CHANGE YOUR PASSWORDS

[Squirrel]

(02-24-2017, 07:38 AM)Voakie Wrote: There has been a major security flaw within Cloudflare and thus meaning within the Forums. Its highly suggested that you cycle your passwords everywhere.

First, congrats Goat on catching wind of this.... It was news to me, and I like to know such things.

I wonder if you're aware of the full impact of what you've just said!

If someone had determined that CloudFlare had a leaky-response (obviously people did.... otherwise the # of requests would not have been so high.) they could then use that for a direct and malicious attack on a company simply by DDoSing them!

(Anti-DDOS protection at an upstream level means, you buy cheap-@ss bandwidth, and let that bandwidth "wash" all your dirty incoming traffic. My company used to offer such a service but it was so costly, really it was just buying more bandwidth + uhh "apps" for the sake of simplification.... So if someone DDOSes you today and you call me, I would send you to CloudFlare.

So....

Step 1. Pick company to attack.
Step 2. DDoS them using known botnets and test to see what bandwidth the target has.
Step 3. Prepare attack servers using virtualized/cloud environments, purchase attack capacity on stronger botnets. (To do that you'd have to know of places that I don't. But hey, I'm happy to not know any of that!)
Step 4. Launch DDoS on your target, with all attack servers in operation (but not a part of the DDoS) purchasing botnet strength in sizes 1000's of GBs BEYOND what your test in Step 2 determined for what is to be an expected ongoing attack, while simultaneously having your attack servers watch via DNS (which few people understand, even with some prrreeeettty larrrrge companies) for changes in stature of the target. (ie: Did their web site go down, did they make core DNS changes, and so on...)
Step 5. Mount REAL attack once it's determined that a company is being DDoSed and is mitigating with CloudFlare..........

The rest is literally your greedy black-hats dream come true.

Corporate espionage is brutal. And that's in countries that give a :poop: -- there's others (like China) that do not care, and are ready to sell (You want a real botnet, imagine the one China could build. Their "leaders" could decide all the millions/billions of their own people who are "infected" with State Software, lol) anything you want becomes possible.

This is HUGE news, and, as the GHoat has said, you should move to protect yourself.

(As much as we hate changing passwords, can you afford NOT to?)

Thanks Goat, for a quality message.

---

(02-24-2017, 10:39 AM)Lucyfer Wrote: Oh wow! I wasn't aware so many popular websites use Cloudflare.
So their big data of world wide web must be enormous.
...
There are much more websites on the list where I am registered.
...
Hmm, it seems they released the whole database of domains which use their DNS. Almost 4,3 mln domains overall.
All of my domains I use with CF are there.

Yes, as I was saying before, I working as an 'Internet Service Provider'.... if you attack me, I generally don't care.... But if you prolong the attack, a company has to do something about it. If you were a company with services with us, we would call you (even at 3am, lol, hell you might speak to Squirrel directly, lol) if you came under direct attack to report "suspicious bandthwith". In most cases, they will be okay with everything. Only the smallest of small on-line companies are not in a "95th percentile" type of situation where, their bandwidth is burstable up to the capacity which they paid for. That means 36 HOURS or so of continual attack is needed to financially affect you.

Of course, if an attack on you is so huge, it's now putting my network in jeopardy, then my boss is going to tell me to pull all your cables anyhow. (grin)

And I'm just propping up what the Goat shared by saying we, as an Internet Service Provider, would tell you to mitigate using CloudFlare, if you had to. That way we wouldn't have to unplug your cables. Your traffic would all go to CloudFlare first... get "washed", and what was good would come back to us via CloudFlare, while the bad traffic just became... immaterial.

(Generally... when one of our companies gets attacked, I don't even notice for hours. (lol) Maybe their sites/servers are overwhelmed but its simple traffic, and inbound traffic for a company such as ours is..... much more readily noticed. Heh. But last week, one of customers was attacked so hard, for so long, not only were we giving instructions to our upstreams, our boss was telling them they need to have CloudFlare .. or an alternate .. in place, going forward.

That will give you a rough idea why there are millions of domains using CloudFlare.)

I'd be surprised if anyone else here knew how important an event of this nature is....

Well, to say.... obviously someone may have already essentially "carried out my plan" (see above, lol) and DDoSed a place, just so they could gain access to some accounts.... ...thats whats "significant" about that range Voakie's message reported, Feb 13-18.

It means "that time" where MicroSoft starts thinking about releasing a patch for a "known issue" that people brought to them even a year beforehand, becomes the now, where you know the barn already burned down, and the horses are all dead, but.... soon people are going to start exploiting this.

For CloudFlare, "that time" has been coming for some time, and now there's enough spillage that the end users are finding out.

It really is an issue for EVERYTHING INTERNET. It's huge.