JavaScript is required to use Bungie.net

OffTopic

Surf a Flood of random discussion.
2/24/2017 10:57:19 AM
4

PSA:Time to change your passwords: MASSIVE Cloudflare bug leaks passwords.

http://www.reddit.com/r/technology/comments/5vueo8/cloudflare_vulnerability_exposes_user_data_for/ 1) this is massive, the full scale is not known 2) caching may make this worse than it was since that makes scraping the data easier. [quote]Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months. Requests to sites with the HTML rewrite features enabled triggered a pointer math bug. Once the bug was triggered the response would include data from ANY other cloudfare proxy customer that happened to be in memory at the time. Meaning a request for a page with one of those features could include data from Uber or one of the many other customers that didn't use those features. So the potential impact is every single one of the sites using CloudFare's proxy services (including HTTP & HTTPS proxy). "The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests), potential of 100k-200k paged with private data leaked every day"[/quote] and the [url=http://github.com/pirate/sites-using-cloudflare]github entry[/url] has a list of a bunch of the sites affected as well as a link to download a huge file of the supposedly affected websites. the leak affected many notable sites, some of which you might recognize(not the only ones affected, just the really major ones): Reddit.com bitcoin.com bitdefender.com patreon.com medium.com 4chan.org coinbase.com yelp.com okcupid.com zendesk.com Uber.com curse.com(and their family of sites) stackoverflow.com thepiratebay.org ziprecruiter.com glassdoor.com reddit.com pastebin.com crunchyroll.com fitbit.com discordapp.com change.org armorgames.com ashleymadison.com cyanogenmod.org dailycaller.com dota2lounge.com drudgereport.com explosm.net(makers of the cyanide and happiness webseries) f[spoiler]akku[/spoiler] gyazo.com(a gawker owned CDN) listverse.com livememe.com mangafox.me medium.com memecenter.com menshealth.com minecraftforum.net moddb.com newgrounds.com nexusmods.com nodejs.org omegle.com pennyarcade.com prntscr.com rockpapershotgun.com somethingaweful.com s[spoiler]pankbang[/spoiler] theregister.co.uk thisoldhouse.com tineye.com townhall.com washingtontimes.com weknowmemes.com whatculture.com whatismyip.com womenshealthmag.com thingiverse.com(big 3d printing project file sharing site) funnyjunk.com and of course, cloudfare.com. that is a lot of notable websites! if you have any sort of account on those websites, you should change your passwords immediately to the longest possible password you can for your own good.

Posting in language:

 

Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

View Entire Topic
You are not allowed to view this content.
;
preload icon
preload icon
preload icon