Cloudflare security breach

How can I make this site better? Let me know what you'd like to see!

Moderators: khz, MattKingUSA

Luc
Established Member
Posts: 741
Joined: Fri Mar 27, 2015 1:04 pm

Cloudflare security breach

Postby Luc » Sun Feb 26, 2017 4:14 am

https://github.com/pirate/sites-using-c ... /README.md

Hmmm... Should we all change our passwords?

Lyberta
Established Member
Posts: 681
Joined: Sat Nov 01, 2014 8:15 pm
Location: The Internet

Re: Cloudflare security breach

Postby Lyberta » Sun Feb 26, 2017 1:33 pm

Wouldn't hurt. Also, here's some good reading: http://cryto.net/~joepie91/blog/2016/07 ... a-problem/

tnovelli
Established Member
Posts: 277
Joined: Wed Apr 20, 2011 4:52 pm

Re: Cloudflare security breach

Postby tnovelli » Sun Feb 26, 2017 2:50 pm

Yes.

tux99
Established Member
Posts: 344
Joined: Fri Sep 28, 2012 10:42 am
Contact:

Re: Cloudflare security breach

Postby tux99 » Mon Feb 27, 2017 12:47 am

Did I miss something? Does linuxmusicians.com use cloudflare? :?

User avatar
raboof
Established Member
Posts: 1643
Joined: Tue Apr 08, 2008 11:58 am
Location: Deventer, NL
Contact:

Re: Cloudflare security breach

Postby raboof » Mon Feb 27, 2017 8:32 am

Yes, we use cloudflare, and yes, you should probably reset your password.

More details are at https://blog.cloudflare.com/incident-re ... arser-bug/ .

AFAIK there's no evidence this leak has been actively abused, and I've received a notification from cloudflare that no leaked data was found in caches like Google. Given relatively low number of leaked requests and the modest volume this site gets it's highly unlikely any linuxmusicians users have been affected - but better safe than sorry.

tux99
Established Member
Posts: 344
Joined: Fri Sep 28, 2012 10:42 am
Contact:

Re: Cloudflare security breach

Postby tux99 » Mon Feb 27, 2017 2:47 pm

How does LM use cloudflare?

If I look up the IP of LM I get 95.143.172.223, and the authoritative nameservers seem to be:
ns1.jonaspasche.com internet address = 95.143.172.27
ns2.jonaspasche.com internet address = 82.98.82.9
ns3.jonaspasche.com internet address = 185.26.156.6

None of these seem related to cloudflare.

User avatar
raboof
Established Member
Posts: 1643
Joined: Tue Apr 08, 2008 11:58 am
Location: Deventer, NL
Contact:

Re: Cloudflare security breach

Postby raboof » Mon Feb 27, 2017 2:57 pm

tux99 wrote:How does LM use cloudflare?

If I look up the IP of LM I get 95.143.172.223, and the authoritative nameservers seem to be:
ns1.jonaspasche.com internet address = 95.143.172.27
ns2.jonaspasche.com internet address = 82.98.82.9
ns3.jonaspasche.com internet address = 185.26.156.6

None of these seem related to cloudflare.


Ha, you're absolutely right. I'm using the CF nameservers (viewtopic.php?f=13&t=15287&p=68607&hilit=cloudflare#p68607), but indeed planned to use CF caching but never got around to it.

(you'll see "dig ns linuxmusicians.com" points to the CF DNS servers, but those simply point to the uberspace host we use ('dig -x 95.143.172.223' will show you 'grus.uberspace.de')

In other words, we're definitely not affected by the CF breach, though updating your password every once in a while still can't hurt :)

Luc
Established Member
Posts: 741
Joined: Fri Mar 27, 2015 1:04 pm

Re: Cloudflare security breach

Postby Luc » Mon Feb 27, 2017 3:40 pm

$ dig linuxmusicians.com NS

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> linuxmusicians.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36316
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4000
;; QUESTION SECTION:
;linuxmusicians.com. IN NS

;; ANSWER SECTION:
linuxmusicians.com. 86400 IN NS kay.ns.cloudflare.com.
linuxmusicians.com. 86400 IN NS skip.ns.cloudflare.com.

;; ADDITIONAL SECTION:
skip.ns.cloudflare.com. 83339 IN A 173.245.59.233
skip.ns.cloudflare.com. 83118 IN AAAA 2400:cb00:2049:1::adf5:3be9
kay.ns.cloudflare.com. 81221 IN A 173.245.58.125
kay.ns.cloudflare.com. 38137 IN AAAA 2400:cb00:2049:1::adf5:3a7d

;; Query time: 189 msec
;; SERVER: 10.60.1.1#53(10.60.1.1)
;; WHEN: Mon Feb 27 12:39:12 BRT 2017
;; MSG SIZE rcvd: 186

User avatar
raboof
Established Member
Posts: 1643
Joined: Tue Apr 08, 2008 11:58 am
Location: Deventer, NL
Contact:

Re: Cloudflare security breach

Postby raboof » Mon Feb 27, 2017 4:21 pm

Luc wrote:$ dig linuxmusicians.com NS

;; ANSWER SECTION:
linuxmusicians.com. 86400 IN NS kay.ns.cloudflare.com.
linuxmusicians.com. 86400 IN NS skip.ns.cloudflare.com.


Jup, this means we use the CF DNS, but we don't use the CF caching routers, and the breach was in the caching routers.

tux99
Established Member
Posts: 344
Joined: Fri Sep 28, 2012 10:42 am
Contact:

Re: Cloudflare security breach

Postby tux99 » Mon Feb 27, 2017 4:39 pm

Ok, I see, thanks.
IMHO it would be better if LM does not start using the cloudflare caching servers , I find cloudflare very concerning from a privacy point of view, especially due to the fact that so many sites use them. That gives clouflare great snooping and data collecting powers over what people do on the web (apart from security risks as we have just seen).

Of course using only the nameservers is not a problem.

User avatar
raboof
Established Member
Posts: 1643
Joined: Tue Apr 08, 2008 11:58 am
Location: Deventer, NL
Contact:

Re: Cloudflare security breach

Postby raboof » Mon Feb 27, 2017 8:43 pm

tux99 wrote:IMHO it would be better if LM does not start using the cloudflare caching servers , I find cloudflare very concerning from a privacy point of view, especially due to the fact that so many sites use them. That gives cloudflare great snooping and data collecting powers over what people do on the web (apart from security risks as we have just seen).


Point well taken. Also I don't really perceive big performance problems anymore (I think that has been worse in the past), so there is no real need to move to the caching service anyway.

tux99 wrote:Of course using only the nameservers is not a problem.


In theory they could still attack us (as they control the nameservers), but doing so would be technically somewhat challenging and obviously-malicious, so I guess we're relatively OK for now :).


Return to “Suggestion Box”

Who is online

Users browsing this forum: No registered users and 6 guests