• Cloudflare parser leak: No problem here

    Home » Forums » Newsletter and Homepage topics » Cloudflare parser leak: No problem here

    Author
    Topic
    #97325

    As @Kirsty noted over in the Code Red forum yesterday, Cloudflare has reported a security problem with their servers which led to leaked information f
    [See the full post at: Cloudflare parser leak: No problem here]

    6 users thanked author for this post.
    Viewing 4 reply threads
    Author
    Replies
    • #97327

      I wish all the major affected sites would prominently post this disclosure – positive or negative – on their landing pages.

      Thank you!

      ~ Group "Weekend" ~

      1 user thanked author for this post.
      • #97378

        NowSecure (https://www.nowsecure.com/) is also using CloudFlare. I see the big red notification box on their home page…

        Woody, can you post a more specific link? I can’t find the list of affected sites on NowSecure.

        • #97385

          I thought it would be easy to find a definitive list of leaky sites, but nuthin’s easy on the web…

          This site seems to be the most thorough: http://cloudflarelistcheck.abal.moe/

          1 user thanked author for this post.
          • #97568

            Woody! Thanks for that checker!

            Here’s a list of sites that use Cloudflare, but doesn’t necessarily mean they leaked.  But sometimes better to be safe … it’s a long list, butyou can use your browser’s “Find” tool to search the list for site domains that you may use.

            https://github.com/pirate/sites-using-cloudflare

            Windows 10 Pro 22H2

            • #98202

              This is not the full list. Far away from that. Hundreds of thousands of sites use CloudFlare. The Alexa top 10000 is just a fraction of that.

              “Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug.” so if you always used https://yourcloudflarehostedsite.com, you should not worry.

              However if you only typed “yourcloudflarehostedsite.com” in the address bar, browsers think you mean http://yourcloudflarehostedsite.com, and the redirection to https is made by CloudFlare. In this case, you might be affected.

              Check out https://rosettacode.org/wiki/Rosetta_Code, this is how every site using CloudFlare should look like now: they should all have a big red notification bar.

          • #97570

            I noticed that Patreon.com comes up positive in that checker.

            Windows 10 Pro 22H2

    • #97330

      Rest assured Woody, confidence is high on AskWoody. Thanks for the heads up!

      Honesty goes a long way 🙂

      No problem can be solved from the same level of consciousness that created IT- AE
      1 user thanked author for this post.
    • #97349

      ? says:

      thanks for doing it right, Woody.

      unfortunate that the bad actors take advantage of the conscientious users on the swiss cheese interweb. kinda like real life in the modern world…

    • #97392

      Martin Brinkmann has a discussion of two browser extensions — one for Firefox, the other for Chrome – called CloudBleed. CloudBleed scans your browsing history and tell you if you’ve ventured onto a leaky site.

      Give it a try. See this ghacks article.

      1 user thanked author for this post.
      • #97411

        The Firefox extension took seconds to install and check. I got 12 results, but there wasn’t anything with an account, which is worth knowing anyway.

        • #97412

          In Firefox, I use AdBloc Plus (turned off on AskWoody), NoScript, and Disconnect. Plus I run TrendMicro on my Macs.
          Mine has turned up clean every time

      • #97563

        I saw Uber and Yelp on a Cloudflare related list, so if you only use these from mobile, you may want to change your passwords for them.  The desktop browser plugin won’t see your mobile account use.

        Windows 10 Pro 22H2

      • #97573

        If you have deleted your browser history, the plugin can also check your bookmarks instead.

        But if like me you use multiple browsers including Edge, and delete some history, I found another way.

        I also use CCleaner to preserve my “good” cookies for sites with accounts.  The CCleaner cookie “whitelist” makes a good list to check with with the leak checker you listed here: http://cloudflarelistcheck.abal.moe/

        Windows 10 Pro 22H2

    • #97426

      I use NoScript & AdBlockPlus; usually to reach a site (like AskWoody), I temporarily allow the site I go to under NoScript. Have some hits, but I only have accounts on 2 sites. For Medium, I had to change my Twitter password, since I sign in with it.

      Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
      Wild Bill Rides Again...

    Viewing 4 reply threads
    Reply To: Cloudflare parser leak: No problem here

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: