Cloudflare security breach
Moderators: MattKingUSA, khz
-
- Established Member
- Posts: 681
- Joined: Sat Nov 01, 2014 8:15 pm
- Location: The Internet
- Been thanked: 1 time
Re: Cloudflare security breach
Wouldn't hurt. Also, here's some good reading: http://cryto.net/~joepie91/blog/2016/07 ... a-problem/
- raboof
- Established Member
- Posts: 1855
- Joined: Tue Apr 08, 2008 11:58 am
- Location: Deventer, NL
- Has thanked: 50 times
- Been thanked: 74 times
- Contact:
Re: Cloudflare security breach
Yes, we use cloudflare, and yes, you should probably reset your password.
More details are at https://blog.cloudflare.com/incident-re ... arser-bug/ .
AFAIK there's no evidence this leak has been actively abused, and I've received a notification from cloudflare that no leaked data was found in caches like Google. Given relatively low number of leaked requests and the modest volume this site gets it's highly unlikely any linuxmusicians users have been affected - but better safe than sorry.
More details are at https://blog.cloudflare.com/incident-re ... arser-bug/ .
AFAIK there's no evidence this leak has been actively abused, and I've received a notification from cloudflare that no leaked data was found in caches like Google. Given relatively low number of leaked requests and the modest volume this site gets it's highly unlikely any linuxmusicians users have been affected - but better safe than sorry.
Re: Cloudflare security breach
How does LM use cloudflare?
If I look up the IP of LM I get 95.143.172.223, and the authoritative nameservers seem to be:
ns1.jonaspasche.com internet address = 95.143.172.27
ns2.jonaspasche.com internet address = 82.98.82.9
ns3.jonaspasche.com internet address = 185.26.156.6
None of these seem related to cloudflare.
If I look up the IP of LM I get 95.143.172.223, and the authoritative nameservers seem to be:
ns1.jonaspasche.com internet address = 95.143.172.27
ns2.jonaspasche.com internet address = 82.98.82.9
ns3.jonaspasche.com internet address = 185.26.156.6
None of these seem related to cloudflare.
- raboof
- Established Member
- Posts: 1855
- Joined: Tue Apr 08, 2008 11:58 am
- Location: Deventer, NL
- Has thanked: 50 times
- Been thanked: 74 times
- Contact:
Re: Cloudflare security breach
Ha, you're absolutely right. I'm using the CF nameservers (viewtopic.php?f=13&t=15287&p=68607&hili ... are#p68607), but indeed planned to use CF caching but never got around to it.tux99 wrote:How does LM use cloudflare?
If I look up the IP of LM I get 95.143.172.223, and the authoritative nameservers seem to be:
ns1.jonaspasche.com internet address = 95.143.172.27
ns2.jonaspasche.com internet address = 82.98.82.9
ns3.jonaspasche.com internet address = 185.26.156.6
None of these seem related to cloudflare.
(you'll see "dig ns linuxmusicians.com" points to the CF DNS servers, but those simply point to the uberspace host we use ('dig -x 95.143.172.223' will show you 'grus.uberspace.de')
In other words, we're definitely not affected by the CF breach, though updating your password every once in a while still can't hurt
Re: Cloudflare security breach
$ dig linuxmusicians.com NS
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> linuxmusicians.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36316
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4000
;; QUESTION SECTION:
;linuxmusicians.com. IN NS
;; ANSWER SECTION:
linuxmusicians.com. 86400 IN NS kay.ns.cloudflare.com.
linuxmusicians.com. 86400 IN NS skip.ns.cloudflare.com.
;; ADDITIONAL SECTION:
skip.ns.cloudflare.com. 83339 IN A 173.245.59.233
skip.ns.cloudflare.com. 83118 IN AAAA 2400:cb001::adf5:3be9
kay.ns.cloudflare.com. 81221 IN A 173.245.58.125
kay.ns.cloudflare.com. 38137 IN AAAA 2400:cb001::adf5:3a7d
;; Query time: 189 msec
;; SERVER: 10.60.1.1#53(10.60.1.1)
;; WHEN: Mon Feb 27 12:39:12 BRT 2017
;; MSG SIZE rcvd: 186
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> linuxmusicians.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36316
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4000
;; QUESTION SECTION:
;linuxmusicians.com. IN NS
;; ANSWER SECTION:
linuxmusicians.com. 86400 IN NS kay.ns.cloudflare.com.
linuxmusicians.com. 86400 IN NS skip.ns.cloudflare.com.
;; ADDITIONAL SECTION:
skip.ns.cloudflare.com. 83339 IN A 173.245.59.233
skip.ns.cloudflare.com. 83118 IN AAAA 2400:cb001::adf5:3be9
kay.ns.cloudflare.com. 81221 IN A 173.245.58.125
kay.ns.cloudflare.com. 38137 IN AAAA 2400:cb001::adf5:3a7d
;; Query time: 189 msec
;; SERVER: 10.60.1.1#53(10.60.1.1)
;; WHEN: Mon Feb 27 12:39:12 BRT 2017
;; MSG SIZE rcvd: 186
- raboof
- Established Member
- Posts: 1855
- Joined: Tue Apr 08, 2008 11:58 am
- Location: Deventer, NL
- Has thanked: 50 times
- Been thanked: 74 times
- Contact:
Re: Cloudflare security breach
Jup, this means we use the CF DNS, but we don't use the CF caching routers, and the breach was in the caching routers.Luc wrote:$ dig linuxmusicians.com NS
;; ANSWER SECTION:
linuxmusicians.com. 86400 IN NS kay.ns.cloudflare.com.
linuxmusicians.com. 86400 IN NS skip.ns.cloudflare.com.
Re: Cloudflare security breach
Ok, I see, thanks.
IMHO it would be better if LM does not start using the cloudflare caching servers , I find cloudflare very concerning from a privacy point of view, especially due to the fact that so many sites use them. That gives clouflare great snooping and data collecting powers over what people do on the web (apart from security risks as we have just seen).
Of course using only the nameservers is not a problem.
IMHO it would be better if LM does not start using the cloudflare caching servers , I find cloudflare very concerning from a privacy point of view, especially due to the fact that so many sites use them. That gives clouflare great snooping and data collecting powers over what people do on the web (apart from security risks as we have just seen).
Of course using only the nameservers is not a problem.
- raboof
- Established Member
- Posts: 1855
- Joined: Tue Apr 08, 2008 11:58 am
- Location: Deventer, NL
- Has thanked: 50 times
- Been thanked: 74 times
- Contact:
Re: Cloudflare security breach
Point well taken. Also I don't really perceive big performance problems anymore (I think that has been worse in the past), so there is no real need to move to the caching service anyway.tux99 wrote:IMHO it would be better if LM does not start using the cloudflare caching servers , I find cloudflare very concerning from a privacy point of view, especially due to the fact that so many sites use them. That gives cloudflare great snooping and data collecting powers over what people do on the web (apart from security risks as we have just seen).
In theory they could still attack us (as they control the nameservers), but doing so would be technically somewhat challenging and obviously-malicious, so I guess we're relatively OK for now .tux99 wrote:Of course using only the nameservers is not a problem.