Trumpnado 28 Report post Posted February 25, 2017 (edited) http://thehackernews.com/2017/02/cloudflare-vulnerability.html https://news.ycombinator.com/item?id=13718752 Recently, a google security expert found a massive vulnerability in the Cloudflare CDN which is similar to but worse than the "heartbleed bug" (https://www.youtube.com/watch?v=1dOCHwf8zVQ) which can be used by malicious attackers. Here is how it works in simple terms: When you make a request for a resource, the response is data from a set amount of the server's memory. The Cloudflare vulnerability causes the response to contain a larger segment of data than is requested, and there is NO way to tell what data is in the adjacent memory to your requested resource. So the adjacent memory can be passwords, usernames, financial data, etc. Using heartbleed, a savvy attacker can try to data mine. Cloudflare's problem, aka Cloudbleed, is much worse because it happens on HTTP (web) requests, and HTTP results are cached (saved) all over the place. So it's very possible that some leaked data is permanently or nearly-permanently cached in google search results. THIS WEBSITE USES CLOUDFLARE (PROOF: http://www.doesitusecloudflare.com/?url=https%3A%2F%2Felysium-project.org%2F) Since the admins of this project seem more concerned with perpetuating drama on the announcement boards, I am doing this PSA for them. So you should change your password, and any of your other accounts that have the same password as your Elysium password. EDIT do you guys think with all the enemies elysium has, that this would present an opportunity for them. Nost, Kronos, etc plus all the "programmers" that have left the project pissed off. yeah they are mostly losers but they are angry kids with a lot of free time and they know (some) code. So i would just play it as safe as possible and change your credentials. Edited February 25, 2017 by Trumpnado 0 Share this post Link to post Share on other sites
Erjh8765 19 Report post Posted February 25, 2017 1. Nostalrius is not an enemy of this project. The opposite, actually. 2. Don't change your password, just enable 2FA. Instructions on how to do that are in my profile's "about me" section. 0 Share this post Link to post Share on other sites
Trumpnado 28 Report post Posted February 25, 2017 12 hours ago, ygvtfc said: http://doma.io/2017/02/24/list-of-affected-cloudbleed-domains.html why do you post random bullshit? one in 3.3million pages was "leaked" thats cloudflares doctored count and its not pages its requests. also, anything leaked could be permanently cached 0 Share this post Link to post Share on other sites
Pottu 290 Report post Posted February 25, 2017 Trumpnado is correct. The odds are fantastical, that your username/password combination could be mined, something like 0.00013% chance according to Cloudflare but the possibility exists. Use 2FA. 0 Share this post Link to post Share on other sites
