1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cloudflare shennigans

Discussion in 'Hardware and Software' started by Clawness, Feb 27, 2017.

  1. Clawness

    Clawness Server Admin

    Joined:
    Oct 24, 2012
    Posts:
    1,343
    Roleplay name:
    Robert Wolf
    Hey,

    https://github.com/pirate/sites-using-cloudflare

    Just a quote here: Between 2016-09-22 - 2017-02-18 session tokens, passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters.

    As me and a team at the company were browsing the list of the recent rather big leak by cloudflare, to compile a list for our less technology oriented co-workers, I also ran into chronet.com on line 799873.

    There is a slight possibility that this bug/leak put your details in danger, among with a ton of other websites.
    Just wanted to put it out here for people to be aware, and perhaps look at the list themselves (easiest on linux using grep commands on the file sorted_unique_cf.txt. There is no guarantee that for instance your login details were stolen in the time period but just wanted to create awareness for it.
     
    • Informative Informative x 1
  2. Jack Traid

    Jack Traid Server Admin

    Joined:
    Jun 22, 2016
    Posts:
    494
    Roleplay name:
    Jack Traid
    Just want to add, that Discord was there for all of those who use it, so this DOES apply.
    But yeah, most websites I use have cloudflare. Waiting for one of my 2 step services to flag an alternate device logging in and doing stuff.
     
  3. Brunnea

    Brunnea Well-Known Member

    Joined:
    Jun 25, 2016
    Posts:
    1,450
    Roleplay name:
    Nisha Clarke
    I went through the list(partially) when the leak was announced in a half-asleep state.
    Slightly worried that one little thing being used by everyone can end up doing something like this.
     
  4. SomeRandomGuy

    SomeRandomGuy Active Member

    Joined:
    Aug 2, 2016
    Posts:
    330
    Roleplay name:
    Seymour Jackson
    The list is of all sites that use cloudflare not ones affected so they could or could not be affected.
     
  5. Clawness

    Clawness Server Admin

    Joined:
    Oct 24, 2012
    Posts:
    1,343
    Roleplay name:
    Robert Wolf
    Hence why I state that there is the slight possibility of it having happened :p.
    Just wanted to put it up as a reminder, that when for instance you suddenly get a request from a verification app or something, you might want to look to other places you use the same password. Believe the chance of being fucked by this leak, was below 1%, but heck, it is still something to consider.
     
    • Agree Agree x 3