I don't have accounts on any of the sites listed so far. What are some of the other 1600+?
link of 10,000 + a download of 4 million
I don't have accounts on any of the sites listed so far. What are some of the other 1600+?
It's still a dangerous precedent and Cloudflare is eternally fuckedKeep in mind the linked list is probably like 99% not the actual full list of effected websites.
The most surprising thing to me is that their top reward for vulnerabilities found is a t-shirt. A potentially company ending bug is worth $15 bucks. They owe this engineer a shit ton for his efforts.
I hope GitHub doesn't lead to developers inadvertently allowing easy access to other services said developers use. Sadly I know devs that reuse emails/passwords in many places, important ones even. It could be a real nightmare into some commercial spaces beyond just the affected websites listed.
Keep in mind the linked list is probably like 99% not the actual full list of effected websites.
It's still a dangerous precedent and Cloudflare is eternally fucked
The Internet really cannot go on like this. Not sure what the solution is.
If I haven't used some of those sites during the time frame, would anything have been leaked?
Stack Overflow, Betterment, Digital Ocean, Reddit, Yelp, and Uber are pretty well known though.Github doesn't use Cloudflare. Very few respectable companies do. They're pretty much the domain of porn sites, illegal shit, and stupidly cheap people.
Uber big as a fuck ton of regular people in major cities use them.
Is Amazon and Google affected by this at all?
Soooo... Any good recommendations for a password manager? It's well past that time for me.
No, neither of them use cloudflare.
Soooo... Any good recommendations for a password manager? It's well past that time for me.
Github doesn't use Cloudflare. Very few respectable companies do. They're pretty much the domain of porn sites, illegal shit, and stupidly cheap people.
PSY・S;230918338 said:
what the fresh hell is this
I spend a massive chunk of my time each month ensuring a service with a much smaller attack surface than a https proxying edge server is properly secured, so I get a little upset when I see anyone trusting as visibly shifty a company as Cloudflare.
I get why some actual legit sites that aren't serving porn or even child porn or torrents or hocking bitcoins or hosting white supremacist discussions would want to use them; I mean they're cheap. But there's a reason why competitors uses special cages with armed guards and entirely separate networks with thorough audits and tracing on just about everything for https traffic, and there's a reason that's expensive, and a reason why it's not worth cheaping out on.
???Github doesn't use Cloudflare. Very few respectable companies do. They're pretty much the domain of porn sites, illegal shit, and stupidly cheap people.
Wait, so my mum's credit card info could have been floating around out there? FUCK. What do we do?Oh dear. Cloudbleed is upon us.
The information leaked is... super troubling. Even changing passwords won't fix what happened here. Dammit.
Yeah, that.Oh dear. Cloudbleed is upon us.
The information leaked is... super troubling. Even changing passwords won't fix what happened here. Dammit.
I think "bleed" undersells it. This was a mass broadcast of random private data.Oh dear. Cloudbleed is upon us.
The information leaked is... super troubling. Even changing passwords won't fix what happened here. Dammit.