Cloudflare hacked? So now we need to change passwords on Bitcointalk again?

devans

sr. member

Activity: 528

Merit: 368

Quote from: enquirer on February 26, 2017, 08:43:27 AM

Wait, Cloudflare has access to all decrypted data on the server end of https sessions? So Cloudflare employees or employees at data centers that cloudflare uses have access to all Bitfinex, poloniex etc passwords? Completely irresponsible if so, regardless of cloudbleed bug. They are basically selling user security for 30 shekels worth of traffic reduction.

Cloudflare acts as a reverse proxy and has access to all data that passes between the server and the client. Keep in mind that that is also the case for sites' hosting providers, including those that don't use Cloudflare. Aside perhaps from running the servers in your basement, which is neither practical nor cost-efficient, it's not possible to completely avoid trusting a third party.

clickerz

hero member

Activity: 1414

Merit: 505

Backed.Finance

Quote from: enquirer on February 26, 2017, 08:43:27 AM

Wait, Cloudflare has access to all decrypted data on the server end of https sessions? So Cloudflare employees or employees at data centers that cloudflare uses have access to all Bitfinex, poloniex etc passwords? Completely irresponsible if so, regardless of cloudbleed bug. They are basically selling user security for 30 shekels worth of traffic reduction.

We don't know yet their level of security. This is maybe possible or not. Hope this issues would be clarified soon. There are also many sites under cloudfare and this is devastation if true. But for those 2FA is activated, I thick it is more secure and not the way we think as of now.

enquirer

sr. member

Activity: 306

Merit: 257

Wait, Cloudflare has access to all decrypted data on the server end of https sessions? So Cloudflare employees or employees at data centers that cloudflare uses have access to all Bitfinex, poloniex etc passwords? Completely irresponsible if so, regardless of cloudbleed bug. They are basically selling user security for 30 shekels worth of traffic reduction.

Quickseller

copper member

Activity: 2996

Merit: 2374

Quote from: theymos

No, only sites which used Cloudflare could've been affected.

shinratensei_

legendary

Activity: 3276

Merit: 1029

Leading Crypto Sports Betting & Casino Platform

Quote from: Winner on February 24, 2017, 06:20:40 PM

Quote from: nillohit on February 24, 2017, 03:22:34 PM

I've just changed passwords of coinbase, btc-e, bitpay, cubits & localbitcoins

I think that YoBit, c-cex and 98% of the HYIP websites use CloudFlare.

Kraken, Polo, and all of the exchange site are using cloudflare.

Winner

legendary

Activity: 1190

Merit: 1000

Look ARROUND!

Quote from: nillohit on February 24, 2017, 03:22:34 PM

I've just changed passwords of coinbase, btc-e, bitpay, cubits & localbitcoins

I think that YoBit, c-cex and 98% of the HYIP websites use CloudFlare.

Is CloudFlare the only website security company that features DNS protection or something? I guess that people that build websites are too much in a hurry to do it themselves and that's why things like this happen.

Bringing in a third-party to do dirty work isn't the right thing to do unless the person building the website doesn't really care for learning on how to have their websites updated with the latest security.

It makes me wonder why people like the hard route, it only brings shame.

Watch when Bitcoin starts breaking your systems.

Oh, too soon?

arcanaaerobics

sr. member

Activity: 364

Merit: 250

Quote from: nillohit on February 24, 2017, 03:22:34 PM

I've just changed passwords of coinbase, btc-e, bitpay, cubits & localbitcoins

You think that is safe?
Keylogger they injected keylogger from those emails that Cloudbet, coinbase and all those other sites that sent you out emails to "Change your passwords NOW!" they didn't even tell you why because they were caught with their pants down and got ass fucked royally all because of their so called "SECUR-ITY TEAM A-ONE!" are not competent at their own FUCKING JOBS! Roll Eyes

FIre this fuckheads and replace them with fucking monkeys!
They would do a better job then these fucking freaks of nature.
Good god DAMN MAN! Are everybody fools now?! Roll Eyes

Spoetnik excluded of course because he is a fellow AK-47 owner! Grin

And fellow country man I was referring to this fucking retardo:
https://bitcointalksearch.org/topic/game-protectwhy-isnt-there-a-repthreadfor-this-self-proclaimed-lawyer-for-good-1798844

Have fun with this freak as much as I have for the past week of knowing he existed!
And I still wish he was never born. Undecided

nillohit

full member

Activity: 154

Merit: 100

***crypto trader***

I've just changed passwords of coinbase, btc-e, bitpay, cubits & localbitcoins

bathrobehero

legendary

Activity: 2002

Merit: 1051

ICO? Not even once.

Quote from: Kray on February 24, 2017, 07:54:06 AM

Why we need change our password, i guess they hash our password so it still save right?

