Professional Documents
Culture Documents
Cloudflare Has Been Leaking Secrets - YOU BEST BE BEHIND A VPN SONNY
Cloudflare Has Been Leaking Secrets - YOU BEST BE BEHIND A VPN SONNY
jpg)
[]
Cloudflare has been leaking secrets Anonymous 02/23/17 (Thu)
21:39:46 44a782 No.9348577>>9348679 >>9348758 >>9348784 >>9349496 >>9350275 >>9350612 >>9350784 >>9350824 >>9351311 >>9352500 >
>9352838 >>9353931 >>9355656 >>9356605 >>9356953>>9358069 >>9362991 >>9369620 [Watch Thread][Show All Posts]
YOU BEST BE BEHIND A VPN SONNY
>We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even
HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and
the implications, we immediately stopped and contacted cloudflare security.
>We've been trying to help clean up cached pages inadvertently crawled at Google. This is just a bandaid, but we're doing
what we can. Cloudflare customers are going to need to decide if they need to rotate secrets and notify their users based
on the facts we know.
>I don't know if this issue was noticed and exploited, but I'm sure other crawlers have collected data and that users have
saved or cached content and don't realize what they have, etc. We've discovered (and purged) cached pages that contain
private messages from well-known services, PII from major sites that use cloudflare, and even plaintext API requests from
a popular password manager that were sent over https (!!).
tl;dr
If you haven't been using basic OpSec online (local password vault, VPN, moderately hardened browser, etc.) and you
visited a cloudfare "protected" site. There is a chance that your traffic has been scraped due to a memory bug a lot like
heartbleed. Nothing that anyone on a fine Cambodian knitting forum should be concerned about of course. This is just
another one of those subtle hints reminding everyone that you have to be serious about your personal online security.
>It looked like that if an html page hosted behind cloudflare had a specific combination of unbalanced tags, the proxy
would intersperse pages of uninitialized memory into the output (kinda like heartbleed, but cloudflare specific and worse
for reasons I'll explain later).
Wonder if Jim knows
Source:
https://archive.fo/vVpjT
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
https://archive.fo/9NVXr
Anonymous 02/23/17 (Thu) 21:56:38 98b8cb No.9348679>>9348705 >>9348763 >>9349211 >>9358200
>>9348577 (OP)
nigger unless you own the internet and isp's then you're fucked an yways
>>9348784
pretty much this. Come kill me I don't care.
>>9348840
I think OP's point is, no one is safe, period and opsec is really the only thing that can be done. Yet another fucking wakeup
call.
>>9348712
Carrier Pidgeons
Anonymous 02/23/17 (Thu) 22:18:11 20d620 No.9348877>>9350806 >>9354927 >>9356953
File (hide): 317199c6a6bd1c6.jpg (684.8 KB, 1200x1188, 100:99, 59898499_p1_master1200.jpg)
>>9348947
Same here. Anons I'm worried about going to sleep tonight now.
>>9348971
Oh look it even has a logo
>>9348967
don't worry anon you could probably take on whatever nerds they send. i'd sleep with a sharpened twig if i were you
though
>>9348840
> because you don't use a kike platform.
Anonymous 02/23/17 (Thu) 22:45:45 246a7b No.9349168>>9349177 >>9349199 >>9349221 >>9351385 >>9356249
File (hide): e6a4e69b98a9133.jpg (390.44 KB, 1247x799, 1247:799, i_was_right.jpg)
>>9349168
>it was so bad that Tavis found it by accident just looking through Google search results.
>>9349199
This really is as bad as it gets, isn't it?
>>9349168
>This is approximately as bad as it ever gets.
>>9349250
>tfw not tech literate but can still feel how bad this is
>>9349261
>The "well-known chat service" mentioned by Tavis appears to be Discord, for the record.
Yup, it's bad.
Anonymous 02/23/17 (Thu) 22:58:54 0018ba No.9349311>>9349322 >>9349327 >>9349337 >>9349340 >>9353886 >>9356953
>>9349140
You're using one right now.
