Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Latest Breaking News»Change Your Passwords. No...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Latest Breaking News

Related: General Discussion, Editorials & Other Articles

aggiesal

(8,907 posts) Fri Feb 24, 2017, 11:52 AM Feb 2017

Change Your Passwords. Now.

Source: Gizmodo

A massive memory leak from web services and security company Cloudflare may have exposed user data for thousands of sites using the service. In other words: its time to change your passwords.

Theres lots left to discover about the impact of the leakagewhich is being called Cloudbleed, similar to the Heartbleed bug back in 2014. What we do know that makes this so worrisome is that some of the memory leaks, which may have included user data, was able to be cached by search engines. Once indexed, nefarious types may have scraped and stored that data.

Cloudbleed was discovered by Tavis Ormandy of Googles security analysist team Project Zero on February 18th. How it was found and patched, and what exactly was causing these leaks is exhaustively detailed by Cloudflare in a blog post. According to Cloudflare, the greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage.

...

Read more: http://gizmodo.com/cloudbleed-password-memory-leak-cloudflare-1792709635


The list is large.
There is a link in the story that you can select, but here is
the link
https://github.com/pirate/sites-using-cloudflare

DemocraticUnderground.com is NOT on the list.

Some notables that ARE ON the list:
glassdoor.com
fitbit.com
change.org
uber.com
yelp.com

just to name a few
InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 18 replies, 5197 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (26) ReplyReply to this post
18 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Change Your Passwords. Now. (Original Post) aggiesal Feb 2017 OP
Kick. dalton99a Feb 2017 #1
Thank you. klook Feb 2017 #2
I use KEEPER, myself n/t aggiesal Feb 2017 #10
rawstory.com on there as well... dhill926 Feb 2017 #3
Rawstory Liberalagogo Feb 2017 #9
yep, just saw it there.... dhill926 Feb 2017 #11
Oh no,not this again Ligyron Feb 2017 #4
Keep my passwords in my phone contacts, guess I could loose the phone. sarcasmo Feb 2017 #7
You could get one of those thumbprint ID phones. Ligyron Feb 2017 #15
Aargh. KnR Hekate Feb 2017 #5
K & R ......for visibility..nt Wounded Bear Feb 2017 #6
Oh, please, this is all a little hyperbolic. randome Feb 2017 #8
Your concern for our idiocy is a bright light of yellow spectrum trickling down on all of us. LanternWaste Feb 2017 #13
Who said not to be concerned? Identify the vulnerability and fix it. Just another day in the week. randome Feb 2017 #14
Interesting - a lot of bitcoin sites are on the list, along with gaming sites. haele Feb 2017 #12
If Google and DU aren't on the list, I'm safe. sinkingfeeling Feb 2017 #16
Just so people understand this a little better... klook Feb 2017 #17
A handful more sites folks might use include moveon.com, runnersworld.com, thisoldhouse.com, JudyM Feb 2017 #18

klook

(12,151 posts)
2. Thank you.
Reply to aggiesal (Original post)
Fri Feb 24, 2017, 11:58 AM
Feb 2017

Good time to get a password management app for those who don't already have one. I use 1Password from AgileBits (Mac/iOS app), and have hundreds of strong passwords stored in an encrypted database on my hard drive.

I'm going to devote some quality time today and over the weekend updating them all - prioritizing the financial and other personal ones first.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

Liberalagogo

(1,770 posts)
9. Rawstory
Reply to dhill926 (Reply #3)
Fri Feb 24, 2017, 12:23 PM
Feb 2017

Rawstory doesn't use passwords to read, but it does uses Disqus to comment. But Disqus isn't on the list.
But Rawstory is, I 'm just not sure why.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

dhill926

(16,314 posts)
11. yep, just saw it there....
Reply to Liberalagogo (Reply #9)
Fri Feb 24, 2017, 12:27 PM
Feb 2017

of course there are a lot of porn sites, so raw story....haha, who knows....

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Ligyron

(7,616 posts)
4. Oh no,not this again
Reply to aggiesal (Original post)
Fri Feb 24, 2017, 12:02 PM
Feb 2017

I've got to get an password managing app - but aren't those then hackable too?

Anyway, thanks for the warning

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Ligyron

(7,616 posts)
15. You could get one of those thumbprint ID phones.
Reply to sarcasmo (Reply #7)
Fri Feb 24, 2017, 02:21 PM
Feb 2017

Don't even know if they're out yet.

Then they'd have to rob you in person...

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

randome

(34,845 posts)
8. Oh, please, this is all a little hyperbolic.
Reply to aggiesal (Original post)
Fri Feb 24, 2017, 12:19 PM
Feb 2017

A researcher discovered a vulnerability, which is different than finding evidence of a data theft. The vulnerable data was in random memory chunks so the odds are vastly against any specific person's identifying info being compromised.
[hr][font color="blue"][center]The truth doesn’t always set you free.
Sometimes it builds a bigger cage around the one you’re already in.[/center][/font][hr]

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

LanternWaste

(37,748 posts)
13. Your concern for our idiocy is a bright light of yellow spectrum trickling down on all of us.
Reply to randome (Reply #8)
Fri Feb 24, 2017, 12:44 PM
Feb 2017

Ashley Madison was a fluke. No need to concern ourselves with site vulnerability. Saying anything else is mere melodrama by another, trendier word.


Right. Your concern for our idiocy is a bright light of yellow spectrum trickling down on all of us.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

randome

(34,845 posts)
14. Who said not to be concerned? Identify the vulnerability and fix it. Just another day in the week.
Reply to LanternWaste (Reply #13)
Fri Feb 24, 2017, 01:11 PM
Feb 2017

There will never be a 100% safe means of making information available world-wide.
[hr][font color="blue"][center]The truth doesn’t always set you free.
Sometimes it builds a bigger cage around the one you’re already in.[/center][/font][hr]

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

haele

(12,640 posts)
12. Interesting - a lot of bitcoin sites are on the list, along with gaming sites.
Reply to aggiesal (Original post)
Fri Feb 24, 2017, 12:30 PM
Feb 2017

I suspect I know what the major target might have been...

Haele

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

klook

(12,151 posts)
17. Just so people understand this a little better...
Reply to aggiesal (Original post)
Fri Feb 24, 2017, 03:01 PM
Feb 2017
Cloudflare is a provider of internet content optimization and security used very widely on many web sites. Among their services is protection from Distributed Denial of Service (DDOS) attacks. I've used Cloudflare myself on WordPress sites I've built. It's good for speeding up content delivery and giving administrators peace of mind. A lot of data passes from users through Cloudflare to web sites and back.

Assessment from the company's Chief Technology Officer:
“With the help of Google, Yahoo, Bing and others, we found 770 unique URIs that had been cached and which contained leaked memory,” said John Graham-Cumming, Cloudflare’s CTO, in a blog post. “Those 770 unique URIs covered 161 unique domains.” A URI (Uniform Resource Identifier) is a character string that identifies a resource on the web, and is sometimes used interchangeably with the term URL (Universal Resource Locator).
(PC World article - see link below)

Here are some other articles about this bug:
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

JudyM

(29,192 posts)
18. A handful more sites folks might use include moveon.com, runnersworld.com, thisoldhouse.com,
Reply to aggiesal (Original post)
Fri Feb 24, 2017, 04:46 PM
Feb 2017

womenshealthmag.co
Spin.com
Udemy.com
Zenhabits.net

And washingtontimes.com

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»Latest Breaking News»Change Your Passwords. No...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.