Not gaming news, but still important to get across. Cloudflare has written a blog post detailing a security issue that was identified which is important to know about.
Note: GOL is not affected, as we don't use Cloudflare, however, a lot of other sites do.
The most important bit to know about:
You can find more info on this github page. Take that list with a pinch of salt though, since it's early days and it needs to be cleared up for sites that were definitely affected.
Also see the actual blog post from Cloudflare here.
I do suggest my patrons on Patreon change their passwords. To be clear, this is not an issue with Patreon, but a Cloudflare issue affecting many sites.
Thanks again to mphuZ on Twitter for letting me know. Article taken from GamingOnLinux.com.
Note: GOL is not affected, as we don't use Cloudflare, however, a lot of other sites do.
The most important bit to know about:
QuoteIt turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.
You can find more info on this github page. Take that list with a pinch of salt though, since it's early days and it needs to be cleared up for sites that were definitely affected.
Also see the actual blog post from Cloudflare here.
I do suggest my patrons on Patreon change their passwords. To be clear, this is not an issue with Patreon, but a Cloudflare issue affecting many sites.
Thanks again to mphuZ on Twitter for letting me know. Article taken from GamingOnLinux.com.
Some you may have missed, popular articles from the last month:
The comments on this article are closed.
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
You can find more info on this github page.Take this list with a grain of salt. It is still in development and contains many sites that were not affected by this leak. The author took dns records at face value instead of checking the actual web server used.
The only vulnerable sites where those using the cloudflare web proxy feature. DNS only site's are safe.
Changing passwords is still never a bad idea, especially if you reuse passwords on multiple sites.
Note: GOL is not affected, as we don't use Cloudflare, however, a lot of other sites do.Not anymore at least :P
1 Likes, Who?
Well, we haven't used them for quite some time and a long time before this was an issue, so we are in the clear :)Note: GOL is not affected, as we don't use Cloudflare, however, a lot of other sites do.Not anymore at least :P
0 Likes
You can find more info on this github page.Take this list with a grain of salt. It is still in development and contains many sites that were not affected by this leak. The author took dns records at face value instead of checking the actual web server used.
The only vulnerable sites where those using the cloudflare web proxy feature. DNS only site's are safe.
Changing passwords is still never a bad idea, especially if you reuse passwords on multiple sites.
Not anymore at least :P
It should be noted that the authors of that GitHub repo are removing from the list DNS-only sites and other sites confirmed not to be affected. See the commit history for details.
0 Likes
It should be noted that the authors of that GitHub repo are removing from the list DNS-only sites and other sites confirmed not to be affected. See the commit history for details.
You are entirely correct. Just asked people double check and before shouting in the empty void of birds.
1 Likes, Who?
More technical info about the incident (what kind of data leaked, what numbers, how and why, and how the issue was resolved and in which timeframe) can also be seen on the [Google’s Project Zero issue about it](https://bugs.chromium.org/p/project-zero/issues/detail?id=1139).
Seems there is a chance it hasn’t been exploited yet, but as the data leaked to web crawlers, people do have leaked data cached (and may not even realize it yet), and that cached data may be used later.
Seems there is a chance it hasn’t been exploited yet, but as the data leaked to web crawlers, people do have leaked data cached (and may not even realize it yet), and that cached data may be used later.
0 Likes
It's much more severe than just passwords. Basically everything you have been doing on those websites could have been leaked. People can use those data to blackmail you. And since the Google crawler managed to get this kind of data into their cache we can assume a lot of others did as well.
1 Likes, Who?
Patreon
PayPal
How to set, change and reset your SteamOS / Steam Deck desktop sudo password
How to set up Decky Loader on Steam Deck / SteamOS for easy plugins
See more from me