1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Cloudflare hit by major security vulnerability

Discussion in 'Article Discussion' started by Gareth Halfacree, 24 Feb 2017.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,540
    Likes Received:
    1,350
  2. Mr_Mistoffelees

    Mr_Mistoffelees The Lunatic on the Grass.

    Joined:
    26 Aug 2014
    Posts:
    1,601
    Likes Received:
    236
    How would I go about checking to see if "secure" sites, I have given personal information to, use Cloudflare hosting?
     
  3. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,540
    Likes Received:
    1,350
    There's a list of them here, but bear in mind not all the sites listed may have been affected - some may only be using Cloudflare on certain subdomains and not others (like using it as a CDN for images but sending important traffic straight to the real server.)
     
  4. jb0

    jb0 Active Member

    Joined:
    8 Apr 2012
    Posts:
    393
    Likes Received:
    42
    Well, no one uses Cloudflare hosting, because Cloudflare doesn't offer hosting. But you almost certainly visit a few sites that use the services Cloudflare DOES offer. Because darn near everyone uses Cloudflare. Everything from Fitbit to 4chan.
     
  5. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,540
    Likes Received:
    1,350
    Point of fact, m'learned friend: Cloudflare does offer hosting, 'cos it's a content delivery network (CDN) at its heart. You can't host an entire website on it, to be sure, but its primary function is to take commonly-requested static files on your host and move 'em onto Cloudflare servers throughout the world as a means of A) making things faster for visitors from afar and 2) saving you bandwidth.

    Sure, you wouldn't describe it as a 'web host,' but equally to say it doesn't offer hosting ain't quite right neither.
     
  6. jb0

    jb0 Active Member

    Joined:
    8 Apr 2012
    Posts:
    393
    Likes Received:
    42
    I stand corrected. Point grudgingly conceded.

    Incidentally, I was swinging back by to add a Github link where someone is trying to assemble a list of everyone using Cloudflare. (As well as a Cliffs Notes version that just lists the Alexa top 10000 sites, since no one's got time to read all five million URLs).
    https://github.com/pirate/sites-using-cloudflare/blob/master/README.md
     
  7. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,540
    Likes Received:
    1,350
  8. jb0

    jb0 Active Member

    Joined:
    8 Apr 2012
    Posts:
    393
    Likes Received:
    42
    I... yes, I do. My only excuse is that it was very late for me.

    Excuse me while I hang my head in abject shame.
     
  9. mi1ez

    mi1ez Active Member

    Joined:
    11 Jun 2009
    Posts:
    1,418
    Likes Received:
    16
    Yeah, we were watching this unfold at work!
     
  10. ZeDestructor

    ZeDestructor Member

    Joined:
    24 Feb 2010
    Posts:
    226
    Likes Received:
    4
    At that point though, there's a good argument to be made to just change all your affected passwords.

    ...I have over 600 of the bloody things to check, and at least 100 to change...

    urgh:wallbash:
     

Share This Page