Yesterday, the Cloudflare CTO published a statement saying that Cloudflare had a bug that may have leaked private information. This includes passwords, private messages, and anything else transmitted over HTTPS.
However, for a site to be vulnerable to this bug, it had to be using all of the following features:
- Email address obfuscation
- Automatic http to https url rewrites
- Hiding content from malicious bots
- Inserting Google Analytics tags
YWS uses none of those features, and there is no indication it was affected by the Cloudflare vulnerability.
Nonetheless, some security researchers are advising people to change their passwords on any site using Cloudflare. Personally, this is not something I'll be doing. So many sites use Cloudflare that I'd have to change almost all of my passwords. I will be changing the password I use for Cloudflare itself, but that's it. Still, it's something everyone here should be aware of.
More information:
https://arstechnica.com/security/2017/0 ... omer-data/
https://medium.com/@octal/cloudbleed-ho ... .jb96g6yll
Gender:
Points: 11417
Reviews: 425