Author Topic: Cloudflare bug  (Read 118 times)

Offline Duki3003

  • Admin
  • Member
  • Posts: 4843
Cloudflare bug
« on: Yesterday at 10:02:44 pm »
A bug was recently discovered with Cloudflare, which BakaBT and many other websites use for DoS protection and other services. Due to the nature of the bug, we recommend as a precaution that you change your BakaBT password.

You should similarly change your security credentials for other websites that use Cloudflare (see link below for a list of possibly affected sites). If you are using the same password for multiple sites, you should change this immediately so that you have a unique password for each site. And you should enable two-factor authentication for every site that supports it.
The Cloudflare bug has now been fixed, but it caused sensitive data like passwords to be leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between 13th Feb and 18th Feb when about 0.00003% of HTTP requests were affected. Although the rate of leakage was low, the information that might have been leaked could be very sensitive, so it’s important that you take appropriate precautions to protect yourself.

Here are some links for further reading on the Cloudflare bug:
TechCrunch article: https://techcrunch.com/2017/02/23/major-cloudflare-bug-leaked-sensitive-data-from-customers-websites/
List of sites possibly affected by the bug: https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

-BakaBT staff
« Last Edit: Yesterday at 10:06:07 pm by Duki3003 »

Offline jiop

  • Member
  • Posts: 317
  • Just a BOT...
    • Anime Portal
Re: Cloudflare bug
« Reply #1 on: Yesterday at 11:27:33 pm »
https://arstechnica.com/security/2017/02/serious-cloudflare-bug-exposed-a-potpourri-of-secret-customer-data/

Quote
"The bug was serious because the leaked memory could contain private information and because it had been cached by search engines"

Cloudflare researchers have identified 770 unique URIs that contained leaked memory and were cached by Google, Bing, Yahoo, or other search engines. The 770 unique URIs covered 161 unique domains. Graham-Cummings said Thursday's disclosure came only after the leaked data was fully purged with the help of the search engines.
Google cache, however, appeared to show data remained exposed by the bug.
« Last Edit: Yesterday at 11:33:05 pm by jiop »

Offline likcoras

  • Member
  • Posts: 1
Re: Cloudflare bug
« Reply #2 on: Today at 02:02:29 am »
What about passkeys, for torrents? Is it recommended to change those as well?