ome 2017-02-24 17:03:25
And any number of random search or cache, or whatnot may have a copy of it.
ome 2017-02-24 17:03:28
You will never know for usre.
starrify 2017-02-24 17:03:34
what's the security vulnerability?
ome 2017-02-24 17:03:41
lol
agst 2017-02-24 17:03:42
Jesus. I didn't know that it leaked across domains
ome 2017-02-24 17:03:47
C.
ome 2017-02-24 17:03:49
C is the bug.
agst 2017-02-24 17:03:53
LOL
ome 2017-02-24 17:03:59
The C programmers at cloudflare, to be more exact.
agst 2017-02-24 17:04:17
That's humorously unfortunate.
ryonaloli 2017-02-24 17:04:21
ome: may *still* have a copy of it?
agst 2017-02-24 17:04:28
starrify: "Cloudflare Reverse Proxies are Dumping Uninitialized Memory" https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
amnet 2017-02-24 17:04:45
Wow.
ome 2017-02-24 17:05:08
ryonaloli: Yes. Because, *your* content could have been published as part of body of some random site.
starrify 2017-02-24 17:05:13
ugh
ome 2017-02-24 17:05:15
And as we know how search engines work: they have a local cache.
ome 2017-02-24 17:05:20
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
ryonaloli 2017-02-24 17:05:21
oh my
agst 2017-02-24 17:05:22
I know of so many sites off the top of my head that reverse with Cloudflare. I wonder if any domain can be targeted, or if it is just random.
ome 2017-02-24 17:05:23
:|
starrify 2017-02-24 17:05:24
that's all over my head
ryonaloli 2017-02-24 17:05:30
i thought it required active exploitation to obtain
ome 2017-02-24 17:05:35
nah
ryonaloli 2017-02-24 17:05:37
and after being fixed, it wouldn't be possible to obtain anymore
agst 2017-02-24 17:05:41
No, it's totally passive. A bug in their code...
ryonaloli 2017-02-24 17:05:41
well that *is* scary
Zppix 2017-02-24 17:06:01
ome: your kidding me i just went thru thousands of lines of logs just to get the link... :
Zppix 2017-02-24 17:06:03
:(
ome 2017-02-24 17:06:29
lol
ome 2017-02-24 17:06:36
It is so sad it is funny.
amnet 2017-02-24 17:06:59
starrify: Basically any data Cloudflare ever had access to would be handled in memory.
Zppix 2017-02-24 17:08:29
google acted quicker then them
ome 2017-02-24 17:08:49
Yeah, but apparently, not fast enough, according to Mathew.
amnet 2017-02-24 17:09:55
Google probably just fed it all to their AI.
agst 2017-02-24 17:09:59
Hilariously, Cloudflare put a bounty out for fixing their huge bug: https://hackerone.com/cloudflare
ome 2017-02-24 17:10:23
Their top of the line payment? A cloudflare t-shirt.
ome 2017-02-24 17:10:24
lol
amnet 2017-02-24 17:10:31
Now the data is embedded in its cortex.
ryonaloli 2017-02-24 17:10:42
that t-shirt thing is just pathetic
ryonaloli 2017-02-24 17:10:44
i mean really
amnet 2017-02-24 17:10:47
agst: That sounds secure.
ryonaloli 2017-02-24 17:10:49
that is a multi-million dollar bug
ryonaloli 2017-02-24 17:10:55
or at least $500k+
agst 2017-02-24 17:11:04
How to protect literally thousands of domains: "You must agree to our Vulnerability Disclosure Policy."
agst 2017-02-24 17:11:15
Yeah, right.
amnet 2017-02-24 17:11:24
"Hey, we're dumping tons of proprietary data. Fix plox?"
duckgoose 2017-02-24 17:11:38
yo
duckgoose 2017-02-24 17:11:42
can I get some of dat data
amnet 2017-02-24 17:11:57
Only if you "fix" the bug.
agst 2017-02-24 17:12:30
(off topic) can someone help me with a nickserv question? if I can request an old, perhaps expired nick.
amnet 2017-02-24 17:12:56
And don't put more bugs in or we'll know.
Zppix 2017-02-24 17:13:18
agst: thats a question for staff
agst 2017-02-24 17:13:46
alright
ped 2017-02-24 17:25:21
hmm, is it possible to get a list of bots?
preaction 2017-02-24 17:31:05
list of bots for what purpose?
ped 2017-02-24 17:32:28
preaction: registering etc
MetaNova 2017-02-24 17:32:37
ped: /msg nickserv help register
