Is 8ch affected by CloudBleed?

Welp, that happened

cloudbleedcheck.com/?domain=8ch.net

Other urls found in this thread:

esecurityplanet.com/network-security/cloudflare-cloudbleed-flaw-leaks-millions-of-peoples-personal-data.html
twitter.com/NSFWRedditImage

What did he mean by this?

someone is stealing our memes before they even get posted.
Maybe board owners/volunteers passwords are compromised?

Too bad it's still vague as fuck about what data is actually leaking. Not to mention what data is passed through cloudflare
I imagine our UP addresses are COMPLETELY SAFE since they aren't even exposed to admins. Just a hashed version is. The hashing algorithm is stored locally in 8chans config files so there's no way that would leak either. It seems only mod and admin passwords are in danger

I think IP addresses might be exposed to the actual admins, although not to global volunteers, and they are still exposed through the JSON interface of the global report queue for some reason.

There aren't many secrets to be stolen here, all of them have been mentioned already. Probably the one big technical advantage of anonymous boards.


If the hashing method is stored locally, it was probably loaded into RAM and might also have leaked, so an attacker might now the IP addresses. I'm not sure what good that does him though; the kind of attacker that can use IP addresses to find you probably has them from general surveillance anyway.

Wouldn't it have to be loaded into Cloudflare's RAM for that?

Cloudbleed isn't leaking RAM dumps though. You are describing a completely different exploit

Yeah, I got that one wrong, sorry.

They're already compromised considering practically of them use that shitty email service that governments already got their hand on and have continued interest in.

There is no automated account recovery (or if there is, I can't find it). Compromising those accounts would have to involve a real human.

Why does it matter, what personal and important information are you sending through 8ch?

Not vague anymore
esecurityplanet.com/network-security/cloudflare-cloudbleed-flaw-leaks-millions-of-peoples-personal-data.html

So glad I bank/purchase with a different browser than the one with which I shitpost...
Thanks Jimkike!

What does your browser have to do with this? Do you, in fact, know what you're talking about?

Why the fuck did the idiot go and uncover NSA's backdoor? They are gonna be pissed!

When do 8ch meta shitposters ever know what they are talking about? If it goes against Hotwheels Jim, it's fair game.

HE TRIED TO WARN US

and we didn't listened... we didn't... listened

It's OK Jim uses cloudfuck

HOW HARD IS IT TO CALLOC
PaX ALREADY CLEARS MEMORY ON FREE YOU FUCKING RETARDS
FUCKING KIKEFLARE
REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
Fucking hell this got me angry. How can you make such a fundamental fucking mistake? Are all "software engineers" in Cloudflare pajeets?

PaX is not part of official Linux kernel. You won't find many Linux servers that have it.

Hashing ipv4 addresses is pointless.
If you have at least basic understanding of security, you don't need any explanation why.
And most users have/use only ipv4.

I thought cloudflare was an alphabet soup project. how else would it have been financed?

Too bad you're never going to change the fact that Jim's company was responsible for storing ~500,000 unencrypted credit card records, for years after the fact.
Or that he stole 2channel just like he stole this shithole.

...

lmao
Feel free to prove me wrong.

Messages from nips trying to clean up the mess prove it. There's a documented email to AWS to take down the unencrypted credit card numbers, and the approximate numbers, because the leak was being hosted there.

Jim was his own payment processor, and he probably had some fucking gook taking new credit card numbers manually from the database and running them over a phone line for processing.
Hilarious.

In addition, go ahead and ask codemonkey about their site that RQI was responsible for, that they had to rewrite from the ground up this month, because it was compromised.

Is our children learning?

Cloudbleed leaked IP's because Cloudflare has to keep track of your IP address so that it can keep its mitm between you and the website going.

I don't think calloc would have helped. The issue with Cloudflare was that they incremented a pointer one too many times in an edge case, thereby side-stepping a check (i.e. checking if the pointer value didn't go out of bounds). If they had used calloc, this still would have failed.

It's not a meme, Josh is that obsessed. He's always browsing the Holla Forums and /cow/ boards and larping on them. Then he go to irc and discord to cry about it

Again, feel free to prove me wrong, dipshit. Don't bring up your dumbfuck boogeyman next time if you can't. No one fucking cares. We're talking about the fact that the retarded expat that owns this shithole is a fucking retard. Why did we even NEED email protect on Holla Forums? All it does it cause fucking problems. People told them to disable it, and the other parsers, multiple times. They didn't.

Go back to sucking Jim's dick now.

You know, I never noticed that his eyes look really fucked up in that image, like he's tarding out.

...

what do you mean?

The only thing of value I can think of to be stolen are tripcodes.

10/10 security

No, a lot of post data might be cached somewhere. Just because hashed IPs are stored on the server (and it's not even the canonical representation, they're still exposed to admins) doesn't mean that's the way cloudflare sees it. And especially what's going to be sitting around in uninitialized memory.

Nice rebuttal, dipshit.