Cloudflare hack

ProfessorDM · 2017-02-26 7:10 am

Has SFS been compromised in anyway by the recent Cloudflare hack? Should we change our passwords on SFS?

Alex Kemp · 2017-02-26 9:45 am

SFS does make use of CloudFlare and thus it is possible that some SFS users may have been affected. pedigree immediately acted on this info by negating all existing auto-login secrets.

Thus, you should have been forced to re-login before being able to post your message; that has reset the auto-login 'secret' which would, for most, have been the main important item (possibly) compromised by the CF hack. If you are super-cautious (like me) then obtain a new password (via Profile | Essentials, also obtained by clicking on your name) and logout/re-login.

For those that are unsure what on earth is being talked about:- Register report on Cloudbleed.

Thanks to Maikuolan for the original heads-up & the following excerpt from The Register:

“Logs on Cloudflare systems show that the period of greatest leakage occurred between February 13 and 18, and even then only 1 in every 3,300,000 HTTP requests through Cloudflare leaked data. We're told the proxy server bug affected 3,438 domains, and 150 Cloudflare customers. The biz said it held off disclosing the issue until it was sure that search engines had cleared their caches.”

Alex Kemp · 2017-02-26 10:14 am

If you use Linux, then try this link for ways to generate a random password (32-digits should be adequate):
https://www.howtogeek.com/howto/30184/1 … mand-line/

chrishirst · 2017-02-26 11:01 am

And for the M$ Window$ users

http://pwgen-win.sourceforge.net/

#1 2017-02-26 7:10 am

Cloudflare hack

#2 2017-02-26 9:45 am

Re: Cloudflare hack

#3 2017-02-26 10:14 am

Re: Cloudflare hack

#4 2017-02-26 11:01 am

Re: Cloudflare hack

Board footer