Jeph Jacques's comics discussion forums

  • 22 Nov 2017, 18:01
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Cloudbleed  (Read 2683 times)

pwhodges

  • Admin emeritus
  • Awakened
  • *
  • Offline Offline
  • Posts: 14,733
  • Blessed Vessel
    • My home page
Cloudbleed
« on: 24 Feb 2017, 06:10 »

This forum is served through the caching proxy known as CloudFlare, which provides among other things a robust defence against Denial of Service attacks such as QC has seen in the past.

It has just been revealed that for the past five months there has been a flaw in CloudFlare (now fixed) which allowed 1 in over three million or less responses it gave to contain a random part of another response.  In principle this could lead to leakage of passwords, for instance.  There is no sign yet that any hackers found this vulnerability and tried using it to get data they were interested in.  It would take a great deal of effort to have capitalised on this.  Note that any hackers would not be gaining access to any servers this way; all they get is fragments of web pages.

I'm not worried about the effect on the forum - I estimate that over the period only some hundreds of messages from QC would have been affected, and there is virtually no information here that would interest hackers anyway.

However, CloudFlare is used by over four million websites, so it is likely that other sites you visit have been affected.  Patreon is one of those websites.  Your personal vulnerability is only in respect of messages you have received from any websites concerned - the lower your usage, the less need there is to be worried.  Online password managers might be a thing to look out for, though.  If you use one, do change your master password, and maybe check with the company whether they use CloudFlare, and if so that they do not rely solely on https encryption to protect your password data.

I'm not personally worried at all, because even though I am an intensive web user the amount of possibly compromising information I transfer from websites is very small indeed.

TL/DR:
There has been a significant vulnerability on many websites (including QC) which has most likely not been exploited at all, and whose scope for exploitation was limited in any case.
« Last Edit: 24 Feb 2017, 06:35 by pwhodges »
Logged
"Being human, having your health; that's what's important."  (from: Magical Shopping Arcade Abenobashi )
"As long as we're all living, and as long as we're all having fun, that should do it, right?"  (from: The Eccentric Family )
Pages: [1]   Go Up