FAQ

Cloudflare Cloudbleed

<<

Sean

Site Admin

Posts: 473

Joined: Fri Nov 12, 2010 2:42 pm

Location: Cape Town, South Africa

Post Sat Feb 25, 2017 2:16 pm

Cloudflare Cloudbleed

Hi ChessCubers,

As some of you may have been aware, a popular service used online called "Cloudflare" had a security leak this past Thursday. CloudFlare provides a ton of services to websites, one of which is a free HTTPS wrapper around pre-existing websites.

However, Cloudflare's software had a one-character bug in a security check, it checked for "equal to" rather than "greater than or equal to". This meant that someone else's browsing session would occasionally get leaked into your own. That could mean passwords, API keys, anything that gets sent over the wire.

You can find a list of all websites affected on this GitHub page.

ChessCube recommends changing your passwords on all sites affected, and then on any other site that shares those passwords. Also, take the time now to enable 2-factor authentication on sites that support it.

Thanks,
Sean
If you like, you can buy me a coffee for my next break. Donate BTC as a thanks for this post - it goes a long way! :)
BTC: 191ACTu2QfrKuVMuPsEEkebSJm6yYgWS8k


<<

realty_don

Knight

Posts: 73

Joined: Mon Jan 09, 2012 12:21 am

Location: westcoast B.C., Canada

Post Sat Feb 25, 2017 5:31 pm

Re: Cloudflare Cloudbleed

hi, Sean

(your link) "4,287,625 possibly affected domains" I see ChessCube.com, is in the list of possibly affected domains (not, that I can see a Hacker drooling over sneaking in here but you never know).

rD

Return to ChessCube Announcements & News

Who is online

Users browsing this forum: Google [Bot] and 2 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software.