• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Cloudflare Leaks, change your passwords ...

It was bound to happen, silly service if you ask me. The data dumps on black market are huge, no one knows for sure what sites are in those dumps and if all dumps are released so be safe and switch out, this website uses the service that was broken.

Ref. https://github.com/pirate/sites-using-cloudflare

Edit: This also counts for some major exchanges and other websites, you can do a lookup in the 4.2+ mil websites in file behind the reference link. (And your 2fa is also broken, remove it and reset it to be safe.)
 
Last edited:
Here is a great explanation by Kraken:

A bug was recently discovered with Cloudflare, which Kraken and many other websites use for DoS protection and other services. Due to the nature of the bug, we recommend as a precaution that you change your Kraken security credentials:


  • Change your password
  • Change your two-factor authentication (remove and re-enable it)
  • Clients who use API keys should generate a new set of keys

You should similarly change your security credentials for other websites that use Cloudflare (see link below for a list of possibly affected sites). If you are using the same password for multiple sites, you should change this immediately so that you have a unique password for each site. And you should enable two-factor authentication for every site that supports it.


The Cloudflare bug has now been fixed, but it caused sensitive data like passwords to be leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between Feb 13 and Feb 18 when about 0.00003% of HTTP requests were affected. Although the rate of leakage was low, the information that might have been leaked could be very sensitive, so it’s important that you take appropriate precautions to protect yourself.


The problem is thought to have only started 6 months ago and 2FA or API keys generated before that time are probably not affected, but we recommend changing them anyway because the bug existed for years.


Here are some links for further reading on the Cloudflare bug:



If you have any questions or concerns in response to this email, please contact Kraken support at: https://support.kraken.com/hc/requests/new


Thank you for choosing Kraken, the trusted and secure digital assets exchange.


The Kraken Team
 
The Cloudflare bug has now been fixed, but it caused sensitive data like passwords to be leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between Feb 13 and Feb 18 when about 0.00003% of HTTP requests were affected. Although the rate of leakage was low, the information that might have been leaked could be very sensitive, so it’s important that you take appropriate precautions to protect yourself.

The first data dumps that look like those now linked to the cloud flare problem date back more then a year ago, aka the first fishing for tools to analyze the data set.

The leakage was several megabytes of random memory that could be read after loading a page severed trough Cloudflare, the memory contained plain text api keys, messages and passwords. Several terabytes of this memory is now up for grabs, allot more could be held back. "limited", "could be" nice words.

Cloudflare the perfect man in the middle for 4.2 mil domains ugh silly service.
 
I saw that with Bitwala as well. They don't expect that any passwords have leaked, but asked their users to re-set them anyway.
 
It was bound to happen, silly service if you ask me. The data dumps on black market are huge, no one knows for sure what sites are in those dumps and if all dumps are released so be safe and switch out, this website uses the service that was broken.

Ref. https://github.com/pirate/sites-using-cloudflare

Edit: This also counts for some major exchanges and other websites, you can do a lookup in the 4.2+ mil websites in file behind the reference link. (And your 2fa is also broken, remove it and reset it to be safe.)

The result of the centralization!

And now some people are proposing the dash community to give their private keys.
And the masternodes vote for it.
 
Let me make a prediction.
If blockcypher proposition passes, the price of dash will increase.
The spies and the agents are buying, the more centralized dash becomes, the better for them.

Lets be honest. Our cause here, and our goal seems futile. What are our chances to succeed?

First lets examine what are the chances of dash to succeed. Dash exists into the world context, and in order to be succesfull it has to be accepted not by ordinary people, but by the people who own the majority of the time-space asymmetric coin called dollar. The people who control dollars, who control also violence, they also control the dollar price of dash. The increase of the dollar price of dash is the main reason people come here and the decrease the main reason people leave. The dollar people control the "births" and "deaths" here in dash, similar to what they do in real life where they also control the births and deaths. And because dash is competitive to dollar, only if the dollar holders go against their own interests, only if they go crazy and refuse the dollars they hold, then dash can succeed.

And even if dash succeeds, then we have to persuade the "whales", the people who own the majority of dash. Those people also own the network of dash , which means that they have full control, they can vote so they can decide what the protocol is, so they have the power to invite or ban from the network whoever they wish. The "whales" have a "monopoly" of a network-like violence, similar to the ordinary monopoly of violence the dollar people have in real life. And because a time-space symmetric dash is competitive to what dash today is, only if the dash holders go against their own interests, only if they go crazy and refuse the dash they hold, then we can succeed.

It is crazy for us to hope that we will succeed. It is not single crazy, but double crazy because we have to overcome not only dollar, but also dash which is designed as a dollar reflection, idol and icon. Because dash is the same time-space asymmetric cursed money like dollar is.

But we will continue. Faith can move mountains and we will never give up believing in a fair money. We will conquer dash, we will conquer dollar, we will transform money to a time and space symmetric thing, for the future generations to bless us. Lets drink to our double (or quadruple) craziness! Venceremos!

<vote history>
Would you like the dash coins to be distributed rightly between generations? yes 1 vote(s) 9.1% no 9 vote(s) 81.8% other 1 vote(s) 9.1%
</vote history>
 
Last edited:
Let me make a prediction.
If blockcypher proposition passes, the price of dash will increase.
The spies and the agents are buying, the more centralized dash becomes, the better for them.

stop spamming again and again
put up 1 post and let's it sit as everybody else !
i will start erasing in a couple of hours so better edit all in 1
 
Back
Top