CloudBleed HTTPS traffic leak

[KRSL]

ECF is on the list of possibly affected sites.

If anyone has fast access to admins please get them to check.

GitHub - pirate/sites-using-cloudflare: List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)

 

[retired1]

Moved to Computer Security.

As a precaution, staff have been advised to change their passwords. Members can do so as well if they wish to. As this vulnerability cannot be used as a targeted attack, the chances of your info being compromised is minimal. Cloudflare has already fixed the issue and is deleting cached data.

 

[retired1]

OK. Here's the deal. Yes, there was a rather spectacular vulnerability associated with Cloudflare. However, obtaining the information from the vulnerability is random as it can possibly get. The vulnerability is impossible to use as a targeted attack.

Here's a rather sensible piece from CNN about this whole thing. Ignore the grand standing by some sites who are claiming the sky is falling (it's not).

Why you shouldn't freak out (yet) about the 'Cloudbleed' security leak

For now, the vulnerability is a minor thing as far as the release of sensitive information is concerned. However, we may find tomorrow that people have been slurping data since September and have amassed a rather nasty collection of PMs, chats and passwords. It's unlikely, but it is possible. So for now, it's not something to get worked up about, but taking the standard precautions (password changes) on any site you have an account on and uses Cloudflare would be prudent.