Change Your Passwords. Now.
Source: Gizmodo
A massive memory leak from web services and security company Cloudflare may have exposed user data for thousands of sites using the service. In other words: its time to change your passwords.
Theres lots left to discover about the impact of the leakagewhich is being called Cloudbleed, similar to the Heartbleed bug back in 2014. What we do know that makes this so worrisome is that some of the memory leaks, which may have included user data, was able to be cached by search engines. Once indexed, nefarious types may have scraped and stored that data.
Cloudbleed was discovered by Tavis Ormandy of Googles security analysist team Project Zero on February 18th. How it was found and patched, and what exactly was causing these leaks is exhaustively detailed by Cloudflare in a blog post. According to Cloudflare, the greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage.
...
Read more: http://gizmodo.com/cloudbleed-password-memory-leak-cloudflare-1792709635
The list is large.
There is a link in the story that you can select, but here is
the link
https://github.com/pirate/sites-using-cloudflare
DemocraticUnderground.com is NOT on the list.
Some notables that ARE ON the list:
glassdoor.com
fitbit.com
change.org
uber.com
yelp.com
just to name a few
dalton99a
(81,392 posts)klook
(12,151 posts)Good time to get a password management app for those who don't already have one. I use 1Password from AgileBits (Mac/iOS app), and have hundreds of strong passwords stored in an encrypted database on my hard drive.
I'm going to devote some quality time today and over the weekend updating them all - prioritizing the financial and other personal ones first.
aggiesal
(8,907 posts)dhill926
(16,314 posts)Liberalagogo
(1,770 posts)Rawstory doesn't use passwords to read, but it does uses Disqus to comment. But Disqus isn't on the list.
But Rawstory is, I 'm just not sure why.
dhill926
(16,314 posts)of course there are a lot of porn sites, so raw story....haha, who knows....
Ligyron
(7,616 posts)I've got to get an password managing app - but aren't those then hackable too?
Anyway, thanks for the warning
sarcasmo
(23,968 posts)Nothing is safe online.
Ligyron
(7,616 posts)Don't even know if they're out yet.
Then they'd have to rob you in person...
Hekate
(90,556 posts)Wounded Bear
(58,598 posts)randome
(34,845 posts)A researcher discovered a vulnerability, which is different than finding evidence of a data theft. The vulnerable data was in random memory chunks so the odds are vastly against any specific person's identifying info being compromised.
[hr][font color="blue"][center]The truth doesnt always set you free.
Sometimes it builds a bigger cage around the one youre already in.[/center][/font][hr]
LanternWaste
(37,748 posts)Ashley Madison was a fluke. No need to concern ourselves with site vulnerability. Saying anything else is mere melodrama by another, trendier word.
Right. Your concern for our idiocy is a bright light of yellow spectrum trickling down on all of us.
randome
(34,845 posts)There will never be a 100% safe means of making information available world-wide.
[hr][font color="blue"][center]The truth doesnt always set you free.
Sometimes it builds a bigger cage around the one youre already in.[/center][/font][hr]
haele
(12,640 posts)I suspect I know what the major target might have been...
Haele
sinkingfeeling
(51,438 posts)klook
(12,151 posts)Assessment from the company's Chief Technology Officer:
Here are some other articles about this bug:
- Cloudflare bug data leak exposed (BBC)
- Serious Cloudflare bug revealed secret user data from major websites (PC World)
- Cloudflare bug exposed passwords, other sensitive data from websites (IT World)
- Cloudflare found leaking customer HTTPS sessions for months (ZDNet)
- Massive Bug May Have Leaked User Data From Millions of Sites. So Change Your Passwords (Wired)
- Serious Cloudflare bug exposed a potpourri of secret customer data (Ars Technica)
- Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug (The Register)
- Major Cloudflare bug leaked sensitive data from customers websites (TechCrunch)
JudyM
(29,192 posts)womenshealthmag.co
Spin.com
Udemy.com
Zenhabits.net
And washingtontimes.com