Veteran³ Immigrant
|
correct me if i am wrong here (which i am sure you will)
but isn't using bugs like this a predominant way to gain user data/login info?
isn't that what they fear happened?
a lot of this is semantics at this point
it is like saying your bike wasn't stolen. your bike lock sucked...but someone did take your bike.
BUT IT WASN"T BIKE THEFT
|
|
|
Veteran³ Immigrant
|
Quote:
Originally Posted by DMAUL
exploited is a strong term (which i'm sure you know from your vast expertise on the subject), i have not read anything to suggest that they have evidence that anyone exploited this leak to gain information. we await your expert analysis.
|
so does someone have to do it by hand for it to be considered an issue?
Quote:
Normally, this injected information would have gone unnoticed, hidden away in the webpage source, but the leak was noticed by security researchers – and the escaped data made its way into the Google cache and the hands of other bots trawling the web.
|
does bot automation not count as a real issue?
|
|
|
VeteranXX
|
Captain tele the electronic security expert arguing with dmaul is pretty great
It was like watching tehvul argue about how stars are hollow with that astrophysicist guy a while ago
|
|
|
VeteranXX Contributor
|
I'm glad you actually asked decent questions instead of just your normal incoherent rambling.
bugs like this are not common. this is an information leak bug, usually those are only used for gaining information about a system for exploiting a different vulnerability. for instance, defeating aslr on a system often requires an info leak. the info leak itself is not valuable on its own. the exception, other than this case, is the heartbleed bug in openssl. that was a very similar bug but was much, much more significant because it was not a singular instance of a platform bug but a piece of software used by a large portion of web servers. there are still web servers vulnerable to heartbleed on the internet now. the cloudflare bug is fixed, was likely first found by researchers but clearly that is not yet determined, only leaked other client data and not anything else (heartbleed could contain web server private keys), and is restricted to a one in approximately 3 million chance. also unlike heartbleed, all these connections are logged so even in instances where somebody could find a way to do it more efficiently, cloudflare will have evidence of it. heartbleed left no evidence in the web server logs.
the impact is likely to be little or none, but as you pointed out and i accounted for, some caching services will have inadvertently collected other's data. in an abundance of caution, change your passwords. or don't, it very likely doesn't matter. this is based on what they've made available so far but their info on it so far has been detailed enough to reach those conclusions.
|
|
|
Veteran³ Immigrant
|
Quote:
Originally Posted by Ztir
Captain tele the electronic security expert arguing with dmaul is pretty great
It was like watching tehvul argue about how stars are hollow with that astrophysicist guy a while ago
|
Since the origins of Cloudflare this has been an issue and concern
Quote:
These bots include the usual suspects like search engine crawlers, but also include malicious bots scanning for vulnerabilities or harvesting data.
|
Quote:
The average website sees more than 20% of its requests coming from some sort of automated bot.
|
CloudFlare Uses Intelligent Caching to Avoid the Bot Performance Tax
16 Dec 2011 ....
you don't say......I am sure the bot issue is far worse than this now
Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug â***8364;¢ The Register
Quote:
Logs on Cloudflare systems show that the period of greatest leakage occurred between February 13 and 18, and even then only 1 in every 3,300,000 HTTP requests through Cloudflare leaked data. We're told the proxy server bug affected 3,438 domains, and 150 Cloudflare customers. The biz said it held off disclosing the issue until it was sure that search engines had cleared their caches.
|
huh....i wonder if anyone but the site developers noticed this?
if this wasn't another reason why the site was hammered with traffic lately (as others pointed out).
February 13 and 18....most info leaked implying most http requests if it happens 1 in every 3,300,000
I mean this is directly implied to people who know how to read. but ztir probably wasn't handed that ability to him by gubmt so it isn't fair to assume he has this capacity.
|
|
Last edited by Captain Tele; 02-24-2017 at 15:47..
|
Veteran³ Immigrant
|
|
|
Last edited by Captain Tele; 02-24-2017 at 15:38..
|
VeteranXX
|
Since this leak was ongoing from September 2016 onwards, can you DMAUL do a quick calculation as to how many passwords were leaked? You're an expert, so it shouldn't be difficult to come up with some rough but realistic numbers on how many calls these sites got during this timeframe. Thanks!
|
|
|
VeteranXX Contributor
|
Quote:
Originally Posted by absent
Since this leak was ongoing from September 2016 onwards, can you DMAUL do a quick calculation as to how many passwords were leaked? You're an expert, so it shouldn't be difficult to come up with some rough but realistic numbers on how many calls these sites got during this timeframe. Thanks!
|
That would be a very rough estimate without much more additional detail. For one, cloudflare doesn't publish popularity for most sites they protect. Two, not every configuration for a cloudflare site was even subject to this bug, so we don't even know how many sites were actually affected. Some popular sites have already said they weren't. Three, it is a result of a buffer underrun and I don't know how much data leaked each time, so even saying something leaked doesn't tell you if it was valuable. Four, the leaked data would have to contain something sensitive like a password or session key. Session keys are generally set to expire in a month to six month timeframe, so them leaking a long time ago doesn't matter much. Five, the person getting the leaked data would need to know they are or have saved it, which is not very likely if you don't know about it.
