Welcome Guest [Log In] [Register]
Add Reply
CHANGE YOUR PASSWORDS NOW (NOT A JOKE)
Topic Started: Feb 25 2017, 12:41 AM (44 Views)
Blackseal
Member Avatar
Human Warlock
[ *  *  * ]
Zetaboards.com is one of the sites compromised by the recent Cloudflare memory leak.

I know over the years I come here and screw around but this post is 100% serious.

If you are using your login/password information on this site any where else on the internet you NEED to change it here and every where NOW!

https://github.com/pirate/sites-using-cloudflare

Quote:
 
Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months.

Requests to sites with the HTML rewrite features enabled triggered a pointer math bug. Once the bug was triggered the response would include data from ANY other Cloudflare proxy customer that happened to be in memory at the time. Meaning a request for a page with one of those features could include data from Uber or one of the many other customers that didn't use those features. So the potential impact is every single one of the sites using Cloudflare's proxy services (including HTTP & HTTPS proxy).

"The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests), potential of 100k-200k paged with private data leaked every day" -- source

You can see some of the leaked data yourself in search engine caches: https://duckduckgo.com/?q=+%7B%22scheme%22%3A%22http%22%7D+CF-Host-Origin-IP&t=h_&ia=web

Confirmed affected domains found in the wild: http://doma.io/2017/02/24/list-of-affected-cloudbleed-domains.html


At the above link is a FULL LIST of over 4 million effected sites. Zetaboards.com is in that list.

This does NOT mean you have been compromised 100% by any means. It just means that your info *could potentially* be "out there". Its probably a very small
chance but any chance at all IMO is too large to ignore.

Do yourself a favour and change your password to this site and any other sites that you use that same login/password information. Better safe than sorry!

If you think Im making this up here a copy/paste of my grep from the list of over 4 million sites POSSIBLY compromised:

/Users/blackseal/Desktop:>grep zetaboards sorted_unique_cf.txt
zetaboards.com
/Users/blackseal/Desktop:>


Offline Profile Quote Post Goto Top
 
Guest
Unregistered

:icon_wink:
Quote Post Goto Top
 
Blackseal
Member Avatar
Human Warlock
[ *  *  * ]
Guest
Feb 25 2017, 01:00 AM
:icon_wink:
I dont even understand this reply. Did you even go to the link I posted and read about it yourself or are you not smart enough to? :2dunno:
Offline Profile Quote Post Goto Top
 
THIS
Unregistered

DO THIS
Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · Time Out · Next Topic »
Add Reply