WIDESPREAD INTERNET SECURITY PROBLEM

All off topic conversation held here. Have fun and play nice. =)

Moderators: Bookworm, starkruzr, MrFireDragon, PrettyPrincess, Wapsi

User avatar
GlytchMeister
Posts: 3733
Joined: Wed Oct 16, 2013 2:52 pm
Location: Central Illinois
Contact:

WIDESPREAD INTERNET SECURITY PROBLEM

Post by GlytchMeister »

"A major vulnerability in the Cloudflare proxying provider used by all sites using Cloudflare leaves all traffic vulnerable to hacking and leakage, going back for multiple months. Sites vulnerable include:
Uber
Reddit
Yelp
Digital Ocean
OKCupid
RapGenius
Coinbase
Product Hunt
Udemy
Crunchyroll
FitBit
Hacker News
Zendesk
Discord
Github pages
Chocolatey
It is recommended that you change your passwords for those sites immediately.
SOURCES:

https://bugs.chromium.org/p/project-zer ... il?id=1139



https://blog.cloudflare.com/incident-re ... arser-bug/

Basically if you use any of these websites or services, change your passwords."
He's mister GlytchMeister, he's mister code
He's mister exploiter, he's mister ones and zeros
They call me GlytchMeister, whatever I touch
Starts to glitch in my clutch!
I'm too much!
User avatar
Dave
Posts: 7584
Joined: Tue Jul 31, 2012 5:58 pm
Location: Mountain View, CA, USA

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Dave »

Eeep.

Thank you! I don't think I'm much affected (just a rarely-used account at Yelp, which had a unique password) but I suspect a lot of other people are going to be exposed a lot worse than this.

It'll be interesting to see which companies (of those you've listed, and others) follow through and contact their customers about this.
User avatar
AnotherFairportfan
Posts: 6402
Joined: Thu May 01, 2014 2:53 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by AnotherFairportfan »

I recently set up a runchyroll account {using a secondary e-mail}, but that's it for that list.
Proof Positive the world is not flat: If it were, cats would have pushed everything off the edge by now.
User avatar
Dave
Posts: 7584
Joined: Tue Jul 31, 2012 5:58 pm
Location: Mountain View, CA, USA

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Dave »

According to https://github.com/pirate/sites-using-cloudflare it looks as if Patreon may be affected as well.

Patrons Of Paul, take notice!
User avatar
Catawampus
Posts: 2145
Joined: Fri Jul 12, 2013 10:47 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Catawampus »

Huzzah, my borderline paranoia and distrust of the online world pays off yet again!
User avatar
TazManiac
Posts: 3701
Joined: Fri Nov 29, 2013 6:53 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by TazManiac »

Funny, I was creating a Github account just recently, only to find out that 'somebody already has my ID...'. I find it very hard to see another TazManiac out there, as I've been some form of TAZ in one form or another ever since the early eighties...

That said, I'll go and review the list of affected sites, but the only one I really ever activate past the script blocker is WeatherUnderGround.

PS- I fergot to say 'tanx'.
User avatar
GlytchMeister
Posts: 3733
Joined: Wed Oct 16, 2013 2:52 pm
Location: Central Illinois
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by GlytchMeister »

So far as I know, I'm the only GlytchMeister anywhere in the Internet. I'm actually quite proud of that.
He's mister GlytchMeister, he's mister code
He's mister exploiter, he's mister ones and zeros
They call me GlytchMeister, whatever I touch
Starts to glitch in my clutch!
I'm too much!
User avatar
AmriloJim
Posts: 1190
Joined: Sat Aug 04, 2012 10:47 pm
Location: 35ºN 101ºW (for the GPS-challenged, that's Amarillo TX)
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by AmriloJim »

GlytchMeister wrote:So far as I know, I'm the only GlytchMeister anywhere in the Internet. I'm actually quite proud of that.
I can make the same claim, and point out that AmriloJim has nine characters because that was the Internet Relay Chat handle limit back in the day (early '90s).
Warrl
Posts: 1723
Joined: Sat Jul 20, 2013 10:44 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Warrl »

TazManiac wrote:Funny, I was creating a Github account just recently, only to find out that 'somebody already has my ID...'. I find it very hard to see another TazManiac out there, as I've been some form of TAZ in one form or another ever since the early eighties...

That said, I'll go and review the list of affected sites, but the only one I really ever activate past the script blocker is WeatherUnderGround.

PS- I fergot to say 'tanx'.
I haven't actually encountered another Warrl, but I did encounter another person who wanted to use that ID - and couldn't because I'd gotten it first. And this was on a small Seattle-area ISP. Dial-up, just to give you an idea of how long ago this was.
User avatar
lake_wrangler
Posts: 4300
Joined: Sun Aug 05, 2012 8:16 am
Location: Laval, Québec, Canada

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by lake_wrangler »

To my knowledge, I am also the only lake_wrangler on the internet. (This includes its derivatives, such as LakeWrangler, lake.wrangler, lake-wrangler, and such, depending on the characters allowed in creating a name on various sites...)

