News Cloudflare hit by major security vulnerability

Discussion in 'Article Discussion' started by Gareth Halfacree, 24 Feb 2017.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    18,056
    Likes Received:
    8,122
    Gareth Halfacree, 24 Feb 2017
    #1
  2. Mr_Mistoffelees

    Mr_Mistoffelees The Bit-Tech Cat. New Improved Version.

    Joined:
    26 Aug 2014
    Posts:
    5,930
    Likes Received:
    3,112
    How would I go about checking to see if "secure" sites, I have given personal information to, use Cloudflare hosting?
     
    Mr_Mistoffelees, 24 Feb 2017
    #2
  3. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    18,056
    Likes Received:
    8,122
    There's a list of them here, but bear in mind not all the sites listed may have been affected - some may only be using Cloudflare on certain subdomains and not others (like using it as a CDN for images but sending important traffic straight to the real server.)
     
    Gareth Halfacree, 24 Feb 2017
    #3
  4. jb0

    jb0 Minimodder

    Joined:
    8 Apr 2012
    Posts:
    555
    Likes Received:
    93
    Well, no one uses Cloudflare hosting, because Cloudflare doesn't offer hosting. But you almost certainly visit a few sites that use the services Cloudflare DOES offer. Because darn near everyone uses Cloudflare. Everything from Fitbit to 4chan.
     
    jb0, 24 Feb 2017
    #4
  5. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    18,056
    Likes Received:
    8,122
    Point of fact, m'learned friend: Cloudflare does offer hosting, 'cos it's a content delivery network (CDN) at its heart. You can't host an entire website on it, to be sure, but its primary function is to take commonly-requested static files on your host and move 'em onto Cloudflare servers throughout the world as a means of A) making things faster for visitors from afar and 2) saving you bandwidth.

    Sure, you wouldn't describe it as a 'web host,' but equally to say it doesn't offer hosting ain't quite right neither.
     
    Gareth Halfacree, 24 Feb 2017
    #5
  6. jb0

    jb0 Minimodder

    Joined:
    8 Apr 2012
    Posts:
    555
    Likes Received:
    93
    I stand corrected. Point grudgingly conceded.

    Incidentally, I was swinging back by to add a Github link where someone is trying to assemble a list of everyone using Cloudflare. (As well as a Cliffs Notes version that just lists the Alexa top 10000 sites, since no one's got time to read all five million URLs).
    https://github.com/pirate/sites-using-cloudflare/blob/master/README.md
     
    jb0, 24 Feb 2017
    #6
  7. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    18,056
    Likes Received:
    8,122
    Gareth Halfacree, 24 Feb 2017
    #7
  8. jb0

    jb0 Minimodder

    Joined:
    8 Apr 2012
    Posts:
    555
    Likes Received:
    93
    I... yes, I do. My only excuse is that it was very late for me.

    Excuse me while I hang my head in abject shame.
     
    jb0, 25 Feb 2017
    #8
  9. mi1ez

    mi1ez Modder

    Joined:
    11 Jun 2009
    Posts:
    1,683
    Likes Received:
    138
    Yeah, we were watching this unfold at work!
     
    mi1ez, 26 Feb 2017
    #9
  10. ZeDestructor

    ZeDestructor Minimodder

    Joined:
    24 Feb 2010
    Posts:
    226
    Likes Received:
    4
    At that point though, there's a good argument to be made to just change all your affected passwords.

    ...I have over 600 of the bloody things to check, and at least 100 to change...

    urgh:wallbash:
     
    ZeDestructor, 26 Feb 2017
    #10
Tags: Edit

Share This Page