If you want to ignore all that and still make your estimate, then take the number of hits and divide by 3,300,000? resulting number is useless though. I'm sure they have plenty of people working on a better answer.
|
|
|
Veteran³ Immigrant
|
to clarify, since DMAUL is being beyond reasonable here
Someone pointed out that the traffic was insane yesterday on 4chan/reddit
some of this can obviously be attributed to the veritas dump announcement
some wrongly or rightly assuming it was in the form of a ddos attack.
but even Cloudflare admits this has been the case for the past few weeks.
Quote:
Logs on Cloudflare systems show that the period of greatest leakage occurred between February 13 and 18, and even then only 1 in every 3,300,000 HTTP requests through Cloudflare leaked data.
|
I mean if greatest leakage occurred between February 13 and 18, with 1 in every 3,300,000 HTTP requests buffer flowing cache/user data, then it is implied that this is the period with their largest site traffic requests.
You don't have to be an expert to understand something this basic.
What % of this traffic was actual users searching for content, versus bots, is in question (we don't know)
Quote:
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
|
Nor do we know what has been done with this leaked data.
The rest is confirmed....as in something has been going on in regards to traffic
Thank you....I will be here all week
|
|
Last edited by Captain Tele; 02-24-2017 at 15:59..
|
VeteranXX Contributor
|
What tele is conveniently ignoring is that he and the guy from 4chan were completely wrong in regards to what was posted in the maga thread. this bug is completely unrelated.
|
|
|
Veteran³ Immigrant
|
someone falsely assumed that this was a ddos attack against veritas upload
whereas it looks like the sight was being swamped for data mining reasons
they were correct in bombardment......wrong on reason why
is that wrong to say?
|
|
|
REEEEEEEEEEEXV
|
is there any thread on tw where captain cuck isnt spazzing out
|
|
|
VeteranXX Contributor
|
uh yeah, cloudflare is, among other things, protection against ddos. their site behind cloudflare going down isn't evidence of an attack or ddos. you are making a ton of connections that there are no evidence for. you are doing that because you don't know what you are talking about.
|
|
|
Veteran³ Immigrant
|
boy we have to chew this into tiny ****ing pieces to get any kind of agreement
Quote:
Logs on Cloudflare systems show that the period of greatest leakage occurred between February 13 and 18, and even then only 1 in every 3,300,000 HTTP requests through Cloudflare leaked data.
|
does this not mean that they had higher http requests during this time period?
obviously it does
so why?
|
|
|
VeteranXX Contributor
|
No it doesn't. they said that was the highest period of leakage. we don't know the nature of the bug. they appear to be saying that the bug was at it's worst during that period, leaking data in 1 in 3,300,000 requests. meaning at other times it could have been 1 in 9999999999 for all we know. it says nothing about volume. it's no surprise you suck at reading comprehension too
|
|
|
Veteran³ Immigrant
|
Quote:
Originally Posted by DMAUL
No it doesn't. they said that was the highest period of leakage. we don't know the nature of the bug. they appear to be saying that the bug was at it's worst during that period, leaking data in 1 in 3,300,000 requests. meaning at other times it could have been 1 in 9999999999 for all we know. it says nothing about volume. it's no surprise you suck at reading comprehension too
|
so more traffic wouldn't increase leakage rates under either of those scenarios?
holy **** this is funny
we can't even agree on this small aspect
apparently your expertise didn't come with a rudimentary explanation of statistics
what we need here is a math major apparently
|
|
|
Veteran³ Immigrant
|
and there goes this argument "from our expert" that this bug somehow sparsed at different rates
Quote:
A while later, we figured out how to reproduce the problem. It looked like that if an html page hosted behind cloudflare had a specific combination of unbalanced tags, the proxy would intersperse pages of uninitialized memory into the output (kinda like heartbleed, but cloudflare specific and worse for reasons I'll explain later). My working theory was that this was related to their "ScrapeShield" feature which parses and obfuscates html - but because reverse proxies are shared between customers, it would affect *all* Cloudflare customers.
We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.
|
https://bugs.chromium.org/p/project-...detail?id=1139
hope you didn't pay much for those certs brah
this is frankly fuking embarrasing
|
|
|
VeteranXX Contributor
|
this thread turned gay and fast
|
|
|
VeteranXX
|
well ya, you have capt tele trying to play devops and spewing things he doesn't understand
kinda like most threads he "participates" in
|
|
|
Veteran³ Immigrant
|
like math and basic statistics
which were proven
i mean i can't even get him to admit that a overflow bug can be exploited by bots or that more data would spill with an increase in domain traffic (both of which they blatantly spelled out themselves)
i would get more basic than this....dumb it down further
But I'm not a director of customer success expert like you
LOL
I mean it is pretty full contact in here if you know what i mean
|
|
Last edited by Captain Tele; 02-24-2017 at 17:58..
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
AGENT: claudebot / Y
All times are GMT -4. The time now is 14:06.
|