|
TravelMug (OP)
|
 |
February 25, 2017, 12:40:10 AM |
|
Some of the most popular Bitcoin services on the internet may have leaked sensitive user information, including passwords. Cloudflare is a popular content delivery network that effectively acts as a sort of digital shield, a proxy that offers millions of websites DoS protection and other services. Some of the biggest websites on the internet use Cloudflare, including several well-known Bitcoin companies, like Coinbase, Kraken, LocalBitcoins, Poloniex and more Using a Bitcoin Service? You May Need to Change Your Password (Now) |
| R |
▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO
FUTURES | | | | | | | │ | 1,000x
LEVERAGE | │ | COMPETITIVE
FEES | │ | INSTANT
EXECUTION | │ | .
TRADE NOW |
|
|
|
|
|
|
|
|
In order to achieve higher forum ranks, you need both activity points and merit points.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
blockcha1n
|
|
February 25, 2017, 12:42:30 AM |
|
Some of the most popular Bitcoin services on the internet may have leaked sensitive user information, including passwords. Cloudflare is a popular content delivery network that effectively acts as a sort of digital shield, a proxy that offers millions of websites DoS protection and other services. Some of the biggest websites on the internet use Cloudflare, including several well-known Bitcoin companies, like Coinbase, Kraken, LocalBitcoins, Poloniex and more Using a Bitcoin Service? You May Need to Change Your Password (Now)How long ago was this known? I think it was since September last year there was a breach in their service but they didn't report it until just now. I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios. |
|
|
|
aso118
Legendary
 Offline
Activity: 1918
Merit: 1012
★Nitrogensports.eu★
|
|
February 25, 2017, 01:14:45 AM |
|
How long ago was this known?
I think it was since September last year there was a breach in their service but they didn't report it until just now.
I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios.
According to their blog post, they managed to solve the issue in less than 48 hrs. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/I don't think it was known in September. It was reported by Tavis Ormandy last Friday. |
|
|
|
|
blockcha1n
|
|
February 25, 2017, 01:19:22 AM |
|
How long ago was this known?
I think it was since September last year there was a breach in their service but they didn't report it until just now.
I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios.
According to their blog post, they managed to solve the issue in less than 48 hrs. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/I don't think it was known in September. It was reported by Tavis Ormandy last Friday. But within that 48 hours all logins were comprised. And the hackers have those lists. So alot of accounts are dormant. And can be retrieved and used by those hackers. Am I right or wrong in this scenario that is brewing in my mind about this security breach? And they thought those leaked 15,000 or what however many emails were found by hackers, this is much worst for millions of people's information being waiting to be sold later on when the heat is off those that did the hack. |
|
|
|
Rammortal
Newbie
Offline
Activity: 5
Merit: 0
|
|
February 25, 2017, 06:34:05 AM |
|
How long ago was this known?
I think it was since September last year there was a breach in their service but they didn't report it until just now.
I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios.
According to their blog post, they managed to solve the issue in less than 48 hrs. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/I don't think it was known in September. It was reported by Tavis Ormandy last Friday. But within that 48 hours all logins were comprised. And the hackers have those lists. So alot of accounts are dormant. And can be retrieved and used by those hackers. Am I right or wrong in this scenario that is brewing in my mind about this security breach? And they thought those leaked 15,000 or what however many emails were found by hackers, this is much worst for millions of people's information being waiting to be sold later on when the heat is off those that did the hack. This outage was first spotted by the Tavis Ormandy, the British bug hunter from Google's Project Zero security team. He updated his findings on twitter From Tavis Ormandy : Cloudflare have been leaking customer HTTPS sessions for months. Uber, 1Password, FitBit, OKCupid, etc. https://bugs.chromium.org/p/project-zero/issues/detail?id=1139I am hoping bugs played with the sessions only not with the data's. Let see. |
|
|
|
|
maku
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
February 25, 2017, 09:40:23 AM
Last edit: February 25, 2017, 10:20:33 AM by maku |
|
CloudFlare is used by millions of websites even 0,00003% leak is HUGE.
The more complicated the defense the higher chance there will be a backdoor somewhere. It is exactly what happened with CloudFlare.
There is really no telling if hackers managed to find that exploit before Travis Ormandy shared the info about it.
|
|
|
|
|
Utrine
Newbie
Offline
Activity: 53
Merit: 0
|
|
February 25, 2017, 10:38:53 AM |
|
How long ago was this known?
I think it was since September last year there was a breach in their service but they didn't report it until just now.
I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios.
According to their blog post, they managed to solve the issue in less than 48 hrs. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/I don't think it was known in September. It was reported by Tavis Ormandy last Friday. But within that 48 hours all logins were comprised. And the hackers have those lists. So alot of accounts are dormant. And can be retrieved and used by those hackers. Am I right or wrong in this scenario that is brewing in my mind about this security breach? And they thought those leaked 15,000 or what however many emails were found by hackers, this is much worst for millions of people's information being waiting to be sold later on when the heat is off those that did the hack. If I did not log in in the last four months, will the password be leaked? |
|
|
|
|
Kprawn
Legendary
Offline
Activity: 1904
Merit: 1073
|
|
February 25, 2017, 04:49:10 PM |
|
Why if a site like Coinbase were on that list, do we not find millions of coins being stolen or are this a government sanctioned hack to spy on
people? How many "hacks" might have been engineered through this exploit and can this be traced now that we know about this? There are a lot
of questions that needs to be answered. Why did Cloudflare keep quite?
|
|
|
|
numismatist
Legendary
Offline
Activity: 1245
Merit: 1004
|
|
February 25, 2017, 10:25:11 PM |
|
including several well-known Bitcoin companies, like Coinbase, Kraken, LocalBitcoins, Poloniex and more
 ☣☠☂☠ can't they get their shit straight endagering everyone of us ☣☠☠☂  Got no news from Polo so far. The others at least sent some mail. |
|
|
|
cr1776
Legendary
Offline
Activity: 4018
Merit: 1299
|
|
February 25, 2017, 11:36:11 PM |
|
How long ago was this known?
I think it was since September last year there was a breach in their service but they didn't report it until just now.
I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios.
According to their blog post, they managed to solve the issue in less than 48 hrs. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/I don't think it was known in September. It was reported by Tavis Ormandy last Friday. But within that 48 hours all logins were comprised. And the hackers have those lists. So alot of accounts are dormant. And can be retrieved and used by those hackers. Am I right or wrong in this scenario that is brewing in my mind about this security breach? And they thought those leaked 15,000 or what however many emails were found by hackers, this is much worst for millions of people's information being waiting to be sold later on when the heat is off those that did the hack. If I did not log in in the last four months, will the password be leaked? It shouldn't be give the nature of the bug since your login details wouldn't have been in cloudflare's server memory if you hadn't logged in. |
|
|
|
|
|