I am rather pleased with that, as I do not like the idea of using a name and adding numbers at the end of it to make it unique...

As far as the list of sites named above,the only one I have had an ID created for was Github, but a quick search of my password manager (LastPass) reveals that no, I have never created an ID for them. I have never been known to be particularly social, after all...
User avatar
GlytchMeister
Posts: 3733
Joined: Wed Oct 16, 2013 2:52 pm
Location: Central Illinois
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by GlytchMeister »

PSA:
Shadow Brokers exploit dump (stolen from NSA) is pwning all Microsoft Windows versions, even fully-patched Win10 may not be safe.
Spread the word. Do not use MSWindows. Unplug, remove batteries to be safe until things get fixed.

Follow these Twitter accounts to stay updated:

@snowden
@hackerfantastic
@x0rz
@emptywheel
@josephfcox

Tell everyone. This is cybergeddon.
He's mister GlytchMeister, he's mister code
He's mister exploiter, he's mister ones and zeros
They call me GlytchMeister, whatever I touch
Starts to glitch in my clutch!
I'm too much!
ShneekeyTheLost
Posts: 609
Joined: Tue Jul 31, 2012 4:45 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by ShneekeyTheLost »

Honestly, the average individual user is safe, if only through obscurity. Unless they have a reason to hack you, there's really no point. They'll go after the big guns first: banks, brokers, military, government... we're just not important enough to bother with. If they need a bot army, they can just hijack an entire ISP and every single account that ISP supports. The average user is no more, or less, secure than they once were. It is just now more widely publicized how insecure Windows is.

And people wonder why I switched to Linux years ago...
User avatar
AnotherFairportfan
Posts: 6402
Joined: Thu May 01, 2014 2:53 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by AnotherFairportfan »

Wish i COULD switch to Linux.

Unfortunately, the two programs i use most are Windows-only, and there are no good Linux equivalents. (The closest to PagePlus, my Number One app, that i've been able to find is Scribus and it ... isn't ... all that close, nor nearly so user-friendly.)

And, in the face of government-level resources, if you want to believe that Linux is safe - go ahead.
Proof Positive the world is not flat: If it were, cats would have pushed everything off the edge by now.
Alkarii
Posts: 1854
Joined: Sun Nov 09, 2014 3:02 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Alkarii »

It sounds like the only way to be safe is to keep all your money in jars buried in your yard, and to be completely cutoff from the digital world.
There is no such thing as a science experiment gone wrong.
ShneekeyTheLost
Posts: 609
Joined: Tue Jul 31, 2012 4:45 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by ShneekeyTheLost »

AnotherFairportfan wrote:Wish i COULD switch to Linux.

Unfortunately, the two programs i use most are Windows-only, and there are no good Linux equivalents. (The closest to PagePlus, my Number One app, that i've been able to find is Scribus and it ... isn't ... all that close, nor nearly so user-friendly.)

And, in the face of government-level resources, if you want to believe that Linux is safe - go ahead.
At least Linux doesn't have federally mandated backdoors that have now been proven to be able to be used against people by hackers. As I said when they originally did it. I'd probably say 'I told you so', except it's neither relevant nor useful.

Also, that's kind of an irrelevant statement. If a government resource wants in, it's going to get in. Using Linux makes them actually expend time and resources to do it, but there's nothing that can really stop someone with that level of resources aside from physically unplugging from the internet. Then again, that's not what most security is designed to protect against, which makes the point largely moot. In fact, that's why I was so against having federal backdoors in the first place. They never needed one in the first place, all it is doing is giving hackers a backdoor. Which is exactly what is happening now.

But hey, have fun knowing that any hacker anywhere can waltz into your computer any time they want and there's nothing you can do to stop them. Assuming, of course, that anyone cares.

As far as desktop publishing, I've always found Libre Office Write and Draw to be excellent resources, but YMMV.
User avatar
AnotherFairportfan
Posts: 6402
Joined: Thu May 01, 2014 2:53 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by AnotherFairportfan »

ShneekeyTheLost wrote:
AnotherFairportfan wrote:Wish i COULD switch to Linux.

Unfortunately, the two programs i use most are Windows-only, and there are no good Linux equivalents. (The closest to PagePlus, my Number One app, that i've been able to find is Scribus and it ... isn't ... all that close, nor nearly so user-friendly.)

And, in the face of government-level resources, if you want to believe that Linux is safe - go ahead.
At least Linux doesn't have federally mandated backdoors that have now been proven to be able to be used against people by hackers. As I said when they originally did it. I'd probably say 'I told you so', except it's neither relevant nor useful.

Also, that's kind of an irrelevant statement. If a government resource wants in, it's going to get in. Using Linux makes them actually expend time and resources to do it, but there's nothing that can really stop someone with that level of resources aside from physically unplugging from the internet. Then again, that's not what most security is designed to protect against, which makes the point largely moot. In fact, that's why I was so against having federal backdoors in the first place. They never needed one in the first place, all it is doing is giving hackers a backdoor. Which is exactly what is happening now.

