|
Post by Tiger on Feb 24, 2017 10:13:18 GMT -5
So apparently there was a leak of a lot of very sensitive information from the DNS CloudFlare, which is used by a ton of websites to deliver their content - seriously there are like 4 million domains on CloudFlare. Some of the sites affected/potentially affected include Patreon, Yelp, freewebs/webs.com, Uber, FitBit, 1Password, HumbleBundle, Subeta, and the Discord web app. If a site you're on mentions the CloudFlare leaks or Cloudbleed, you're probably gonna want to change your password as a precaution. You can find a list of notable sites affected here - github.com/pirate/sites-using-cloudflare - by scrolling down to "Noteable Sites" (skip the download file, making it readable requires console commands and git and ain't nobody got time for that).
|
|
|
Post by Thorn on Feb 24, 2017 16:26:08 GMT -5
If there's another site that isn't affected, but which uses the same password as one which is, should we change it on the unaffected site too?
(sorry if this is a silly question, I honestly do not know. xD)
EDIT: Ah, the page actually explains that. Never mind!
|
|
|
Post by Gelquie on Feb 24, 2017 17:57:21 GMT -5
While not on the list of notable sites, Proboards is on the top 10,000 list. Which means NTWF might be affected.
Might be a good time for password changes.
|
|
|
Post by Tiger on Feb 24, 2017 21:06:56 GMT -5
Okay, so someone built a tool to search through the list: cloudflarelistcheck.abal.moe/Also just found Flight Rising on the list, so, y'know the drill, probably best to change your password there, too.
|
|
|
Post by Gelquie on Feb 24, 2017 21:20:39 GMT -5
Also just found Flight Rising on the list, so, y'know the drill, probably best to change your password there, too. Flight Rising specific followup. Basically, it's not affected. (Thanks Killix for the link and info!)
|
|
|
Post by Geo 🇺🇦 🌻 on Feb 25, 2017 10:50:22 GMT -5
Interesting read on why 1Password (a popular password management site) isn't affected. They didn't rely solely on HTTPS for their security. blog.agilebits.com/2017/02/23/three-layers-of-encryption-keeps-you-safe-when-ssltls-fails/This is a blog for reassurance. They'll post a deeper analysis at some point. Also, if it's not too inconvenient, please use 2FA or 2-step verification on accounts you deem critical to be secure, if it's offered as a security option anyways. Neopets isn't affected...oh wait! They send passwords without HTTPS. *facepalm* Please use some unique disposable password for Neopets, something not shared by other accounts.
|
|