So just in case people haven’t seen the dozens of article on the web. Looks like cloudflare had some HTTPS traffic leak.

Originally found by taviso@

A decent write up by octal

On going list of sites affected on github

Some sites are reporting that they may not be affected as they were just using cloudflare’s managed DNS and not the proxy. However, I’d recommend changing passwords for sites as necessary, stay safe out there.

Tavis Ormandy made the fvwm configurations I used back in college. A largely unknown programming legend.

1 Like

Set up your two-factor kids.

Except in this case, that might not help, because one of the things potentially leakable is the 2FA shared secret.

Ninja Edit: Obviously, I mean if you inititally enabled 2FA during this leaking period, it is potentially among the pieces of data bleed by CloudBleed.