You can help CodeWalrus stay online by donating here. | New CodeWalrus | Old (dark mode) | Old (light) | Discord server
1 2 »
0
b/Website Talk publicado por u/pimathbrainiac February 24, 2017, 05:34:08 AM
Cloudflare has been compromised. It appears that someone has been exploiting a bug in Cloudflare to retrieve data in a manner similar to the heartbleed bug. Odds are, most of these sites have been affected, including other forums such as Omnimaga, so:

CHANGE YOUR PASSWORDS

(Incomplete) list of sites using Cloudflare: https://github.com/pirate/sites-using-cloudflare

Source: https://www.lifehacker.com.au/2017/02/cloudflare-cloudbleed-bug-exposes-sensitive-data-who-is-affected/
21 Replies 21 Views
Inicia sesión o crea una cuenta para dejar un comentario
Sign up Log in
u/bb010g February 24, 2017, 05:37:05 AM
This is honestly a good time to change all of your passwords. No joke. Just set up password management software (if you want a solid free one, go with KeePass 2 (highly recommend also installing the SimpleDatabaseBackup plugin)), get comfortable, and change them. I'm doing all of mine Saturday morning.
0
u/pimathbrainiac February 24, 2017, 05:38:25 AM
Indeed. The number of sites (potentially) affected is staggering, and that essentially means no duplicate password is safe.
0
u/Yuki February 24, 2017, 05:41:25 AM
Yeah, things like that keeps happening, so guess we'll need to change our passwords rather often? Oh well.

Another thing to do, many sites offer two-factor authentication, you might use that as well.

Concerning CodeWalrus, we do use Cloudflare for our DNS, but we don't really use the other features, but I still changed the password as a precaution. Well, that and the fact my other sites are on that account and they're even more potentially vulnerable.

Oh, also on that note, SHA-1 has been cracked. So stop using SHA-1.
Last Edit: February 24, 2017, 05:44:51 AM by Juju
0
u/Dream of Omnimaga February 24, 2017, 05:55:15 AM
This is bad. And CW is hosted on one of the affected site. I was gonna post a news about this after bb010g notified me but I wanted juju to change the site password first. Thankfully, as Juju said, CW doesn't use any Cloudflare service other than DNS, so I am unsure if it's affected as much as Omnimaga, for example.
0
u/bb010g February 24, 2017, 06:06:44 AM
In this case, I would just assume every site on Cloudflare/using Cloudflare sites is vulnerable, which approximates to all of your passwords. (Cloudflare is pretty popular, and they only need to get one good high-level in before they've got other exploits inside sites.)
0
u/Yuki February 24, 2017, 06:17:13 AM
I have a bunch of vulnerable sites that uses the one feature that has been vulnerable on the CW account, so yeah.

Just saw a few of other sites (like Discord) telling their users to change their passwords, so yeah, you never know. Nothing is infallible and crypto can and will be cracked given enough CPU/GPU time. These technologies change crazy fast and it's kinda hard to keep up, especially on that field.
0
u/Dream of Omnimaga February 24, 2017, 06:18:06 AM
The crazy thing, though, is how many sites are affected. If you got accounts on hundreds of sites and forgot many of them then it's kinda problematic O.O
0
u/novenary February 24, 2017, 09:24:48 AM
CW is NOT affected, as we don't use cloudflare's reverse proxy services, only their DNS. That holds true even if DO uses them.
0
u/Sorunome February 24, 2017, 06:27:36 PM
On Omniamga if you had JS enabled and used the top login bar then your password was actually impossible to be compromised due to the additional password protection methods provided by my bcrypt mod, more on that here: https://ourl.ca/22448/405563
0
u/Dream of Omnimaga February 25, 2017, 05:05:12 AM
Actually, CW uses that mod too so even if we used Cloudflare this would have protected us as much as on Omni. Thanks for that mod by the way. Despite the horror show that was the replies you got for that mod on SMF (two of their team members seem to think that paper, VHS tapes and Sears are the future in terms of innovation, if you get what I mean, and they censor or lash out at anyone suggesting otherwise), it will help in the long run considering how long it might take before SMF 2.1 comes out and it's better to be safe than sorry.
0
u/gameblabla February 26, 2017, 06:17:58 PM
c cloudflare seriously.
I hate it because they unfairly blocked Tor users for no reasons and i warned people it was a man-in-the-middle service that could go against them
should it be compromised.
And here we are...

I urge all websites to get rid of it (including codewalrus and omnimaga).
0
u/p2 February 26, 2017, 07:03:58 PM
codewalrus doesnt use it, only Omnimaga does. But otherwise I agree :)
0
u/Sorunome February 26, 2017, 07:05:37 PM
Quote from: p2 on February 26, 2017, 07:03:58 PM
codewalrus doesnt use it, only Omnimaga does. But otherwise I agree :)
CW uses it for DNS, though......

@Juju why is that even the case?
0
u/Dream of Omnimaga February 26, 2017, 07:30:41 PM
I forgot why myself. IIRC juju had a good readon at the time but it has been 2 years

Cloudfkare is only good if you're getting frequently hit by DDoS attacks
0
1 2 »
Start a Discussion

b/Website Talk

Site-related feedback and discussion can be posted here.

107
Topics
Explore Board
Website statistics


MyCalcs | Ticalc.org | Cemetech | Omnimaga | TI-Basic Developer | MaxCoderz | TI-Story | Casiocalc.org | Casiopeia | The Museum of HP Calculators | HPCalc.org | CnCalc.org | Music 2000 Community | TI Education | Casio Education | HP Calcs | NumWorks | SwissMicros | Sharp Calculators
Powered by EzPortal