1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cloudflare shennigans

Discussion in 'Hardware and Software' started by Clawness, Feb 27, 2017.

  1. Clawness

    Clawness Server Admin

    Joined:
    Oct 24, 2012
    Posts:
    1,345
    Roleplay name:
    Robert Wolf
    Hey,

    https://github.com/pirate/sites-using-cloudflare

    Just a quote here: Between 2016-09-22 - 2017-02-18 session tokens, passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters.

    As me and a team at the company were browsing the list of the recent rather big leak by cloudflare, to compile a list for our less technology oriented co-workers, I also ran into chronet.com on line 799873.

    There is a slight possibility that this bug/leak put your details in danger, among with a ton of other websites.
    Just wanted to put it out here for people to be aware, and perhaps look at the list themselves (easiest on linux using grep commands on the file sorted_unique_cf.txt. There is no guarantee that for instance your login details were stolen in the time period but just wanted to create awareness for it.
     
  2. Jack Traid

    Jack Traid Server Admin

    Joined:
    Jun 22, 2016
    Posts:
    719
    Roleplay name:
    Jack Traid
    Just want to add, that Discord was there for all of those who use it, so this DOES apply.
    But yeah, most websites I use have cloudflare. Waiting for one of my 2 step services to flag an alternate device logging in and doing stuff.
     
  3. Brunnea

    Brunnea Retired Staff Member

    Joined:
    Jun 25, 2016
    Posts:
    2,225
    Roleplay name:
    Dumb Broad
    I went through the list(partially) when the leak was announced in a half-asleep state.
    Slightly worried that one little thing being used by everyone can end up doing something like this.
     
  4. Clorox Bleach

    Clorox Bleach Well-Known Member

    Joined:
    Aug 2, 2016
    Posts:
    715
    Roleplay name:
    Osama Gambino
    The list is of all sites that use cloudflare not ones affected so they could or could not be affected.
     
  5. Clawness

    Clawness Server Admin

    Joined:
    Oct 24, 2012
    Posts:
    1,345
    Roleplay name:
    Robert Wolf
    Hence why I state that there is the slight possibility of it having happened :p.
    Just wanted to put it up as a reminder, that when for instance you suddenly get a request from a verification app or something, you might want to look to other places you use the same password. Believe the chance of being fucked by this leak, was below 1%, but heck, it is still something to consider.