Major leak of sensitive internet data

PeacefulViking

Well-known member
Joined
Apr 20, 2012
Messages
2,469
An Internet company called Cloudfare, which many websites use to provide security has been found to leak sensitive information for months. The data that users could get access to included passwords and messages on dating sites. The information was also cached by Internet search engines in some cases, which means anyone searching could come across it. The bug was discovered by a Google engineer and Google and other search engines have been deleting their affected cache content. One description here.

It is not known if anyone has exploited the bug prior to it being fixed but some experts recommend changing all your internet passwords.
 


PeacefulViking

Well-known member
Joined
Apr 20, 2012
Messages
2,469
p.ie uses cloudflare.
Then you should probably change your password to be on the safe side. If you use the same password on other more important sites (not something you are supposed to do but some do anyway) then you should change them as well.
 

Orbit v2

Well-known member
Joined
Dec 8, 2010
Messages
12,049
Then you should probably change your password to be on the safe side. If you use the same password on other more important sites (not something you are supposed to do but some do anyway) then you should change them as well.
The thing is that p.ie doesn't use SSL (https web links). Your password has always been sent in plaintext. I suppose this could in theory make it easier for someone to see that password, so maybe it makes sense to change it, if you care enough about your p.ie account.

What will be interesting is the other sites that are affected, which were using SSL. Some of their users are likely to be very p!ssed off when it emerges that the encryption wasn't going end to end to (... the dating site, or Uber or whoever) but only as far as Cloudflare who were then broadcasting it to the world. I didn't realise Cloudflare do that.
 

PeacefulViking

Well-known member
Joined
Apr 20, 2012
Messages
2,469
The thing is that p.ie doesn't use SSL (https web links). Your password has always been sent in plaintext. I suppose this could in theory make it easier for someone to see that password, so maybe it makes sense to change it, if you care enough about your p.ie account.

What will be interesting is the other sites that are affected, which were using SSL. Some of their users are likely to be very p!ssed off when it emerges that the encryption wasn't going end to end to (... the dating site, or Uber or whoever) but only as far as Cloudflare who were then broadcasting it to the world. I didn't realise Cloudflare do that.
The bug would make it more likely that your password can be found somewhere in a cached website so I guess it has made p.ie passwords slightly less secure.
 

Black Swan

Well-known member
Joined
Jul 18, 2014
Messages
5,477
How can you access p.ie (or other cloudflare users) if you block cloudflare?
It doesn't have any significant impact on site functionality.

AFAIK one only needs to have the 'politics.ie script' enabled to log in.
 

jmcc

Well-known member
Joined
Jun 12, 2004
Messages
42,695
It doesn't have any significant impact on site functionality.

AFAIK one only needs to have the 'politics.ie script' enabled to log in.
And where is your computer is downloading the webpages from? Directly from P.ie's servers or from the Cloudflare servers?
 

Black Swan

Well-known member
Joined
Jul 18, 2014
Messages
5,477
And where is your computer is downloading the webpages from? Directly from P.ie's servers or from the Cloudflare servers?
I only have the P.ie script enabled, so P.ie servers.

As far as I've been able to ascertain, Cloudflare has never done anything useful when I've had it enabled in the past. If any of the slowdowns or outages on this site have been due to DDoS attacks, Cloudflare didn't make any difference.

It might be worth it if you're running a business, but it's just another tracking script to eliminate from the equation, as far as my activities on here are concerned.

I'm no IT expert though, so you should get a second opinion.
 

Prof Honeydew

Well-known member
Joined
Sep 17, 2010
Messages
5,186
An Internet company called Cloudfare, which many websites use to provide security has been found to leak sensitive information for months. The data that users could get access to included passwords and messages on dating sites. The information was also cached by Internet search engines in some cases, which means anyone searching could come across it. The bug was discovered by a Google engineer and Google and other search engines have been deleting their affected cache content. One description here.

It is not known if anyone has exploited the bug prior to it being fixed but some experts recommend changing all your internet passwords.
Jeez!! Ger 12 is going to find out I'm chatting up Bea C. I'm going to get an earful from Roisin for taking Emily Davison to the late nite movie when I told her I was out having a few with the lads. I can only guess what Petaljam's reaction will be when she taps into my Visa statement. And as for The Eagle of the Ninth....
 

Black Swan

Well-known member
Joined
Jul 18, 2014
Messages
5,477
To update this thread.

In order to explore one's recent posts beyond the first page, one must first enable the cloudflare.com script, followed by the googlesyndication.com script.
 


New Threads

Most Replies

Top