Da reddit:
----
ANYTHING transited through CloudFlare could have been sprayed onto the internet. Even worse, HTTP caches (like Google, corporate web caches, ISP caches) have cached these malformed data.The examples we're finding are so bad, I cancelled some weekend plans to go into the office on Sunday to help build some tools to cleanup. I've informed cloudflare what I'm working on. I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We're talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.
"Consequence of @taviso's Cloudbleed discovery: essentially any traffic which passed through Cloudflare (even https) recently might be public"
https://twitter.com/octal/status/834925850470432769
UPDATE: 1Password not affected
What you can do
Change passwords on all CloudFlare sites. This includes:
- reddit
- bitfinex
- bitstamp
- coinbase
etc...
If you enabled 2FA recently in the past few months, it's possible that the 2FA secret ITSELF was leaked. You should disable and re-enable 2FA.
You can read the full discovery here: https://bugs.chromium.org/p/project-...detail?id=1139
You can see CloudFlare trying to downplay the impact of the incident, when Cloudbleed is bigger than Heartbleed.
- - - Updated - - -
	
		
			
			
				
					
 Originariamente Scritto da 
tigerwoods
					 
				 
				non so, io volevo proprio passare ad authy da google authenticator mo vedo unpo' 

 
	 
 Io uso authy perché Google Authenticator non ha protezione con PIN o impronta. Mi auguro che il seed sia locale al cellulare e sia mai stato caricato su authy.com.