Cloudbleed Security Vulnerability

Welcome furry fans!

We're glad you stopped by. Go ahead and register for a free account to get the benefits of being a member, including:

Access to all of our posts and comments
Your own profile including an avatar, buddy lists, and other social networking features
The ability to participate in a community of over 9,000 furry fans!

Creating an account is easy. Register now!

8 replies [Last post]

Fri, 2017-02-24 03:12 pm

Giza

Offline

Joined: 2006-03-03 11:19:03 pm

Posts: 2952

Hello everyone,

Due to the Cloudbleed security vulnerability, we have logged all users out of the website.

When you log back in, we ask that you change your password--that can be done here.

While we do not have reason to believe that any specific accounts have been compromised at this time, we do want to minimize the chances of that becoming an issue.

Thanks!

-- Giza

Pennsylvania Furry? Be sure to check out http://www.pa-furry.org/

Fri, 2017-02-24 07:34 pm

Lexa Wolf

Offline

Joined: 2016-07-09 07:57:26 pm

Posts: 134

Thanks for the heads up. I just changed my password.

Fri, 2017-02-24 09:52 pm

Pegasus

Offline

Joined: 2012-02-17 12:49:07 am

Posts: 32

Holy Crap, how could I have missed that advisory

What a nasty bug, thanks a lot for making us aware. Guess I will spend the rest of the night changing all my passwords.

Fri, 2017-02-24 11:01 pm

TheBlueWizard

Offline

Joined: 2011-07-02 06:51:30 pm

Posts: 54

I just changed my password too. But I see two technical problems with this website: one, I don't see a link to the password editing area from the "User Menu" section on the left column, despite the fact that the "My account" link is shown. Also, in the password changing area, it should ask for old password as well as for the new password just to add a layer of security in my opinion.

I'm sure those can be easily fixed. Thanks!

Fri, 2017-02-24 11:17 pm

charlieg

Offline

Joined: 2007-05-13 04:09:41 pm

Posts: 2848

When you click on MY ACCOUNT, there's an EDIT option next to most options. If you click on that, you will see tabs where you can change almost everything, including your password.

To avoid problems with parents, read this FAQ and all its internal links before discussing Furry with your parents:

http://forums.anthrocon.org/faq/minors

Tue, 2017-02-28 12:00 am

Giza

Offline

Joined: 2006-03-03 11:19:03 pm

Posts: 2952

Yeah, Drupal's being weird about that, and I haven't been able to get to the root of the problem unfortunately. (that's one reason why I included the link in my post)

Pennsylvania Furry? Be sure to check out http://www.pa-furry.org/

Sat, 2017-02-25 12:12 am

Ron Bauerle

Online

Joined: 2006-12-20 10:28:35 am

Posts: 1437

I didn't know a buffer overrun would/could result in storing data "on a completely different website" - ??? I thought it just let the hackers get access to the original website...

Tue, 2017-02-28 12:01 am

Giza

Offline

Joined: 2006-03-03 11:19:03 pm

Posts: 2952

CloudFlare's platform proxies HTTP requests for many (millions?) of different websites. As such, one of their daemons which proxies traffic for any given website in one request, can proxy traffic for an entirely different website in the next request.

Pennsylvania Furry? Be sure to check out http://www.pa-furry.org/

Tue, 2017-02-28 08:52 am

Aushi

Offline

Joined: 2017-01-11 03:25:41 pm

Posts: 5

The buffer overrun returned data to clients other than intended-- some of those clients were search engine spiders, which cached the data. Most of that data also had common meta identifiers in the dumps, so it was pretty easy to find until the search engines started purging it.

So you had effectively millions of passwords, auth tokens, encryption keys, etc, etc in plaintext on Google. This was, as bad things go in the security world, astoundingly bad.

Social Media

Information

User login

Community

Guests and Events

Artists and Dealers

Volunteer Info

Countdown

Who's online

Online users

Cloudbleed Security Vulnerability

Comment viewing options

Comment viewing options