Cloudflare hacked the **** out of, 10k+ sites affected by absent - Page 3 - TribalWar Forums
Click Here to find great hosting deals from Branzone.com


Go Back   TribalWar Forums > TribalWar Community > General Discussion
Reload this Page Cloudflare hacked the **** out of, 10k+ sites affected
Page 3 of 5
Thread Tools
Captain Tele
Veteran³
Immigrant
Old
41 - 02-24-2017, 14:53
Reply With Quote
correct me if i am wrong here (which i am sure you will)

but isn't using bugs like this a predominant way to gain user data/login info?

isn't that what they fear happened?

a lot of this is semantics at this point

it is like saying your bike wasn't stolen. your bike lock sucked...but someone did take your bike.

BUT IT WASN"T BIKE THEFT
 
Captain Tele is offline
 
Sponsored Links
Captain Tele
Veteran³
Immigrant
Old
42 - 02-24-2017, 14:56
Reply With Quote
Quote:
Originally Posted by DMAUL View Post
exploited is a strong term (which i'm sure you know from your vast expertise on the subject), i have not read anything to suggest that they have evidence that anyone exploited this leak to gain information. we await your expert analysis.
so does someone have to do it by hand for it to be considered an issue?

Quote:
Normally, this injected information would have gone unnoticed, hidden away in the webpage source, but the leak was noticed by security researchers – and the escaped data made its way into the Google cache and the hands of other bots trawling the web.
does bot automation not count as a real issue?
 
Captain Tele is offline
 
Ztir
VeteranXX
Old
43 - 02-24-2017, 15:22
Reply With Quote
Captain tele the electronic security expert arguing with dmaul is pretty great

It was like watching tehvul argue about how stars are hollow with that astrophysicist guy a while ago
 
Ztir is offline
 
DMAUL
VeteranXX
Contributor
Old
44 - 02-24-2017, 15:26
Reply With Quote
I'm glad you actually asked decent questions instead of just your normal incoherent rambling.

bugs like this are not common. this is an information leak bug, usually those are only used for gaining information about a system for exploiting a different vulnerability. for instance, defeating aslr on a system often requires an info leak. the info leak itself is not valuable on its own. the exception, other than this case, is the heartbleed bug in openssl. that was a very similar bug but was much, much more significant because it was not a singular instance of a platform bug but a piece of software used by a large portion of web servers. there are still web servers vulnerable to heartbleed on the internet now. the cloudflare bug is fixed, was likely first found by researchers but clearly that is not yet determined, only leaked other client data and not anything else (heartbleed could contain web server private keys), and is restricted to a one in approximately 3 million chance. also unlike heartbleed, all these connections are logged so even in instances where somebody could find a way to do it more efficiently, cloudflare will have evidence of it. heartbleed left no evidence in the web server logs.

the impact is likely to be little or none, but as you pointed out and i accounted for, some caching services will have inadvertently collected other's data. in an abundance of caution, change your passwords. or don't, it very likely doesn't matter. this is based on what they've made available so far but their info on it so far has been detailed enough to reach those conclusions.
 
DMAUL is offline
 
Captain Tele
Veteran³
Immigrant
Old
45 - 02-24-2017, 15:33
Reply With Quote
Quote:
Originally Posted by Ztir View Post
Captain tele the electronic security expert arguing with dmaul is pretty great

It was like watching tehvul argue about how stars are hollow with that astrophysicist guy a while ago
Since the origins of Cloudflare this has been an issue and concern

Quote:
These bots include the usual suspects like search engine crawlers, but also include malicious bots scanning for vulnerabilities or harvesting data.
Quote:
The average website sees more than 20% of its requests coming from some sort of automated bot.
CloudFlare Uses Intelligent Caching to Avoid the Bot Performance Tax

16 Dec 2011 ....

you don't say......I am sure the bot issue is far worse than this now

Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug â***8364;¢ The Register

Quote:
Logs on Cloudflare systems show that the period of greatest leakage occurred between February 13 and 18, and even then only 1 in every 3,300,000 HTTP requests through Cloudflare leaked data. We're told the proxy server bug affected 3,438 domains, and 150 Cloudflare customers. The biz said it held off disclosing the issue until it was sure that search engines had cleared their caches.
huh....i wonder if anyone but the site developers noticed this?

if this wasn't another reason why the site was hammered with traffic lately (as others pointed out).

