• Cloudflare parser leak: No problem here

    Home » Forums » Newsletter and Homepage topics » Cloudflare parser leak: No problem here

    Tags:

    Author
    Topic
    woody
    Manager
    February 25, 2017 at 1:59 pm #97325

    As @Kirsty noted over in the Code Red forum yesterday, Cloudflare has reported a security problem with their servers which led to leaked information f
    [See the full post at: Cloudflare parser leak: No problem here]

    6 users thanked author for this post.
    WildBill, PhotM, JDeC, dononline, Microfix, NetDef
    Reply | Quote
    Viewing 4 reply threads
    Author
    Replies
    • NetDef
      AskWoody_MVP
      February 25, 2017 at 2:02 pm #97327

      I wish all the major affected sites would prominently post this disclosure – positive or negative – on their landing pages.

      Thank you!

      ~ Group "Weekend" ~

      1 user thanked author for this post.
      PhotM
      Reply | Quote
      • anonymous
        Guest
        February 26, 2017 at 4:35 am #97378

        NowSecure (https://www.nowsecure.com/) is also using CloudFlare. I see the big red notification box on their home page…

        Woody, can you post a more specific link? I can’t find the list of affected sites on NowSecure.

        Reply | Quote
        • woody
          Manager
          February 26, 2017 at 6:19 am #97385

          I thought it would be easy to find a definitive list of leaky sites, but nuthin’s easy on the web…

          This site seems to be the most thorough: http://cloudflarelistcheck.abal.moe/

          1 user thanked author for this post.
          JohnW
          Reply | Quote
          • JohnW
            AskWoody Lounger
            February 27, 2017 at 11:51 am #97568

            Woody! Thanks for that checker!

            Here’s a list of sites that use Cloudflare, but doesn’t necessarily mean they leaked.  But sometimes better to be safe … it’s a long list, butyou can use your browser’s “Find” tool to search the list for site domains that you may use.

            https://github.com/pirate/sites-using-cloudflare

            Windows 10 Pro 22H2

            Reply | Quote
            • anonymous
              Guest
              March 2, 2017 at 6:10 am #98202

              This is not the full list. Far away from that. Hundreds of thousands of sites use CloudFlare. The Alexa top 10000 is just a fraction of that.

              “Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug.” so if you always used https://yourcloudflarehostedsite.com, you should not worry.

              However if you only typed “yourcloudflarehostedsite.com” in the address bar, browsers think you mean http://yourcloudflarehostedsite.com, and the redirection to https is made by CloudFlare. In this case, you might be affected.

              Check out https://rosettacode.org/wiki/Rosetta_Code, this is how every site using CloudFlare should look like now: they should all have a big red notification bar.

              Reply | Quote
          • JohnW
            AskWoody Lounger
            February 27, 2017 at 12:07 pm #97570

            I noticed that Patreon.com comes up positive in that checker.

            Windows 10 Pro 22H2

            Reply | Quote
    • Microfix
      AskWoody MVP
      February 25, 2017 at 2:23 pm #97330

      Rest assured Woody, confidence is high on AskWoody. Thanks for the heads up!

      Honesty goes a long way 🙂

      Windows - commercial by definition and now function...
      1 user thanked author for this post.
      WildBill
      Reply | Quote
    • anonymous
      Guest
      February 25, 2017 at 5:25 pm #97349

      ? says:

      thanks for doing it right, Woody.

      unfortunate that the bad actors take advantage of the conscientious users on the swiss cheese interweb. kinda like real life in the modern world…

      Reply | Quote
    • woody
      Manager
      February 26, 2017 at 7:06 am #97392

      Martin Brinkmann has a discussion of two browser extensions — one for Firefox, the other for Chrome – called CloudBleed. CloudBleed scans your browsing history and tell you if you’ve ventured onto a leaky site.

      Give it a try. See this ghacks article.

      1 user thanked author for this post.
      JohnW
      Reply | Quote
      • Kirsty
        Manager
        February 26, 2017 at 10:44 am #97411

        The Firefox extension took seconds to install and check. I got 12 results, but there wasn’t anything with an account, which is worth knowing anyway.

        Reply | Quote
        • PKCano
          Manager
          February 26, 2017 at 10:48 am #97412

          In Firefox, I use AdBloc Plus (turned off on AskWoody), NoScript, and Disconnect. Plus I run TrendMicro on my Macs.
          Mine has turned up clean every time

          Reply | Quote
      • JohnW
        AskWoody Lounger
        February 27, 2017 at 11:45 am #97563

        I saw Uber and Yelp on a Cloudflare related list, so if you only use these from mobile, you may want to change your passwords for them.  The desktop browser plugin won’t see your mobile account use.

        Windows 10 Pro 22H2

        Reply | Quote
      • JohnW
        AskWoody Lounger
        February 27, 2017 at 12:14 pm #97573

        If you have deleted your browser history, the plugin can also check your bookmarks instead.

        But if like me you use multiple browsers including Edge, and delete some history, I found another way.

        I also use CCleaner to preserve my “good” cookies for sites with accounts.  The CCleaner cookie “whitelist” makes a good list to check with with the leak checker you listed here: http://cloudflarelistcheck.abal.moe/

        Windows 10 Pro 22H2

        Reply | Quote
    • WildBill
      AskWoody Plus
      February 26, 2017 at 3:37 pm #97426

      I use NoScript & AdBlockPlus; usually to reach a site (like AskWoody), I temporarily allow the site I go to under NoScript. Have some hits, but I only have accounts on 2 sites. For Medium, I had to change my Twitter password, since I sign in with it.

      Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
      Wild Bill Rides Again...

      Reply | Quote
    Viewing 4 reply threads
    Reply To: Cloudflare parser leak: No problem here

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.