These comments. Yeah, best be changing those passwords lads. This looks like it is actually fundamentally worse than
Heartbleed.
https://news.ycombinator.com/item?id=13720781
>>9349311
>>9349322
fug
Anonymous 02/23/17 (Thu) 23:03:40 20d620 No.9349350>>9349359 >>9349363 >>9349378 >>9349388 >>9349413
>>9349292
If I uninstall discord right now, is it already too late?
>>9349350
>>9349350
TOP KEK
nah you're boned. this is exactly why we told you faggots not to use that shit.
also >tfw you'll be playing this in less than 12 hours
>>9349350
Supposedly it was "fixed" so the damage is already done. The problem is it was spraying all the data out so the bots /
crawlers / page cachers / etc. could grab all the goodies.
Pic attached pretty much sums it up. If they were on the stock market they aren't we would be talking about a company
killing blow from this; but instead these fuckers will keep siphoning off the backs of the internet with their "security". I hate
cloudflare, makes Tor nearly unusableand their captchas can kiss my fucking ass
>>9349441
Wouldn't it be funny if the NSA homebase was "Cloudflare" protected and Equation group just grabbed the tools off of
Baidu or VKontakt webcrawler data.
>>9349413
So their service has access to he client's encryption keys etc. Am I reading that right. I guess they'd have to. That's lovely.
Shady as fuck. The whole problem is likely the result of their data sniffing activities. Or collateral damage from third party
penetration into cf's data vaults.
>>9349467
>>9349441
So pretty much everyones fucked? This is some hilarious shit. Many kek's will be had in the ensuing chaos. Glad I saw
this coming and switched back to nix entirely quite some time ago. I know i'm far from 100% safe, but I'll take my odds and
honestly don't give a shit if (((they))) know that I frequent a tanzanian book binding forum for my main news source.
>>9349440
This namefagging nigger get's it. Don't think I fucking ever bro saw discord being discussed without a rain of shit coming
down afterwards on whoever mentioned that jewy pot o' honey. And I may be old but I'm relatively new around here, and
honestly I should still be lurking, got like 9 more months to put in. Been a fun ride so far. Posted a bit during the peak of
election season ofc, but seriously faggots lurking is better for you. Have some humility, it will catalyze the rate at which
you may truly understand and swallow dem pills. 4 realz.
>>9349555 (check'd)
Anonymous 02/23/17 (Thu) 23:35:00 448099 No.9349610>>9349620 >>9349633 >>9349637 >>9349724 >>9349802
>>9349541
its not reddit spacing if its meme arrows faggot. I'm a project manager for a construction company. Its all redpills from the
top down.
Get a real job.
>>9349610
>tfw watching a blue pilled normie post on /pol/ for the first time and getting BTFO
SORRY DESU!!!
Anonymous 02/23/17 (Thu) 23:40:22 7a208c No.9349654>>9349715 >>9349732 >>9349767 >>9349774 >>9350088
>>9349643
This.
How do you vet a VPN provider?
>>9349642
>le wagecuckie is redpilled meme
Is it bad opsec
opsec to transfer my files from my android to a pc?
>>9349663
>halfchan
>not cuckchan
>>9349666 (checked)
SATAN LIKES ANIMU AND CONFIRMS WAGESLAVES ARE SLAVES==
>>9349610
I work at a gym. What do you do?
>>9349718
>i do polposting
Anonymous 02/23/17 (Thu) 23:50:14 0ad97e No.9349758>>9349822
File (hide): f0c2436e5b33e93.gif (820.25 KB, 245x209, 245:209, wew.gif)
>>9349718
>polposting
>>9349822
kys
>>9349936
>>9349961
Is it really? I thought it was owned by Swedish guy, pic related (founded Swedish Pirate Party). Is he controlled op?
Anonymous 02/24/17 (Fri) 00:20:06 6961b1 No.9350000>>9350009 >>9350012 >>9350016 >>9350052 >>9356953
>>9349936
Proofs?
What's a better alternative if true?
>>9350000
quads of proofs
>>9349993
No its just /pol/ related shit like memes. I was just wondering if it would be secure to do.
