[193934] in North American Network Operators' Group
Re: Serious Cloudflare bug exposed a potpourri of secret customer data
daemon@ATHENA.MIT.EDU (Matt Palmer)
Thu Mar 2 18:15:30 2017
X-Original-To: nanog@nanog.org
Date: Fri, 3 Mar 2017 10:15:22 +1100
From: Matt Palmer <mpalmer@hezmatt.org>
To: nanog@nanog.org
In-Reply-To: <99FF5A5E-1E62-44E4-A306-4053D522005F@sep2.co.uk>
Errors-To: nanog-bounces@nanog.org
On Sat, Feb 25, 2017 at 07:21:48AM +0000, Mike Goodwin wrote:
> Useful information on potentially compromised sites due to this:
>
> https://github.com/pirate/sites-using-cloudflare
"This list contains all domains that use Cloudflare DNS"
That's only marginally more useful than saying "any domain matching /^.*$/";
plenty of domains use Cloudflare's DNS without using the proxy service (and
it is, barely, possible to use the proxy service which had the bug without
using the DNS service).
- Matt
--
A byte walks into a bar and orders a pint. Bartender asks him "What's
wrong?" The byte says "Parity error." Bartender nods and says "Yeah, I
thought you looked a bit off."
