* WalrusIRC

You need to have 5 posts and not be part of restricted usergroups in order to use the WalrusIRC embedded shoutbox. However, you can also access our IRC channel called #CodeWalrus via EFnet.

Author Topic: Cloudflare Vulnerability Found - Time to Change Passwords  (Read 1095 times)

0 Members and 1 Guest are viewing this topic.

Offline pimathbrainiac

  • Full User
  • Original 5
  • Join Date: Nov 2014
  • Location:
  • Posts: 418
  • Post Rating Ratio: +2/-1
  • Formerly Banned CW Co-Founder Turned News Editor
    • pimathbrainiac
    • View Profile
  • Gender: Other
Cloudflare Vulnerability Found - Time to Change Passwords
« on: February 24, 2017, 05:34:08 am »
Cloudflare has been compromised. It appears that someone has been exploiting a bug in Cloudflare to retrieve data in a manner similar to the heartbleed bug. Odds are, most of these sites have been affected, including other forums such as Omnimaga, so:

CHANGE YOUR PASSWORDS

(Incomplete) list of sites using Cloudflare: https://github.com/pirate/sites-using-cloudflare

Source: https://www.lifehacker.com.au/2017/02/cloudflare-cloudbleed-bug-exposes-sensitive-data-who-is-affected/


Well, I'm bach here too!

Offline bb010g

  • Full User
  • Safe-haven access
  • Join Date: Dec 2014
  • Location: Ellensburg, WA
  • Posts: 92
  • Post Rating Ratio: +1/-1
  • I do stuff
    • @bb010g
    • bb010g
    • /u/bb010g
    • bb010g
    • View Profile
  • Gender: Male
This is honestly a good time to change all of your passwords. No joke. Just set up password management software (if you want a solid free one, go with KeePass 2 (highly recommend also installing the SimpleDatabaseBackup plugin)), get comfortable, and change them. I'm doing all of mine Saturday morning.

Offline pimathbrainiac

  • Full User
  • Original 5
  • Join Date: Nov 2014
  • Location:
  • Posts: 418
  • Post Rating Ratio: +2/-1
  • Formerly Banned CW Co-Founder Turned News Editor
    • pimathbrainiac
    • View Profile
  • Gender: Other
Indeed. The number of sites (potentially) affected is staggering, and that essentially means no duplicate password is safe.
Well, I'm bach here too!

Online Juju

  • aka Yuki Kagayaki aka J̵̭͕͇ù̞̭̝̯̦j̴̭̙̗͖͡ù͏͓̲̕
  • CodeWalrus Staff
  • Super User
  • Server Maintenance
  • Moderator
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Inside a walrus
  • Posts: 2752
  • Post Rating Ratio: +17/-1
  • Couch potato
    • jul.savard
    • juju2143
    • @juju2143
    • juju2143
    • @julosoft
    • juju-kun
    • /u/juju2143
    • juju2143
    • View Profile
    • Juju's shed
  • Gender: Female
  • WalriiPoints: 99999
Yeah, things like that keeps happening, so guess we'll need to change our passwords rather often? Oh well.

Another thing to do, many sites offer two-factor authentication, you might use that as well.

Concerning CodeWalrus, we do use Cloudflare for our DNS, but we don't really use the other features, but I still changed the password as a precaution. Well, that and the fact my other sites are on that account and they're even more potentially vulnerable.

Oh, also on that note, SHA-1 has been cracked. So stop using SHA-1.
« Last Edit: February 24, 2017, 05:44:51 am by Juju »
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????:trollface:???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Online DJ Omnimaga

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Topic Management
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 17828
  • Post Rating Ratio: +89/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • View Profile
    • DJ Omnimaga music store
  • Gender: Male
This is bad. And CW is hosted on one of the affected site. I was gonna post a news about this after bb010g notified me but I wanted juju to change the site password first. Thankfully, as Juju said, CW doesn't use any Cloudflare service other than DNS, so I am unsure if it's affected as much as Omnimaga, for example.
  • Calculators owned: TI-73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)
??? ??? ??? ???

Offline bb010g

  • Full User
  • Safe-haven access
  • Join Date: Dec 2014
  • Location: Ellensburg, WA
  • Posts: 92
  • Post Rating Ratio: +1/-1
  • I do stuff
    • @bb010g
    • bb010g
    • /u/bb010g
    • bb010g
    • View Profile
  • Gender: Male
In this case, I would just assume every site on Cloudflare/using Cloudflare sites is vulnerable, which approximates to all of your passwords. (Cloudflare is pretty popular, and they only need to get one good high-level in before they've got other exploits inside sites.)

Online Juju

  • aka Yuki Kagayaki aka J̵̭͕͇ù̞̭̝̯̦j̴̭̙̗͖͡ù͏͓̲̕
  • CodeWalrus Staff
  • Super User
  • Server Maintenance
  • Moderator
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Inside a walrus
  • Posts: 2752
  • Post Rating Ratio: +17/-1
  • Couch potato
    • jul.savard
    • juju2143
    • @juju2143
    • juju2143
    • @julosoft
    • juju-kun
    • /u/juju2143
    • juju2143
    • View Profile
    • Juju's shed
  • Gender: Female
  • WalriiPoints: 99999
I have a bunch of vulnerable sites that uses the one feature that has been vulnerable on the CW account, so yeah.

Just saw a few of other sites (like Discord) telling their users to change their passwords, so yeah, you never know. Nothing is infallible and crypto can and will be cracked given enough CPU/GPU time. These technologies change crazy fast and it's kinda hard to keep up, especially on that field.
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????:trollface:???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Online DJ Omnimaga

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Topic Management
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 17828
  • Post Rating Ratio: +89/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • View Profile
    • DJ Omnimaga music store
  • Gender: Male
The crazy thing, though, is how many sites are affected. If you got accounts on hundreds of sites and forgot many of them then it's kinda problematic O.O
  • Calculators owned: TI-73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)
??? ??? ??? ???