February 13 and 18....most info leaked implying most http requests if it happens 1 in every 3,300,000

I mean this is directly implied to people who know how to read. but ztir probably wasn't handed that ability to him by gubmt so it isn't fair to assume he has this capacity.
 
Captain Tele is offline
 
Last edited by Captain Tele; 02-24-2017 at 15:47..
Captain Tele
Veteran³
Immigrant
Old
46 - 02-24-2017, 15:35
Reply With Quote


this is hacking folks

Hackers Don***8217;t Have to Be Human Anymore. This Bot Battle Proves It

this isn't

the peanut gallery has spoken
 
Captain Tele is offline
 
Last edited by Captain Tele; 02-24-2017 at 15:38..
absent
VeteranXX
Old
47 - 02-24-2017, 15:36
Reply With Quote
Since this leak was ongoing from September 2016 onwards, can you DMAUL do a quick calculation as to how many passwords were leaked? You're an expert, so it shouldn't be difficult to come up with some rough but realistic numbers on how many calls these sites got during this timeframe. Thanks!
 
absent is offline
 
DMAUL
VeteranXX
Contributor
Old
48 - 02-24-2017, 15:46
Reply With Quote
Quote:
Originally Posted by absent View Post
Since this leak was ongoing from September 2016 onwards, can you DMAUL do a quick calculation as to how many passwords were leaked? You're an expert, so it shouldn't be difficult to come up with some rough but realistic numbers on how many calls these sites got during this timeframe. Thanks!
That would be a very rough estimate without much more additional detail. For one, cloudflare doesn't publish popularity for most sites they protect. Two, not every configuration for a cloudflare site was even subject to this bug, so we don't even know how many sites were actually affected. Some popular sites have already said they weren't. Three, it is a result of a buffer underrun and I don't know how much data leaked each time, so even saying something leaked doesn't tell you if it was valuable. Four, the leaked data would have to contain something sensitive like a password or session key. Session keys are generally set to expire in a month to six month timeframe, so them leaking a long time ago doesn't matter much. Five, the person getting the leaked data would need to know they are or have saved it, which is not very likely if you don't know about it.

If you want to ignore all that and still make your estimate, then take the number of hits and divide by 3,300,000? resulting number is useless though. I'm sure they have plenty of people working on a better answer.
 
DMAUL is offline
 
Captain Tele
Veteran³
Immigrant
Old
49 - 02-24-2017, 15:52
Reply With Quote
to clarify, since DMAUL is being beyond reasonable here

Someone pointed out that the traffic was insane yesterday on 4chan/reddit

some of this can obviously be attributed to the veritas dump announcement

some wrongly or rightly assuming it was in the form of a ddos attack.

but even Cloudflare admits this has been the case for the past few weeks.

Quote:
Logs on Cloudflare systems show that the period of greatest leakage occurred between February 13 and 18, and even then only 1 in every 3,300,000 HTTP requests through Cloudflare leaked data.
I mean if greatest leakage occurred between February 13 and 18, with 1 in every 3,300,000 HTTP requests buffer flowing cache/user data, then it is implied that this is the period with their largest site traffic requests.

You don't have to be an expert to understand something this basic.

What % of this traffic was actual users searching for content, versus bots, is in question (we don't know)

Quote:
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
Nor do we know what has been done with this leaked data.

The rest is confirmed....as in something has been going on in regards to traffic

Thank you....I will be here all week
 
Captain Tele is offline
 
Last edited by Captain Tele; 02-24-2017 at 15:59..
DMAUL
VeteranXX
Contributor
Old
50 - 02-24-2017, 16:00
Reply With Quote
What tele is conveniently ignoring is that he and the guy from 4chan were completely wrong in regards to what was posted in the maga thread. this bug is completely unrelated.
 
DMAUL is offline
 
Captain Tele
Veteran³
Immigrant
Old
51 - 02-24-2017, 16:02
Reply With Quote
someone falsely assumed that this was a ddos attack against veritas upload

whereas it looks like the sight was being swamped for data mining reasons

they were correct in bombardment......wrong on reason why

is that wrong to say?
 
