, so they would suddenly have a need to buy DDoS protection.

amalcon

3h ago

The claim I think you're referring to is in two parts:

1) They were willing to sell DDoS protection to DDoS services

2) This decision was made specifically because the existence of DDoS services increased the value of their product

This was always a weird claim, because the first part is 100% true -- while the second part was always unfounded speculation. The conclusion is thus most likely false. They just didn't want to incorporate that sort of thing into their ToS for various understandable reasons.

gruez

4h ago

How does this work given there are many competing DDoS protection providers like Akamai, Azure, or AWS?

steelbrain

7h ago

First I’m hearing of it, got a source?

giancarlostoro

6h ago

That is a wild claim, got some evidence?

nullbyte808

8h ago

what is this "AI" your referring to?

VladVladikoff

8h ago

1 reply

Cloudflare yet again making the internet a shittier place. I will never understand why so many people willingly allow their website to be MiTM’d by this garbage company.

delichon

8h ago

2 replies

Then I suppose you know a better alternative when your site is being effectively DDOSed by a ridiculously high volume of scrapers. Please tell.

codingminds

8h ago

1 reply

E.g. https://www.fastly.com/

But Cloudflare has the best marketing of all of them ¯\_(ツ)_/¯

ramon156

7h ago

1 reply

iirc isn't steam also on fastly? I vaguely remember their stack to either include fastly or they're using fastify. Names...

hofrogs

7h ago

1 reply

I think Steam uses akamai, at least for user-generated content

codingminds

7h ago

Seems to be correct

  store.steampowered.com. 30 IN A 184.31.101.220

  NetRange:       184.24.0.0 - 184.31.255.255
  CIDR:           184.24.0.0/13
  NetName:        AKAMAI

chasing0entropy

7h ago

1 reply

There are so many CDNs, they have existed since the internet was just for porn. The problem is they are not as easy to use for today's novice webdev with zero knowledge of how to administer or even research infrastructure beyond the stack specs.

whizzter

7h ago

I don't think the issue is a skill one but rather giving a sane option.

Going to Akamai's site I don't see a single mention of pricing, I don't want to be smooched by some enterprise salesman to get my pricing options.

Going to Fastly's site I see egress costs that makes me think I could probably be better of just staying on AWS,Azure or smth and have a single bill to care about. (That have their own expensive options).

There's probably other small players with sane options pricing wise, but when it comes to managing DDoS issues people want someone big to handle the bulk.

nullbyte808

8h ago

Bonjour!

deaux

8h ago

LA here.

Barry-Perkins

3h ago

1 reply

Good catch. There are serious RCE (remote code execution) vulnerabilities in GoSign Desktop (<= 2.4.0) that affect users in Italy: it disables TLS certificate validation when using a proxy, and uses unsigned manifests for updates.

NoTrainData4U

3h ago

Hello Firstname-Lastname Spamshit!

https://news.ycombinator.com/threads?id=John-Tony

https://news.ycombinator.com/user?id=Barry-Perkins

CodesInChaos

3h ago

I'm a bit confused by the privilege escalation part. Doesn't modifying the settings require the same privileges the application has?

ascii

1d ago

GoSign is a desktop client used across Italian public administrations and enterprises for qualified electronic signatures, produced by Tinexta InfoCert, one of Europe’s major eIDAS-regulated trust service providers. Researchers found that versions ≤ 2.4.0 disable TLS certificate verification when a proxy is configured and use an unsigned update manifest. Combined, these flaws allow man-in-the-middle attacks and delivery of malicious updates leading to remote code execution.

alan-jordan13

1h ago

Serious issue—these GoSign Desktop RCE flaws highlight how critical secure code signing tools are. Glad it’s being exposed so users and organizations in Italy can patch quickly.

mastazi

9h ago

The gives me a Cloudflare internal server error, tried archive.org but the page has not been archived yet. Anyone has an archived link?

View full discussion on Hacker News

ID: 45964835Type: storyLast synced: 11/18/2025, 12:38:40 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Read Article View on HN