>if someone gets a ho-
Even if i deleted it all? So what, am i suppose to hammer that shit?
>>9350000
Self-checked.
>>9350027
Everyone was at one time Anon very few will admit it though Here's an otter.
>>9350051
To add on, the best way to circumvent DNS leaking is to (at the router level) set your DNS to one that is not ISP specific
and non-five eyes. That way the only thing the ISP sees is that you connected a VPN tunnel to https://xyzVPN.com. I can't
remember how to config in windows but in linux you set it at the /network/interfaces (or if you have a decent firewall at the
perimeter- set it there). Pic related is my favorite DNS. Advantages are when something goes titsup at say 8.8.8.8
(Google) it takes awhile for the DNS poison attack to propagate; also when Google decides it is #FakeNews your ISP is
going to agree. If you have one that won't censor- your good. Like a vpn, no logging as well.
Not shilling them but DNS is dime a dozen do some searching, these are dns.watch IP's.
>>9349211 (checked)
Even if it is, they're still probably capable of reading, even the most autistic measures aren't a guarantee when encryption
algorithms have been compromised in the past.
Just don't do things that can be held against with something connected to the entire fucking world and that passes through
dozens of unaccountable middlemen. That goes double for cellphones.
>>9348763
>ISPs monitor HTTPS
>>9348577 (OP)
>cloudflare is bad
>links archive.fo witch uses cloudflare
Thanks op!
Another note apparently archive.fo went full kike and isn't allowing vpns to acesses it
>pic related
Anonymous 02/24/17 (Fri) 00:57:00 246a7b No.9350276>>9350309
>>9350260
the
curl -I https://big.boobies.com
worked a charm too.
Todd Howard the DOUBLE_NAMEFAGGOT >:^^^^^^) 208.185.160.191 02/24/17 (Fri) 01:07:16 91b4c4 No.9350328
And I mean 2016 DOOM not that outdated misogynist filth that inspired every school shooter ever
>>9350304
well fug. that's gonna take a while for a tech iliterate fag like me to do but if it means more security it's worth it, right?
Also is all the info on these steps online?
>>9350349
>A computer does not need 8GB of RAM to be useful.
Preaching to the choir, amigo.
>>9350475
>If you aren't making it yourself you have no idea what is and isn't on your system.
You recommended two inferior operating systems that are nothing more than modifications of Debian. I asked for your
reasoning in recommending them over their base OS, and you admit you have none.
We're talking about a good first Linux OS, not building your own OS like Terry Davis to evade the CIA niggers.
Thanks for the lulz, kid. Keep cucking away on Ubuntu, nothing personnel.
>>9350510
>Could this be Deep State fuckery?
>>9348712
>>9348865
>Carrier Pidgeons
Carrier Pidgeon internet confirmed best internet.
>>9348577 (OP)
Ultimately any large provider of web services is a client or a customer of the intelligence services. That's what Prism
revelation was all about. I hope no one forgot that.
Your VPN provider can be compromised in exactly the same way Cloudflare can. If they exist in the material universe, the
CIA and NSA can get to them. Research your preferred services carefully and try to assess risks yourself.
>>9350612
>Not connecting to the noosphere using your connection to Kek while dreaming to browse the Wired
Fucking plebs
>>9350631
>If you use an SSD, well you can't really wipe those and be 100% certain that all of your data is off of those because of
how flash memory works
This is pretty much true but here is a good trick. Say you are running an unencrypted OS and delete a bunch of files
(didn't even shred them). You can write a file of zeroes to the disk until the process exits because the disk become full:
dd if=/dev/zero of=zero.foo
If you want to you, you could use /dev/random, but it will take a lot longer.
I recommend setting up full disk encryption when install Debian, that way it asks for a password at boot, and even the OS
files are encrypted.
>>9350784
APPARENTLY I'M FROM SWEDEN
>>9348877
Honesty is a virtue.
>>9350818
>anonymity == privacy
>>9350126
>You could do it all manually if you were super autist about it.
