Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

[Shields Up] Computer Security Thread

1373839404143»

Posts

  • TetraNitroCubaneTetraNitroCubane Registered User regular
    edited February 24
    So a security bug in the Cloudflare hosting system may have compromised loads of sensitive information from a LOT of relevant websites. This includes Reddit, Discord, and even our very own Penny Arcade forums.

    It is highly recommended that you change your passwords for all afflicted sites.

    TetraNitroCubane on
    qwlru.png
  • OrcaOrca Registered User regular
    That's suboptimal.

    evilthecat wrote: »
    "Bioware I want to suck on your teets of gamingness".

    The 2012 issue of Fornax. | Steam and Origin: Espressosaurus
    TetraNitroCubaneLostNinjaShadowfireNightslyr
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    edited February 24
    Apparently a very small percentage of all data being transferred through Cloudflare became public via this vulnerability, but it has the potential to impact ALL data traveling through Cloudflare during the duration in question. AND that data may be cached and visible via google currently.

    Passwords, SSL certs, even two-factor authentication secrets could be compromised and visible via plaintext on randomly cached websites.

    Here's a list of impacted sites that is currently evolving.

    Bonus note: This was all caused by a single-character coding bug, apparently.

    TetraNitroCubane on
    qwlru.png
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    Oh, and just to heap some gasoline onto the fire: SHA-1 is now officially broken, joining the ranks of MD5.
    Despite more than a decade of warnings about the lack of security of SHA1, the watershed moment comes as the hash function remains widely used.

    Not a good time for internet security right now, to say the least.

    qwlru.png
    EntaruNightslyr
  • OrcaOrca Registered User regular
    And this is why IoT remains dead to me.

    Security is hard and all it takes is a one fuckup anywhere in the chain to compromise things. Do I really need my pacemaker to be able to sync with my phone, or internet-enabled doorlocks? Aside from the software development cycle level of obsolescence. A furnace can easily last 20 years or more--give me the dead simple thermostat to control it and call it a day. Yeah, it would be nice to have remote start and the rest of it, but I don't want someone to be able to infiltrate my network because my 20 year old unpatched thermostat has a bloody vulnerability!

    evilthecat wrote: »
    "Bioware I want to suck on your teets of gamingness".

    The 2012 issue of Fornax. | Steam and Origin: Espressosaurus
    TetraNitroCubaneSynthesisBolthornFencingsaxamnesiasoftjmcdonaldVoodooVNightslyrCaptain Marcus
  • MugsleyMugsley Registered User regular
    I, for one, want my furnace to shut off and my doors to unlock when my pacemaker has to kick in. This way my body is preserved and the help doesn't have to bust the door down.

  • EntaruEntaru Registered User regular
    I am between wanting to tell IoT to go to hell and realizing that with my wife's current health status anything I can do to make life easier for her is a thing I am going to do even with the associated risks.

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • a5ehrena5ehren AtlantaRegistered User regular
    edited February 24
    Oh, and just to heap some gasoline onto the fire: SHA-1 is now officially broken, joining the ranks of MD5.
    Despite more than a decade of warnings about the lack of security of SHA1, the watershed moment comes as the hash function remains widely used.

    Not a good time for internet security right now, to say the least.

    Someone used the SHA-1 collision to hose the WebKit SVN repo. So that's fun.

    Edit: Apparently it was one of the devs uploading the files to create a testcase for WebKit that busted the repo. But hopefully Apache fixes SVN soon.

    a5ehren on
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    Do you ever feel like maybe two-factor authentication just isn't enough?

    qwlru.png
    PMAversDizzen
  • Mr_RoseMr_Rose 83 Blue Ridge Protects the Holy Registered User regular
    So how does the dermatologist confirm he's their dermatologist and just some random weirdo? Authentication has to go both ways for trust to be established properly dammit!

    ...because dragons are AWESOME! That's why.
    Nintendo Network ID: AzraelRose
    DropBox invite link - get 500MB extra free.
    TetraNitroCubane
  • MugsleyMugsley Registered User regular
    Welp. I went and updated my passwords for Patreon (which I don't use anymore), Betterment, and Uber. I still need to do Curse, even though I don't use my login anymore. Are there other financial sites that had a potential leak, that I should handle as a course of due diligence? I'm trying to not scrub the entire list.

Sign In or Register to comment.