[ EPU Foyer ] [ Lab and Grill ] [ Bonus Theater!! ] [ Rhetorical Questions ] [ CSRANTronix ] [ GNDN ] [ Subterranean Vault ] [ Discussion Forum ]

Eyrie Productions, Unlimited

Subject: "Security issue (Cloudflare)"     Previous Topic | Next Topic
Printer-friendly copy    
Conferences eyrie.private-mail Topic #698
Reading Topic #698
Terminus Est
Member since Nov-5-04
453 posts		 Feb-24-17, 05:48 AM (EST)
Click to EMail Terminus%20Est Click to send private message to Terminus%20Est Click to view user profileClick to add this user to your buddy list  
"Security issue (Cloudflare)"
 
   LAST EDITED ON Feb-24-17 AT 05:49 AM (EST)
 
Apparently there has been a massive security flaw discovered in Cloudflare, which affects every site that touches it. It's been recommended that all passwords and security questions be changed... pretty much everywhere, but especially places that house personal info like banks. Two-factor authentication (usually via mobile device, but some things (like MMOs) use physical security tokens) is being strongly recommended where available.

More info available here.

Edited to add: The Discord chat service is specifically mentioned. Dunno if anyone here uses it.


  Alert | IP Printer-friendly page | Edit | Reply | Reply With Quote | Top
Pasha
Charter Member
924 posts		 Feb-24-17, 01:41 PM (EST)
Click to EMail Pasha Click to send private message to Pasha Click to view user profileClick to add this user to your buddy list Click to send message via ICQ  
1. "RE: Security issue (Cloudflare)"
In response to message #0
 
   >Apparently there has been a massive security flaw discovered in
>Cloudflare, which affects every site that touches it. It's been
>recommended that all passwords and security questions be changed...
>pretty much everywhere, but especially places that house personal info
>like banks. Two-factor authentication (usually via mobile device, but
>some things (like MMOs) use physical security tokens) is being
>strongly recommended where available.
>
>More info available
>here.
>
>Edited to add: The Discord chat service is specifically mentioned.
>Dunno if anyone here uses it.

Authy is also a scary one. We've been "oh fuck fuck fuck" about this here at work since the news broke.

--
-Pasha
"Don't change the subject"
"Too slow, already did."


  Alert | IP Printer-friendly page | Edit | Reply | Reply With Quote | Top
MuninsFire
Member since Mar-27-07
218 posts		 Feb-24-17, 02:08 PM (EST)
Click to EMail MuninsFire Click to send private message to MuninsFire Click to view user profileClick to add this user to your buddy list Click to send message via AOL IM  
2. "RE: Security issue (Cloudflare)"
In response to message #0
 
   Yeah, this one's been a bit of a giggle for those of us in the infosec field. The nature of the issue is very similar to that 'Heartbleed' TLS issue from a couple years ago.

I'm going to have to redo a couple creds - digital ocean's front end was affected - but it looks like I got out of this fairly light.

Friend of mine noted that events like this are a great way for you to audit what stale accounts you might have laying around that you didn't realize were still active.

--
In Xanadu did Kubla Khan
A stately pleasure-dome
decree,
Where Alph, the sacred river,
ran
Through caverns measureless to
man
Down to a sunless sea


  Alert | IP Printer-friendly page | Edit | Reply | Reply With Quote | Top

Conferences | Topics | Previous Topic | Next Topic

[ YUM ] [ BIG ] [ ??!? ] [ RANT ] [ GNDN ] [ STORE ] [ FORUM ] [ VAULT ]

version 3.3 © 2001
Eyrie Productions, Unlimited
Benjamin D. Hutchins
E P U (Colour)