>wget example.com/yourfile.deb
>dpkg -i yourfile.deb
that's right, trust the binary from example.com goy
>not compiling from source
>not using gentoo
>>9350987
>stack of platters
What hue are they? Grey, blue, amber?
try giving a shiny one to a qt gf as a makeup mirror for her purse. surprisingly impressive to most
>>9351068
>broken substrate can be ridiculously sharp and jagged depending on it's crystalline orientation
Oh fascinating, I've actually tried bending some platters with pliers before and they were very tough metal of some kind,
couldn't break them. There must be different materials of platters, and different coatings. The only amber platters I ever
saw were from very old drive from the 80s and early 90s (shucked e-waste around a warehouse one summer).
I have been meaning to fill up a few old HDDs with folders full of copy pasted pepes, to troll law enforcement if my shit is
ever seized (the rest is all encrypted)
>>9348816
This. Fuck them.
>>9351087
>Are you talking about real life or is this some kind of sick fever dream shit
Need I say more than pic related, anon?
http:// www.parl.gc.ca/Parliamentarians/en/members/Iqra-Khalid%2888849%29/Motions?
sessionId=152&documentId=8661986
>>9351126
eh, ignore the goytube link. have a webm of it
>>9348577 (OP)
could be related?
File (hide): a49042bc36066b7.jpg(45.83 KB, 639x960, 213:320, totally spies sam 9832.jpg)
>>9351126
>>9351128
but which is the 1010 and which is the 1111?
>>9349034
The other options offered are good but you can also check certificate on sites that are working with SSL. Because for
Cloudflare to provide their service they need to be an SSL/TLS man-in-the-middle, they have their own certificate facing
toward the end user. Here's the cert for 8chan as an example.
The fact that Cloudflare removes SSL and gets to see all traffic plaintext is the real concern even moreso than what OP is
showing (although that's a great story that helps get this into public awareness). Cloudflare literally "does it for free" and
gets just about nothing out of providing this anti-DOS service other than the ability to spy on lots of people. It looks a little
bit like a protection racket where you pay in privacy, or else get forced off the internet.
>>9351394
>>9351410
>>9351558
>>9351577
Yes go-erm-guys it's just the deep state illuminati NWO globalists behind it all! Certainly not us jews, oy vey, we dindu
nuffin!
>>9352075
Proofs? You don't seem the lying kind.
my dad works at nintendo btw.
>>9351633
>how do you do fellow \POL\sters, the deep state is not jewish in the least
>>9348577 (OP)
>root pass
>linux boot from usb stick
>vpn
>server side encryption
>virtualmachine running another linux distro
>DNS/DHCP/IP randomizer
>bravo
>https only
>javascript disabled
if you're not on this level, get off the internet forever
Anonymous 02/24/17 (Fri) 12:46:54 94efa5 No.9353333>>9353339 >>9353632 >>9353708 >>9353873 >>9353894 >>9356953
If you're a goy that walks the Earth, then the elite jew pigs already have you on the extermination list. Whether or not you
are anonymous just changes how far or down you are on the list.
Anonymous 02/24/17 (Fri) 12:47:20 94efa5 No.9353339
>>9353333
You can't argue with these quads goyim.
>>9355157
Story time anon. What did the cops say to you each time?
Anonymous 02/24/17 (Fri) 18:05:10 5ce63f No.9355211>>9355243 >>9355268 >>9356953 >>9364651
>>9355166
They were just like "we're checking up on you buddy, don't let things get you down, someone was concerned about your
wellbeing and your potential to commit suicide". They were really nice white cops every time, sometimes two men,
sometimes two women, and they were redpilled.
>>9355211
well that was nice of them
>>9349168
>This is approximately as bad as it ever gets.
>>9356605
You should check out OpenBSD. There is plenty of *nix software that can easily be personally verified to be free of
backdoors.
You know what would be really cool? A third party audit of the Linux kernel. There are other kernels too, such as the BSD
kernel, and GNU Hurd.
Check out coreboot/libreboot for open source BIOS/EFI, limited hardware compatibility, but there some nice thinkpads that
can run it.
Search online for open source hardware projects. There are a shit load of open source ARM computer board projects,
some of which are decently capable computers that can run Linux and a desktop environment for general computing (and
are very low energy use to boot).