Captain Tele is offline
 
blackpeople
REEEEEEEEEEEXV
Old
52 - 02-24-2017, 16:06
Reply With Quote
is there any thread on tw where captain cuck isnt spazzing out
 
blackpeople is online now
 
DMAUL
VeteranXX
Contributor
Old
53 - 02-24-2017, 16:07
Reply With Quote
uh yeah, cloudflare is, among other things, protection against ddos. their site behind cloudflare going down isn't evidence of an attack or ddos. you are making a ton of connections that there are no evidence for. you are doing that because you don't know what you are talking about.
 
DMAUL is offline
 
Captain Tele
Veteran³
Immigrant
Old
54 - 02-24-2017, 16:10
Reply With Quote
boy we have to chew this into tiny ****ing pieces to get any kind of agreement

Quote:
Logs on Cloudflare systems show that the period of greatest leakage occurred between February 13 and 18, and even then only 1 in every 3,300,000 HTTP requests through Cloudflare leaked data.
does this not mean that they had higher http requests during this time period?

obviously it does

so why?
 
Captain Tele is offline
 
DMAUL
VeteranXX
Contributor
Old
55 - 02-24-2017, 16:14
Reply With Quote
No it doesn't. they said that was the highest period of leakage. we don't know the nature of the bug. they appear to be saying that the bug was at it's worst during that period, leaking data in 1 in 3,300,000 requests. meaning at other times it could have been 1 in 9999999999 for all we know. it says nothing about volume. it's no surprise you suck at reading comprehension too
 
DMAUL is offline
 
Captain Tele
Veteran³
Immigrant
Old
56 - 02-24-2017, 16:16
Reply With Quote
Quote:
Originally Posted by DMAUL View Post
No it doesn't. they said that was the highest period of leakage. we don't know the nature of the bug. they appear to be saying that the bug was at it's worst during that period, leaking data in 1 in 3,300,000 requests. meaning at other times it could have been 1 in 9999999999 for all we know. it says nothing about volume. it's no surprise you suck at reading comprehension too
so more traffic wouldn't increase leakage rates under either of those scenarios?

holy **** this is funny

we can't even agree on this small aspect

apparently your expertise didn't come with a rudimentary explanation of statistics

what we need here is a math major apparently
 
Captain Tele is offline
 
Captain Tele
Veteran³
Immigrant
Old
57 - 02-24-2017, 16:23
Reply With Quote
and there goes this argument "from our expert" that this bug somehow sparsed at different rates

Quote:
A while later, we figured out how to reproduce the problem. It looked like that if an html page hosted behind cloudflare had a specific combination of unbalanced tags, the proxy would intersperse pages of uninitialized memory into the output (kinda like heartbleed, but cloudflare specific and worse for reasons I'll explain later). My working theory was that this was related to their "ScrapeShield" feature which parses and obfuscates html - but because reverse proxies are shared between customers, it would affect *all* Cloudflare customers.

We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.
https://bugs.chromium.org/p/project-...detail?id=1139

hope you didn't pay much for those certs brah

this is frankly fuking embarrasing
 
Captain Tele is offline
 
Highfive
VeteranXX
Contributor
Old
58 - 02-24-2017, 17:13
Reply With Quote
this thread turned gay and fast
 
Highfive is offline
 
FOURSTAR
VeteranXX
Old
59 - 02-24-2017, 17:42
Reply With Quote
well ya, you have capt tele trying to play devops and spewing things he doesn't understand

kinda like most threads he "participates" in
 
FOURSTAR is offline
 
Captain Tele
Veteran³
Immigrant
Old
60 - 02-24-2017, 17:54
Reply With Quote
like math and basic statistics

which were proven

i mean i can't even get him to admit that a overflow bug can be exploited by bots or that more data would spill with an increase in domain traffic (both of which they blatantly spelled out themselves)

i would get more basic than this....dumb it down further

But I'm not a director of customer success expert like you

LOL

I mean it is pretty full contact in here if you know what i mean
 
Captain Tele is offline
 
Last edited by Captain Tele; 02-24-2017 at 17:58..
Page 3 of 5
Reply


Go Back   TribalWar Forums > TribalWar Community > General Discussion
Reload this Page Cloudflare hacked the **** out of, 10k+ sites affected

Social Website Bullshit

Tags
absent thread


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


AGENT: claudebot / Y
All times are GMT -4. The time now is 14:06.