Offline Streetwalrus

  • Professional slacker
  • CodeWalrus Staff
  • Super User
  • Server Maintenance
  • Original 5
  • Join Date: Nov 2014
  • Location: Israel
  • Posts: 2822
  • Post Rating Ratio: +20/-0
  • ƎW∀⅁ ƎH⊥
    • View Profile
  • Gender: Male
CW is NOT affected, as we don't use cloudflare's reverse proxy services, only their DNS. That holds true even if DO uses them.
  • Calculators owned: TI-80, HP 40G, TI-84 Plus rev G (yay 128k RAM), TI-83 Plus Silver Edition (broken LCD), TI-82 Stats.fr (black), TI-Nspire CX rev C (yay Nlaunchy), TI-83+ SE ViewScreen



Offline Sorunome

  • Full User
  • CodeWalrus Supporter
  • *
  • Safe-haven access
  • 2016 Yearly CW Project Winner
  • *
  • Join Date: Mar 2015
  • Location: Equestria
  • Posts: 151
  • Post Rating Ratio: +6/-0
  • Keep calm and fox on
    • @sorunome
    • @sorunome
    • /u/sorunome
    • Sorunome
    • 110/11005
    • View Profile
    • My Website
  • Gender: Female
On Omniamga if you had JS enabled and used the top login bar then your password was actually impossible to be compromised due to the additional password protection methods provided by my bcrypt mod, more on that here: https://ourl.ca/22448/405563
  • Calculators owned: Too many (why are you even reading this?)
  • Consoles, mobile devices and vintage computers owned: Gamebuino!
This is a signature.
And now......give me an internet!

To be or not to be.........is that even a question? Who gets to decide this anyways?

Online DJ Omnimaga

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Topic Management
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 17828
  • Post Rating Ratio: +89/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • View Profile
    • DJ Omnimaga music store
  • Gender: Male
Actually, CW uses that mod too so even if we used Cloudflare this would have protected us as much as on Omni. Thanks for that mod by the way. Despite the horror show that was the replies you got for that mod on SMF (two of their team members seem to think that paper, VHS tapes and Sears are the future in terms of innovation, if you get what I mean, and they censor or lash out at anyone suggesting otherwise), it will help in the long run considering how long it might take before SMF 2.1 comes out and it's better to be safe than sorry.
  • Calculators owned: TI-73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)
??? ??? ??? ???

Offline gameblabla

  • Super User
  • Join Date: May 2015
  • Location:
  • Posts: 630
  • Post Rating Ratio: +10/-6
  • TI-nspire porter
    • View Profile
f*** cloudflare seriously.
I hate it because they unfairly blocked Tor users for no reasons and i warned people it was a man-in-the-middle service that could go against them
should it be compromised.
And here we are...

I urge all websites to get rid of it (including codewalrus and omnimaga).
  • Calculators owned: TI Nspire CX, TI-89

Offline p2

  • CodeWalrus Staff
  • Super User
  • Moderator
  • CodeWalrus Supporter
  • *
  • Join Date: Aug 2016
  • Location: Germany
  • Posts: 1999
  • Post Rating Ratio: +7/-0
  • *Wubba lubba dub dub*
    • KaliPhobos
    • View Profile
  • Gender: Male
codewalrus doesnt use it, only Omnimaga does. But otherwise I agree :)
  • Calculators owned: ti-83+, ti-84+, ti-84+, ti-84+se, ti-84+se(te), ti-nsphire, ti-nsphire CX-CAS, ti-voyage, ti-voyage, Who reads this list anyways...?
Anyway war sucks. Just bring us your food instead of missiles  :P ~ DJ Omnimaga (11.10.2016 20:21:48)
if you cant get a jframe set up, draw stuff to it, and receive input, i can only imagine how horrible your game code is _._   ~ c4ooo (14.11.2016 22:44:07)
If they pull a Harambe on me tell my family I love them ~ u/Pwntear37d (AssangeWatch /r/)
make Walrii great again ~ DJ Omnimaga (28.11.2016 23:01:31)
God invented the pc, satan the smartphone I guess ~ p4nix (16.02.2017 22:51:49)

Offline Sorunome

  • Full User
  • CodeWalrus Supporter
  • *
  • Safe-haven access
  • 2016 Yearly CW Project Winner
  • *
  • Join Date: Mar 2015
  • Location: Equestria
  • Posts: 151
  • Post Rating Ratio: +6/-0
  • Keep calm and fox on
    • @sorunome
    • @sorunome
    • /u/sorunome
    • Sorunome
    • 110/11005
    • View Profile
    • My Website
  • Gender: Female
codewalrus doesnt use it, only Omnimaga does. But otherwise I agree :)
CW uses it for DNS, though......

@Juju why is that even the case?
  • Calculators owned: Too many (why are you even reading this?)
  • Consoles, mobile devices and vintage computers owned: Gamebuino!
This is a signature.
And now......give me an internet!

To be or not to be.........is that even a question? Who gets to decide this anyways?

Online DJ Omnimaga

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Topic Management
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 17828
  • Post Rating Ratio: +89/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • View Profile
    • DJ Omnimaga music store
  • Gender: Male
I forgot why myself. IIRC juju had a good readon at the time but it has been 2 years

Cloudfkare is only good if you're getting frequently hit by DDoS attacks
  • Calculators owned: TI-73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)
??? ??? ??? ???

 


You can also use the following HTML or bulletin board code to share it on your page or forum signature!


Also do not forget to check our affiliates below.
Planet Casio TI-Planet Calc.news BroniesQC BosaikNet Velocity Games