API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 24th, 2017
116
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.34 KB | None | 0 0
raw download clone embed print report
  1. There has been a major security flaw within Cloudflare and thus Discord. It's highly suggested that you cycle your passwords everywhere due to this.
  2.  
  3. Impact
  4. Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters.
  5. Data was cached by search engines , there are private logins for dozens of multiple websites in google's cache right now, and may have been collected by random scrapers over the past few months.
  6.  
  7. According to CloudFlare: "The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests)". This has a potential of 100k-200k paged with private data leaked every day for the dates in question.
  8.  
  9. What you should do?
  10. Change all your passwords, especially those on these affected sites. Rotate API keys & secrets, and confirm you have 2-FA set up for important accounts. You can set up 2-FA for discord under Settings -> Security. Sites compronised include: Reddit, Discord, Uber, StackOverflow, Patreon, Yelp, OKCupid, 4chan, Namecheap, DigitalOcean, and many, many more.
  11.  
  12. You can check which sites were affected by this on the readme of this github page https://github.com/pirate/sites-using-cloudflare
  13.  
  14. Link to the official discord post: https://blog.discordapp.com/safety-jim-psa-cloudflare-security-issue-77a4ecc48298#.z9wga7s8s
  15. Link to the official cloudflare post: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
  16.  
  17. I cannot stress this enough, please change your passwords everywhere as this affects everyone everywhere!
  18.  
  19. Note: Discord is an affected platform. Please view the full list of sites in the link provided and Ctrl+F your most important sites.(edited)
  20. Discord Blog
  21. Safety Jim PSA: Cloudflare Security Issue
  22. Before we get into the PSA, I’ve got a big ol’ request for ya:
  23.  
  24. Cloudflare Blog
  25. Incident report on memory leak caused by Cloudflare parser bug
  26. Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare. It turned out that in some unusual circumstances, which I’ll detail below, our edge
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!