Lots of stuff going on out there like this, actually. Would love anons to organize third-party audits of important software
such as kernels, encryption tools (similar to the Truecrypt audit), etc. etc.
EXTREME DIGIT CHECKER PRO 02/24/17 (Fri) 22:02:47 49d33f No.9356953>>9357074 >>9358525
File (hide): 2702d4a153b822c.jpg (37.15 KB, 480x360, 4:3, famousepainter.jpg)
>>9348577 (OP)
>>9348799
>>9348877
>>9348911
>>9348988
>>9349022
>>9349044
>>9349055
>>9349099
>>9349100
>>9349111 (trips!)
>>9349133
>>9349144
>>9349166
>>9349177
>>9349199
>>9349211
>>9349311
>>9349322
>>9349388
>>9349400
>>9349411
>>9349511
>>9349555 (trips!)
>>9349588
>>9349633
>>9349644
>>9349666 (trips!)
>>9349688
>>9349822
>>9349922
>>9350000 (Quads!)
>>9350088
>>9350177
>>9350200
>>9350222 (trips!)
>>9350244
>>9350255
>>9350355
>>9350388
>>9350399
>>9350488
>>9350499
>>9350677
>>9350688
>>9350755
>>9350788
>>9350833
>>9350855
>>9350866
>>9350944
>>9350999 (trips!)
>>9351011
>>9351300
>>9351311
>>9351399
>>9351411
>>9351577
>>9351633
>>9351699
>>9351911
>>9352000 (trips!)
>>9352022
>>9352055
>>9352500
>>9353144
>>9353333 (Quads!)
>>9354811
>>9355155
>>9355166
>>9355211
>>9355311
KEK WILLS THESE DIGITS OF JEWISH DESTRUCTION
>>9357051
>unless you're ready to upgrade every six months and having to go through the process then you're not doing yourself
any favors running it
Currently only experimented with it a bit on a spare laptop I had kicking around. I was able to pretty quickly get a wm
running and a web browser, which is bretty neat I guess. Really like the ZFS & encryption you can enable at install time
now (full OS/disk encryption iirc?). ZFS is what we will be using on our space ships in 200 years.
I'm a bit of a weirdo. I have everything organized in a home directory (with crons backing up important OS config files
etc.), and I reinstall my OS every few months, sometimes a lot more often. Pretty much every time I'm forced to install
some stupid binary or sketchy .deb for whatever purpose, signals the beginning of a new install cycle for me, but it's super
fast to just reinstall the few packages I need, and replace my home dir.
What I'm saying is beyond aptitude upgrade almost every day, I cleanly reinstall (generally Debian) on a weirdly regular
basis. It's partially a type of paranoia and partially Unix neet OCD. (Because I use full disk encryption each time, and
because of the way LUKS works, that means my old data is forever lost the moment the partition header is overwritten).
I no longer spend much effort configuring window managers or desktop environments, I just have zsh and vim set up the
way I want and I am happy. My OS usage has become utilitarian, I no longer tweak shit, I rarely even bother to change the
default OS desktop background anymore. I'm too lazy and too busy with other things (like shitposting amirite?).
I've begun running instances of Debian and other Unixes or whathaveyou in virtualbox for web browsing, and just deleting
it every so often and copying an older version etc. (Like frogmaster Elliot Alderson in mr robot).
I guess I would be fine with reinstalling OpenBSd for general purpose browsing and such every 6 months, I just haven't
felt triggered enough yet to make the permanent switch. The only reason I use Debian is because it has so much software
ready to go from the maintained repositories, isn't fully ZOG pozzed AFAIK (but honestly it probably is), and I'm used to it.
Just rambling. We should really make some basic opsec memes and have a thread dedicated to this to educate the
other /pol/lacks.
>>9357395
Interesting, I should visit more boards in general just to see what's around. I'll check it out later, thx. I think some 1488
themed opsec memes are absolutely in order too though. I will see what I can do.
>>9357243
>hould be audits by users per commit. So, for each commit, several people can "vouch" for the code as safe before
merging into master. Anything merged without audit should raise a red flag.