Quote from: https://techcrunch.com/2017/02/23/major-cloudflare-bug-leaked-sensitive-data-from-customers-websites/

Cloudflare revealed a serious bug in its software today that caused sensitive data like passwords, cookies, authentication tokens to spill in plaintext from its customers’ websites.

devans

sr. member

Activity: 528

Merit: 368

Quote from: bL4nkcode on February 24, 2017, 08:04:15 AM

And I don't think if this forum is currently using CloudFlare, can some confirmed it if this is true? I didn't see in News above the forum or even on meta about this.

bitcointalk.org does not use Cloudflare and is not affected. theymos says the same in this thread on the Meta board.

bL4nkcode

copper member

Activity: 2142

Merit: 1305

Limited in number. Limitless in potential.

There are so many sites that are affected by this issue from CloudFlare and even on crypto-games.net also using this service just received their email about this, and I changed my password also for security reasons. And I don't think if this forum is currently using CloudFlare, can some confirmed it if this is true? I didn't see in News above the forum or even on meta about this.

jtipt

hero member

Activity: 1050

Merit: 529

Quote from: asdalani on February 24, 2017, 07:52:32 AM

People should've known better to have a 3rd party do the security of their websites.

Yeah, but unfortunately a lot of websites use CloudFlare Sad

Now I need to go and change a lot of passwords and i might have, i hope that cloudflare uses some encryption to store to data.

asdalani

hero member

Activity: 882

Merit: 500

CryptoTalk.Org - Get Paid for every Post!

I think that ChronoBank was using CloudFlare as well:

From their Altcoin ANN:

Quote from: Chronobank on February 24, 2017, 06:37:46 AM

Dear TIME token holders,

A critical vulnerability was detected in Cloudflare service. Our ICO website used Cloudflare for anti-DDOS protection.

Change your password at ICO Dashboard immediately!

https://chronobank.io

More info on this vulnerability:

https://medium.com/@octal/cloudbleed-how-to-deal-with-it-150e907fd165

Best regards,
Chronobank team

Kray

hero member

Activity: 658

Merit: 500

Why we need change our password, i guess they hash our password so it still save right?

asdalani

hero member

Activity: 882

Merit: 500

CryptoTalk.Org - Get Paid for every Post!

People should've known better to have a 3rd party do the security of their websites.

Hydrogen

legendary

Activity: 2562

Merit: 1441

Does cloudflare store one-way-hashed passwords or plain text?

I don't know if there are collision or other vulnerabilities for one way hashes, which is what should be stored if standard security is followed.

The breach could be nothing to worry about.

Thanks for the info btw. I changed my password just in case.

davis196

hero member

Activity: 3150

Merit: 937

Quote from: adaseb on February 23, 2017, 10:05:17 PM

Found this on Reddit:
https://www.reddit.com/r/Bitcoin/comments/5vuih9/internet_psa_cloudbleed_cloudflare_leaked/

Since Bitcointalk uses Cloudfare this means we need to change our passwords again? Also Bitfinex, Poloniex, Coinbase, etc ?

Localbitcoins uses Cloudflare and there might be some risk for people`s accounts but i`m not that concerned.
I don`t have bitcoins in my LBC wallet right now. Grin

I don`t know what is the relation between Cloudflare being hacked and Bitcointalk accounts security?

Kakmakr

legendary

Activity: 3542

Merit: 1965

Leading Crypto Sports Betting & Casino Platform

Quote from: RoommateAgreement on February 23, 2017, 11:04:26 PM

Quote from: adaseb on February 23, 2017, 10:05:17 PM

Since Bitcointalk uses Cloudfare

bitcointalk has never been using cloudflare and is not using cloudflare now either.

funny thing is that people have always been suggesting to Theymos to go to cloudflare and they always denied because of security reasons. now we can see one of them.

Yes, we had a site running behind Cloudflare and we got hacked 3 times in 2 years. You get a false sense of security, when you use them and you think you are bullet proof. I am glad this forum decided not to use them, because it will keep the admins on their toes.

Most "hacks" are done through social engineering and fooling the employees working for Cloudflare.

Spoetnik

legendary

Activity: 1540

Merit: 1011

FUD Philanthropist™

Quote from: RoommateAgreement on February 23, 2017, 11:04:26 PM

Quote from: adaseb on February 23, 2017, 10:05:17 PM

Since Bitcointalk uses Cloudfare

bitcointalk has never been using cloudflare and is not using cloudflare now either.

funny thing is that people have always been suggesting to Theymos to go to cloudflare and they always denied because of security reasons. now we can see one of them.

Agreed.

And another reason maybe privacy too.. There has been TOR issues with Cloudflare i think.
But mostly i think theymos wanted full control.. and he rightly so should considering the target this place is.

RoommateAgreement

hero member

Activity: 770

Merit: 500

Bazinga!

Quote from: adaseb on February 23, 2017, 10:05:17 PM

Since Bitcointalk uses Cloudfare

bitcointalk has never been using cloudflare and is not using cloudflare now either.

funny thing is that people have always been suggesting to Theymos to go to cloudflare and they always denied because of security reasons. now we can see one of them.

Topic: Cloudflare hacked? So now we need to change passwords on Bitcointalk again? (Read 1633 times)