But hey, have fun knowing that any hacker anywhere can waltz into your computer any time they want and there's nothing you can do to stop them. Assuming, of course, that anyone cares.

As far as desktop publishing, I've always found Libre Office Write and Draw to be excellent resources, but YMMV.
{A} I'm fairly sure the government already HAS that kind of access to *NIXes. There's too much that goes on on them that the government would want to know about for them to NOT have already done it.

Feel free to believe your Linux is safe.

{B} Libre Office is not even approximately a DTP program.

Could you do this with Libre Office:
xrunner.jpg
xrunner.jpg (192.79 KiB) Viewed 21205 times
and then save it as a press-ready PDF X8/X9 file or an EPS file?
Last edited by AnotherFairportfan on Sat Apr 15, 2017 4:42 pm, edited 1 time in total.
Proof Positive the world is not flat: If it were, cats would have pushed everything off the edge by now.
User avatar
GlytchMeister
Posts: 3733
Joined: Wed Oct 16, 2013 2:52 pm
Location: Central Illinois
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by GlytchMeister »

Ok, turns out MS already has patches for all these weapons, for supported versions - so 7, 8, and 10 are safe. It appears the Shadow Brokers or maybe a rogue NSA agent tipped off Microsoft a while ago.

http://www.theverge.com/2017/4/15/15311 ... ks-patched
He's mister GlytchMeister, he's mister code
He's mister exploiter, he's mister ones and zeros
They call me GlytchMeister, whatever I touch
Starts to glitch in my clutch!
I'm too much!
ShneekeyTheLost
Posts: 609
Joined: Tue Jul 31, 2012 4:45 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by ShneekeyTheLost »

AnotherFairportfan wrote: {A} I'm fairly sure the government already HAS that kind of access to *NIXes. There's too much that goes on on them that the government would want to know about for them to NOT have already done it.

Feel free to believe your Linux is safe.
Considering LInux is open-sourced, so there IS no one they can intimidate or lean into or supobena into forcing a vulnerability into the OS? Yea, pretty sure there's no deliberate holes. Again, you failed reading comprehension because I flat out stated in my previous post that there's nothing you can do to keep something with a government's resources out of your computer if they want to be there, but hey, that's not as important as trying to put one over on someone, right?

Is linux Safe? Well, it's safer than Windows or Mac. Safe as an absolute term is impossible. But at least it doesn't have thousands of deliberate back doors, the fruits of countless tens of thousands of minimum-wage coders each one wanting their little back door as proof that they worked on the system, and doesn't have federally mandated backdoors built into the code itself.
{B} Libre Office is not even approximately a DTP program.

Could you do this with Libre Office:
xrunner.jpg
and then save it as a press-ready PDF X8/X9 file or an EPS file?
Absolutely. That's what Draw does. Hell, I almost wouldn't NEED Draw for that, just Write. That's a two-column document with some images tossed in for good measure. The only reason I'd need Draw is to convert it into a .PDF file.

Of course, you're not interested in facts, you just want an argument. So feel free to disagree as virulently as you like.
GlytchMeister wrote:Ok, turns out MS already has patches for all these weapons, for supported versions - so 7, 8, and 10 are safe. It appears the Shadow Brokers or maybe a rogue NSA agent tipped off Microsoft a while ago.

http://www.theverge.com/2017/4/15/15311 ... ks-patched
Even easier than that. The feds told them to make the hole, so they already knew where it was and therefore how to patch it. They just weren't allowed to fix it until something like this happens.
Warrl
Posts: 1723
Joined: Sat Jul 20, 2013 10:44 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Warrl »

AnotherFairportfan wrote: {B} Libre Office is not even approximately a DTP program.

Could you do this with Libre Office:
xrunner.jpg
and then save it as a press-ready PDF X8/X9 file or an EPS file?
Let's see... the only parts of that page that look even moderately complicated in LibreOffice Write are the two places where a picture is in both columns. But yes, LibreOffice does that. Initially when I make the picture that wide the program tries to move it to the left column, but I moved it back with no trouble - and the program automatically moved and re-flowed the text in both columns as needed. (Note: the picture by default gets anchored to the page, not the text.)

If that hadn't worked, it wouldn't have been hard to drop a frame on the page, make it THREE-column, and arrange the text to fit, then drop a two-column frame with equal-width columns followed by another two-column frame with unequal-width columns.

There's a built-in "export as PDF" function.

EPS... I'm finding a lot about importing that format, and about exporting a document that includes EPS images (apparently this is non-obvious)... but exporting a whole document as EPS... the Draw program will export an image as EPS, but the Writer program doesn't seem to be able to write out the whole document as EPS.
User avatar
AnotherFairportfan
Posts: 6402
Joined: Thu May 01, 2014 2:53 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by AnotherFairportfan »

Extensive reply deleted.

This is shaping up as a theological dispute, and i try to avoid starting/participating in those.
Proof Positive the world is not flat: If it were, cats would have pushed everything off the edge by now.
Post Reply