Results 1 to 3 of 3

Thread: CloudBleed

  1. #1
    Senior Member
    Join Date
    Apr 2013
    Location
    Russia
    Posts
    240

    Exclamation CloudBleed

    Do we need to change passwords on this and other affected sites (metabans) ?

    This is regarding a recent vulnerability exposed in Cloudflare's infrastructure. For months now, there has been a vulernerability that allowed data transmitted between Cloudflare's proxy servers and the target server to be exposed.

    Affected sites can be found in this list:
    https://github.com/pirate/sites-using-cloudflare


    Sources:
    https://bugs.chromium.org/p/project-...detail?id=1139
    https://blog.cloudflare.com/incident...re-parser-bug/
    https://www.reddit.com/r/sysadmin/co...flare_reverse/

    Cloudflare is now finding a solution for this, for now just keep safe.
    Last edited by Chilace; 24-02-2017 at 11:15.

  2. #2
    The one and only Bassyboy
    Join Date
    Jul 2010
    Location
    Netherlands
    Posts
    3,274
    Just reading up on this clusterfuck... and I would say: better safe than sorry and change passwords

    Although chances are very small your personal info was cached:

    An additional problem was that Google (and other search engines) had cached some of the leaked memory through their normal crawling and caching processes. We wanted to ensure that this memory was scrubbed from search engine caches before the public disclosure of the problem so that third-parties would not be able to go hunting for sensitive information.


    Our natural inclination was to get news of the bug out as quickly as possible, but we felt we had a duty of care to ensure that search engine caches were scrubbed before a public announcement.

    The infosec team worked to identify URIs in search engine caches that had leaked memory and get them purged. With the help of Google, Yahoo, Bing and others, we found 770 unique URIs that had been cached and which contained leaked memory. Those 770 unique URIs covered 161 unique domains. The leaked memory has been purged with the help of the search engines.
    Souce: https://blog.cloudflare.com/incident...re-parser-bug/
    I won't do support via PM: if you need help, make a topic on the public forums.

  3. #3
    Senior Member
    Join Date
    Apr 2013
    Location
    Russia
    Posts
    240
    That list so big
    Change Passwords take a whole day

    This extension will help to check your bookmarks:
    https://chrome.google.com/webstore/d...ihhdeibdfnedii
    Source: https://github.com/rickdmer/cloudbleed-bookmark-checker
    Last edited by Chilace; 24-02-2017 at 13:10.

 

 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •