OT: Probably time to change your passwords
http://fortune.com/2017/02/24/cloudflare-leak-bug-sensitive-information/
So it looks like Cloudflare, a content distribution network, had been leaking data with a known exploit for a couple of weeks. I know MGoBlog, uses CloudFlare but I believe we’re safe because it is just static content hosted. However, they are a CDN for a lot of major sites including reddit. So better safe than sorry and just update those passwords.
February 24th, 2017 at 12:47 PM ^
February 24th, 2017 at 12:53 PM ^
Probably one of the bastard pseudonyms of yours. Always up to something...
(I kid, I kid, but that joke was too easy)
February 24th, 2017 at 12:55 PM ^
February 24th, 2017 at 1:05 PM ^
On the other hand, someone seriously wants to hack into his account and then post bad shit under his name? Get a life; it's just a sports blog.
February 24th, 2017 at 1:04 PM ^
Are the IP addresses out of Bolivia or Toys R Us headquarters any chance?
February 24th, 2017 at 1:35 PM ^
Further instructions have been sent to your e-mail address.
February 24th, 2017 at 2:30 PM ^
February 24th, 2017 at 1:03 PM ^
February 24th, 2017 at 1:46 PM ^
February 24th, 2017 at 1:09 PM ^
thepasswordistaco
February 24th, 2017 at 1:09 PM ^
February 24th, 2017 at 1:50 PM ^
just put a 1 after it
February 24th, 2017 at 1:54 PM ^
Do you think that's better than "ChubbyChaser69"? That's where I was heading...
February 24th, 2017 at 1:11 PM ^
Basically, you should assume that every password you currently use is compromised. Any website which would cause an "Oh shit, my life is getting a lot more complicated" reaction if someone were to get that password - change that password.
February 24th, 2017 at 1:25 PM ^
Honestly, you're talking 25 different sites, or more, for me......anyway to avoid this in the future? Isn't there a better way to get access?
February 24th, 2017 at 1:38 PM ^
There are a million different ways to skin this particular cat, but they're all vulnerable in one way or another. My biggest tip is to never use the same password on more than one site with same login (i.e. your email). If someone did hack MGoBlog, that may be embarrassing but not a huge problem, but if hacking MGoBlog gives them access to your account at Amazon, PayPal or a credit card?
I use a password store that is synched between my computers and my phone and generate random passwords for every login.
I have different passwords for different types of sites (i.e., mgoblog password not the same for banking, etc.). I'm intrigued by the password store...what's that about, can you give more info?
February 24th, 2017 at 1:20 PM ^
Significantly, 1Password uses CloudFlare. So if you're using it as a password manager, your master password could be compromised.
Hurray for shitty code qualtiy!
February 24th, 2017 at 1:32 PM ^
Not according to this post.
No secrets are transmitted between 1Password clients and 1Password.com when you sign in and use the service. Our sign-in uses SRP [Secure Remote Password protocol], which means that server and client prove their identity to each other without transmitting any secrets. This means that users of 1Password do not need to change their Master Passwords.
February 24th, 2017 at 1:23 PM ^
"1243" is a great password.
Also, it represents the number of alternate accounts I have here on MGoBlog.
February 24th, 2017 at 1:27 PM ^
February 24th, 2017 at 1:32 PM ^
It's okay. I have more. FYI
February 24th, 2017 at 2:29 PM ^
though. Especially when you just reversed your pic.
February 24th, 2017 at 2:13 PM ^
Aw, man, that clip cut it out....
"What did you do?"
"I turned off the wall."
"No you didn't! You turned off the whole movie!"
"I must have pressed the wrong button!"
February 24th, 2017 at 2:16 PM ^
I was worried for a second there, I thought you had figured out the combination to the air shield over planet Druidia.
February 24th, 2017 at 2:13 PM ^
It was patched before it went public, and (most of) the cached results that contain potentially private information were purged before the disclosure. All in all, it's highly unlikely that you individually had any information leaked. Now, that's not to say you shouldn't change your passwords, but it's a far cry from Heartbleed where there were tens of thousands of servers leaking information to anyone who came calling after the public disclosure.
February 24th, 2017 at 2:29 PM ^
Ugh...
123456 has been my go to for FOREVER. What am I going to do now?! 654321? That feels so wrong.
February 24th, 2017 at 2:30 PM ^
Whoever is the cloudflare account manager at mgoblog should receive an email from cloudflare where they will tell you if this website has been affected and what data has been exposed or if it hasn't
If it was or wasn't it would be good to know as many probably use the same email/password combination on other websites.
February 24th, 2017 at 2:33 PM ^
So if, like, a really stupid comment/post goes up under my MGoBlog user account name, and maybe like it gets a bazillion negs and the post sends the account to Bolivia (or Venezuala or TRAPPIST-1h or whaterver)... can I defend myself and get all my MGoPoints back on the grounds it was the Russian hackers who did it???
February 24th, 2017 at 4:23 PM ^
February 24th, 2017 at 4:56 PM ^
My understanding was that the leak only occurred in 1 per 3.3M requests. So it isn't a huge leak, though obviously you should still rotate your passwords.
February 24th, 2017 at 8:29 PM ^
February 25th, 2017 at 1:07 AM ^
Seriously, if you believe that...or anything like that...you may be delusional as it relates to this type of thing. These companies have close to zero investment in real digital security.
February 25th, 2017 at 10:50 AM ^