Major leak of sensitive internet data

[PeacefulViking]

An Internet company called Cloudfare, which many websites use to provide security has been found to leak sensitive information for months. The data that users could get access to included passwords and messages on dating sites. The information was also cached by Internet search engines in some cases, which means anyone searching could come across it. The bug was discovered by a Google engineer and Google and other search engines have been deleting their affected cache content. One description here.

It is not known if anyone has exploited the bug prior to it being fixed but some experts recommend changing all your internet passwords.

 

[Orbit v2]

p.ie uses cloudflare.

 

[PeacefulViking]

p.ie uses cloudflare.

Then you should probably change your password to be on the safe side. If you use the same password on other more important sites (not something you are supposed to do but some do anyway) then you should change them as well.

 

[Orbit v2]

Then you should probably change your password to be on the safe side. If you use the same password on other more important sites (not something you are supposed to do but some do anyway) then you should change them as well.

The thing is that p.ie doesn't use SSL (https web links). Your password has always been sent in plaintext. I suppose this could in theory make it easier for someone to see that password, so maybe it makes sense to change it, if you care enough about your p.ie account.

What will be interesting is the other sites that are affected, which were using SSL. Some of their users are likely to be very p!ssed off when it emerges that the encryption wasn't going end to end to (... the dating site, or Uber or whoever) but only as far as Cloudflare who were then broadcasting it to the world. I didn't realise Cloudflare do that.

 

[Black Swan]

I use NoScript to block Cloudflare.

HTTPS Everywhere is another extension worth looking into.

 

[PeacefulViking]

The thing is that p.ie doesn't use SSL (https web links). Your password has always been sent in plaintext. I suppose this could in theory make it easier for someone to see that password, so maybe it makes sense to change it, if you care enough about your p.ie account.

What will be interesting is the other sites that are affected, which were using SSL. Some of their users are likely to be very p!ssed off when it emerges that the encryption wasn't going end to end to (... the dating site, or Uber or whoever) but only as far as Cloudflare who were then broadcasting it to the world. I didn't realise Cloudflare do that.

The bug would make it more likely that your password can be found somewhere in a cached website so I guess it has made p.ie passwords slightly less secure.

 

[Orbit v2]

I use NoScript to block Cloudflare.

How can you access p.ie (or other cloudflare users) if you block cloudflare?

 

[Black Swan]

How can you access p.ie (or other cloudflare users) if you block cloudflare?

It doesn't have any significant impact on site functionality.

AFAIK one only needs to have the 'politics.ie script' enabled to log in.

 

[jmcc]

It doesn't have any significant impact on site functionality.

AFAIK one only needs to have the 'politics.ie script' enabled to log in.

And where is your computer is downloading the webpages from? Directly from P.ie's servers or from the Cloudflare servers?

 

[Black Swan]

And where is your computer is downloading the webpages from? Directly from P.ie's servers or from the Cloudflare servers?

I only have the P.ie script enabled, so P.ie servers.

As far as I've been able to ascertain, Cloudflare has never done anything useful when I've had it enabled in the past. If any of the slowdowns or outages on this site have been due to DDoS attacks, Cloudflare didn't make any difference.

It might be worth it if you're running a business, but it's just another tracking script to eliminate from the equation, as far as my activities on here are concerned.

I'm no IT expert though, so you should get a second opinion.

 

[Prof Honeydew]

An Internet company called Cloudfare, which many websites use to provide security has been found to leak sensitive information for months. The data that users could get access to included passwords and messages on dating sites. The information was also cached by Internet search engines in some cases, which means anyone searching could come across it. The bug was discovered by a Google engineer and Google and other search engines have been deleting their affected cache content. One description here.

It is not known if anyone has exploited the bug prior to it being fixed but some experts recommend changing all your internet passwords.

Jeez!! Ger 12 is going to find out I'm chatting up Bea C. I'm going to get an earful from Roisin for taking Emily Davison to the late nite movie when I told her I was out having a few with the lads. I can only guess what Petaljam's reaction will be when she taps into my Visa statement. And as for The Eagle of the Ninth....

 

[Black Swan]

To update this thread.

In order to explore one's recent posts beyond the first page, one must first enable the cloudflare.com script, followed by the googlesyndication.com script.