|
|
|
|
|
|
|
|
|
|
|
TalkImg was created especially for hosting images on bitcointalk.org: try it next time you want to post an image
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
RoommateAgreement
|
 |
February 24, 2017, 04:04:26 AM |
|
Since Bitcointalk uses Cloudfare
bitcointalk has never been using cloudflare and is not using cloudflare now either. funny thing is that people have always been suggesting to Theymos to go to cloudflare and they always denied because of security reasons. now we can see one of them. |
Buying the dip...
|
|
|
Spoetnik
Legendary
 Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
|
February 24, 2017, 05:51:23 AM |
|
Since Bitcointalk uses Cloudfare
bitcointalk has never been using cloudflare and is not using cloudflare now either. funny thing is that people have always been suggesting to Theymos to go to cloudflare and they always denied because of security reasons. now we can see one of them. Agreed. And another reason maybe privacy too.. There has been TOR issues with Cloudflare i think. But mostly i think theymos wanted full control.. and he rightly so should considering the target this place is. |
FUD first & ask questions later™ |
|
|
Kakmakr
Legendary
Offline
Activity: 3444
Merit: 1957
Leading Crypto Sports Betting & Casino Platform
|
|
February 24, 2017, 06:09:09 AM |
|
Since Bitcointalk uses Cloudfare
bitcointalk has never been using cloudflare and is not using cloudflare now either. funny thing is that people have always been suggesting to Theymos to go to cloudflare and they always denied because of security reasons. now we can see one of them. Yes, we had a site running behind Cloudflare and we got hacked 3 times in 2 years. You get a false sense of security, when you use them and you think you are bullet proof. I am glad this forum decided not to use them, because it will keep the admins on their toes. Most "hacks" are done through social engineering and fooling the employees working for Cloudflare. |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|
davis196
|
|
February 24, 2017, 12:40:50 PM |
|
Localbitcoins uses Cloudflare and there might be some risk for people`s accounts but i`m not that concerned. I don`t have bitcoins in my LBC wallet right now.  I don`t know what is the relation between Cloudflare being hacked and Bitcointalk accounts security? |
|
|
|
Hydrogen
Legendary
Offline
Activity: 2562
Merit: 1441
|
|
February 24, 2017, 12:52:07 PM |
|
Does cloudflare store one-way-hashed passwords or plain text?
I don't know if there are collision or other vulnerabilities for one way hashes, which is what should be stored if standard security is followed.
The breach could be nothing to worry about.
Thanks for the info btw. I changed my password just in case.
|
|
|
|
|
|
asdalani
|
|
February 24, 2017, 12:52:32 PM |
|
People should've known better to have a 3rd party do the security of their websites.
|
|
|
|
|
Kray
|
|
February 24, 2017, 12:54:06 PM |
|
Why we need change our password, i guess they hash our password so it still save right?
|
|
|
|
|
|
asdalani
|
|
February 24, 2017, 12:56:02 PM |
|
I think that ChronoBank was using CloudFlare as well: From their Altcoin ANN: |
|
|
|
|
jtipt
|
|
February 24, 2017, 12:57:51 PM |
|
People should've known better to have a 3rd party do the security of their websites.
Yeah, but unfortunately a lot of websites use CloudFlare  Now I need to go and change a lot of passwords and i might have, i hope that cloudflare uses some encryption to store to data. |
|
|
|
|
bL4nkcode
Copper Member
Legendary
Offline
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
|
|
February 24, 2017, 01:04:15 PM |
|
There are so many sites that are affected by this issue from CloudFlare and even on crypto-games.net also using this service just received their email about this, and I changed my password also for security reasons. And I don't think if this forum is currently using CloudFlare, can some confirmed it if this is true? I didn't see in News above the forum or even on meta about this.
|
|
|
|
|
|
devans
|
|
February 24, 2017, 04:00:39 PM |
|
And I don't think if this forum is currently using CloudFlare, can some confirmed it if this is true? I didn't see in News above the forum or even on meta about this.
bitcointalk.org does not use Cloudflare and is not affected. theymos says the same in this thread on the Meta board. |
|
|
|
|
bathrobehero
Legendary
Offline
Activity: 2002
Merit: 1051
ICO? Not even once.
|
|
February 24, 2017, 05:35:52 PM |
|
Why we need change our password, i guess they hash our password so it still save right?
