Kobayashi

Change your passwords

8 posts in this topic

It appears Cloudflare had a bit of a SSL/TLS leak going on, unfortunately this site may be one that is affected by it:

https://github.com/pirate/sites-using-cloudflare

Quote

Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months.

Requests to sites with the HTML rewrite features enabled triggered a pointer math bug. Once the bug was trigerred the response would include data from ANY other cloudfare proxy customer that happened to be in memory at the time. Meaning a request for a page with one of those features could include data from Uber or one of the many other customers that didn't use those features. So the potential impact is every single one of the sites using CloudFare's proxy services (including HTTP & HTTPS proxy).

"The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests), potential of 100k-200k paged with private data leaked every day" -- source

 

Share this post


Link to post
Share on other sites

battlemetrics.com and gametracker.com were also affected.

Edited by Kobayashi

Share this post


Link to post
Share on other sites
Advertisement

It only affects people that were targeted. However I doubt exilemod is affected in that leak. But it is better to be safe then sorry. This is why i love 2FA :P

2 people like this

Share this post


Link to post
Share on other sites

pff, it's not like my password is already leaked anyways... yahoooooooooooooooo ¬¬

Share this post


Link to post
Share on other sites

Just a note, you are "probably" safe if using steam authentication anyway, since no passwords are actually passed over :)

Share this post


Link to post
Share on other sites
8 hours ago, Kobayashi said:

battlemetrics.com and gametracker.com were also affected.

I don't see battlemetrics in the list.

Edited by BetterDeadThanZed

Share this post


Link to post
Share on other sites
16 minutes ago, BetterDeadThanZed said:

I don't see battlemetrics in the list.

It is there.

41b04ed9131d90a4ec3cd1f6f28d9622.png

Share this post


Link to post
Share on other sites
24 minutes ago, BetterDeadThanZed said:

I don't see battlemetrics in the list.

If it uses CF its safe to consider its affected.... It was a problem with CF, not the site itself.

Edited by KamikazeXeX

Share this post


Link to post
Share on other sites
Advertisement

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.