This is a fucking awesome idea.
>>9348577 (OP)
>>9357635
Here's a shitty diagram
this thread has convinced me that if i ever get into a solid financial situation the first thing im doing is hiring an ocd
paranoid neet to secure my shit up full time
The solution seems pretty fucking obvious you faggots. We build out own internet using Tesla stratosphere currents and
modified ham radio receivers. Prove me wrong.
>>9351291
either way you're at risk. That's why we have github and md5 checksums.
If you're super autistic about it:
1: Make your own hardware
2: Write your own assembly langauge
3: Write your own compiler
4: Write your own OS
5: Write everything else on your own.
You'd be bretty much immune to any non-targeted hacking attempts if you did it ALL on your own
>>9352075
>mfw I can order paramilitary hitsquads to any place in Europe within 24 hours.
>mfw the first order is free, because I posted a lot of /pol/ memes on its mailing list and even 30 year
Would you like the Rothschild's address?
>>>/baphomet/ will help you out if you're not full of shit
>>9356605
>I'm starting to write my own operating system
Me too. Compiling is a PITA though, takes too fucking long, There used to be a Natsoc linux distro out there, but it was
discontinued
. We should probably start a new one.
>>9356749
>Why write an entire fucking operating system when you could just join the Temple OS guy or join a linux project and
subvert it?
It helps to learn what is actually going on in your computer so you can tell the bullshit "zomg h4xxordzz killed my dog"
stories from the "you're fucked" realities that get 2 minutes of coverage.
Besides, as much as I like mint it is becoming too bloated. You want a secure distro not a 'we wanna be the next
windows/mac' distro.
And you know, it's much easier to add on features as you go than it is to remove them. That's part of the reason we have
bloatware.
>>9356831
I might make my own kernel, with blackjack, and hookers.
As far as encryption tools those are easy as shit to write, hell you could use bc and a terminal to encrypt if you wanted to.
The real auditing for those is crypto-cracking.
>>9357369
>I no longer spend much effort configuring window managers or desktop environments, I just have zsh and vim set up the
way I want and I am happy. My OS usage has become utilitarian, I no longer tweak shit, I rarely even bother to change the
default OS desktop background anymore. I'm too lazy and too busy with other things (like shitposting amirite?).
Fuck, are you me?
>>9359335
>Full disk encryption
>LUKS
m8 it's not like windblows where they use the same encryption keys. Linux generates its' own keys each and every time
you install it
>>9359467
capped for all eternity.
>>9359568
>lightweight
>64bit
kek
>>9359922
>those double dubs
>those double ds
Only problem is it's illegal to encrypt radio traffic over ham afaik.
>>9348818
>NSA mormon data closets
oh shi-
>>9362946
>I'm scanning this thread and not seeing anything about free VPNs
Are you retarded or are you just a silly Pooh Bear that's looking for pots of honey? For fuck's sakes, stop taking candy
from strangers. How many times are you going to have to get Jewed before you learn your lesson?
>>9353954
I tried Crunchbang before it dissolved and it was good, but as of now it's only good for web browsing for the end user. It
used less than 100MB of memory idling, compared to Window 7's >1GB. WINE is a pain, and I need muh proprietary
software like UT2004, PS, AI, Pr, and others
pic related was on a random computer in my basement, dual athlon
>>9369954
ok
>>9370521
>I wonder if large corporations like Google also have similar tech
Can you imagine the robotic tech they have that we will probably not see until the shit really hits the fan and the air drop
10k terminators somewhere?
>>9370613
enjoy your nightmares
>>9370885
Remember: they recently used a robot with C4 strapped to it to take out that black shooter a while back. Once they start
weaponizing those quick dog robots in a similar fashion, we're breddy fucked.
Burgers should demand that they be allowed to own terminator robos and exo skeletons as part of your 2nd amendment
rights.
Also, in this >>9370725 video, at the end the robot disobeys, physically threatens, and appears to frighten the man on the
couch, then it scurries off and plays dead. Meanwhile the Chinese probably have similar robots gathering random humans
to have their organs harvested.