Cloudflare revealed a serious bug in its software today that caused sensitive data like passwords, cookies, authentication tokens to spill in plaintext from its customers’ websites. |
Not your keys, not your coins!
|
|
|
nillohit
Full Member
Offline
Activity: 154
Merit: 100
***crypto trader***
|
|
February 24, 2017, 08:22:34 PM |
|
I've just changed passwords of coinbase, btc-e, bitpay, cubits & localbitcoins
|
|
|
|
|
arcanaaerobics
|
|
February 24, 2017, 08:58:55 PM |
|
I've just changed passwords of coinbase, btc-e, bitpay, cubits & localbitcoins
You think that is safe? Keylogger they injected keylogger from those emails that Cloudbet, coinbase and all those other sites that sent you out emails to "Change your passwords NOW!" they didn't even tell you why because they were caught with their pants down and got ass fucked royally all because of their so called "SECUR-ITY TEAM A-ONE!" are not competent at their own FUCKING JOBS!  FIre this fuckheads and replace them with fucking monkeys! They would do a better job then these fucking freaks of nature. Good god DAMN MAN! Are everybody fools now?! Spoetnik excluded of course because he is a fellow AK-47 owner!  And fellow country man I was referring to this fucking retardo: https://bitcointalk.org/index.php?topic=1798844.0Have fun with this freak as much as I have for the past week of knowing he existed! And I still wish he was never born.  |
|
|
|
|
Winner
Legendary
Offline
Activity: 1190
Merit: 1000
Look ARROUND!
|
|
February 24, 2017, 11:20:40 PM |
|
I've just changed passwords of coinbase, btc-e, bitpay, cubits & localbitcoins
I think that YoBit, c-cex and 98% of the HYIP websites use CloudFlare. Is CloudFlare the only website security company that features DNS protection or something? I guess that people that build websites are too much in a hurry to do it themselves and that's why things like this happen. Bringing in a third-party to do dirty work isn't the right thing to do unless the person building the website doesn't really care for learning on how to have their websites updated with the latest security. It makes me wonder why people like the hard route, it only brings shame. Watch when Bitcoin starts breaking your systems. Oh, too soon? |
.........................................
█████████████████
███ ██ █ ██ ███
██ █████ █ █████ ██
███ █ █ █████ █ █ ███
███ █ ███ █ ███ █ ███
██ ███ ██ ███ █ ███ ██ ███ ██
██ ████ █ █████ ██
███ ██ █ ███ █ ███ █ ██ ███
█ █ ██ █ ██ █ ██ █ ██ █ █
█████ █ █████ █ █████
█ █ ██ █ ████ █ ████ █ ██ █ █
███ ████ ██ █ ██ ████ ███
██ █ █████ █ █████ █ ██
██ ██ ██ ████ █ ████ ██ ██ ██
██ █ ██████ █ ███
████ █ ██████████ █ ████
██ █████ █ ██████ ██
███ ██ █ ███ ███
█████████████████ | ARROUND
| |
█
█
█
█
█
█
█
█
| .
| |
█
█
█
█
█
█
█
█
| | .
• Telegram
• ANN Thread
• Bounty Thread
• Whitepaper |
|
|
|
shinratensei_
Legendary
Offline
Activity: 3094
Merit: 1024
Leading Crypto Sports Betting & Casino Platform
|
|
February 24, 2017, 11:44:48 PM |
|
I've just changed passwords of coinbase, btc-e, bitpay, cubits & localbitcoins
I think that YoBit, c-cex and 98% of the HYIP websites use CloudFlare. Kraken, Polo, and all of the exchange site are using cloudflare. |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2870
Merit: 2298
|
|
February 24, 2017, 11:59:20 PM |
|
No, only sites which used Cloudflare could've been affected.
|
|
|
|
|
|
enquirer
|
|
February 26, 2017, 01:43:27 PM |
|
Wait, Cloudflare has access to all decrypted data on the server end of https sessions? So Cloudflare employees or employees at data centers that cloudflare uses have access to all Bitfinex, poloniex etc passwords? Completely irresponsible if so, regardless of cloudbleed bug. They are basically selling user security for 30 shekels worth of traffic reduction.
|
|
|
|
|
|
clickerz
|
|
February 26, 2017, 01:50:07 PM |
|
Wait, Cloudflare has access to all decrypted data on the server end of https sessions? So Cloudflare employees or employees at data centers that cloudflare uses have access to all Bitfinex, poloniex etc passwords? Completely irresponsible if so, regardless of cloudbleed bug. They are basically selling user security for 30 shekels worth of traffic reduction.
We don't know yet their level of security. This is maybe possible or not. Hope this issues would be clarified soon. There are also many sites under cloudfare and this is devastation if true. But for those 2FA is activated, I thick it is more secure and not the way we think as of now. |
Open for Campaigns
|
|
|
|
devans
|
|
February 26, 2017, 02:17:48 PM |
|
Wait, Cloudflare has access to all decrypted data on the server end of https sessions? So Cloudflare employees or employees at data centers that cloudflare uses have access to all Bitfinex, poloniex etc passwords? Completely irresponsible if so, regardless of cloudbleed bug. They are basically selling user security for 30 shekels worth of traffic reduction.
Cloudflare acts as a reverse proxy and has access to all data that passes between the server and the client. Keep in mind that that is also the case for sites' hosting providers, including those that don't use Cloudflare. Aside perhaps from running the servers in your basement, which is neither practical nor cost-efficient, it's not possible to completely avoid trusting a third party. |
|
|
|
|
|
