Page 1 of 1

Cloudflare Cloudbleed

PostPosted: Sat Feb 25, 2017 2:16 pm
by Sean
Hi ChessCubers,

As some of you may have been aware, a popular service used online called "Cloudflare" had a security leak this past Thursday. CloudFlare provides a ton of services to websites, one of which is a free HTTPS wrapper around pre-existing websites.

However, Cloudflare's software had a one-character bug in a security check, it checked for "equal to" rather than "greater than or equal to". This meant that someone else's browsing session would occasionally get leaked into your own. That could mean passwords, API keys, anything that gets sent over the wire.

You can find a list of all websites affected on this GitHub page.

ChessCube recommends changing your passwords on all sites affected, and then on any other site that shares those passwords. Also, take the time now to enable 2-factor authentication on sites that support it.

Thanks,
Sean

Re: Cloudflare Cloudbleed

PostPosted: Sat Feb 25, 2017 5:31 pm
by realty_don
hi, Sean

(your link) "4,287,625 possibly affected domains" I see ChessCube.com, is in the list of possibly affected domains (not, that I can see a Hacker drooling over sneaking in here but you never know).

rD