Page 4 of 4 FirstFirst ... 234
Results 31 to 33 of 33

Thread: Is anyone else getting rerouted from GSUS to a virus program when you use Google?

  1. #31
    Administrator JohnQPublic's Avatar
    Join Date
    Mar 2010
    Posts
    8,926
    Thanks
    890
    Thanked 2,266 Times in 1,345 Posts

    Re: Is anyone else getting rerouted from GSUS to a virus program when you use Google?

    Forum runner has not been working well for me for about a year. They stopped supporting it, and I suspect it is no longer safe.
    "What Difference, at this time, does it make?"

    "What is 'is'?"

    "Because you'd be in jail"

  2. #32
    Iridium monty's Avatar
    Join Date
    Apr 2010
    Location
    Nevada
    Posts
    8,940
    Thanks
    7,783
    Thanked 8,331 Times in 5,107 Posts

    Re: Is anyone else getting rerouted from GSUS to a virus program when you use Google?

    Quote Originally Posted by JohnQPublic View Post
    Forum runner has not been working well for me for about a year. They stopped supporting it, and I suspect it is no longer safe.
    I haven't been able to post from it for a long time. It crashes. I use it on my phone to read the forum when I am out.
    The only thing declared necessary in the Constitution & Bill of Rights is the #2A Militia of the several States.
    “A well regulated militia being necessary to the security of a freeState”
    https://ConstitutionalMilitia.org


  3. #33
    Unobtanium
    Join Date
    Apr 2010
    Posts
    12,556
    Thanks
    2,628
    Thanked 3,181 Times in 2,248 Posts

    Re: Is anyone else getting rerouted from GSUS to a virus program when you use Google?

    on the face of it: Because cloudflare is so widespread and caches so many sites to provide faster access close to the internet user, it's likely many other sites are affected.

    If anyone comes across more info to clarify how widespread the problem is please post it.

    Here Are The Passwords You Should Change Immediately
    If you have or had accounts on Fitbit, Uber, OkCupid, Medium, or Yelp, you should probably change your passwords. In a blog post published on Thursday, the web performance and security company Cloudflare said it had fixed a critical bug, discovered over the weekend, that had been leaking sensitive information such as website passwords in plain text from September 2016 to February 2017. Over 5.5 million websites use Cloudflare, including Fitbit, Uber, OkCupid, Medium, and Yelp

    Some website sessions accessed through HTTPS, a secure web protocol that encrypts data sent to and from a page, have been compromised as a result, and what makes the bug particularly serious is that some search engines (including Bing, Google, and DuckDuckGo) had cached, or saved, some of the leaked data for some time. This data isn’t easy for a nontechnical person to find, but for someone with knowledge of how to craft specific queries for affected websites’ leaked data on search engines, it was well within their reach.
    http://www.orrazz.com/2017/02/here-a...ld-change.html

    Incident report on memory leak caused by Cloudflare parser bug
    Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare.

    It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.

    For the avoidance of doubt, Cloudflare customer SSL private keys were not leaked. Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug.

    We quickly identified the problem and turned off three minor Cloudflare features (email obfuscation, Server-side Excludes and Automatic HTTPS Rewrites) that were all using the same HTML parser chain that was causing the leakage. At that point it was no longer possible for memory to be returned in an HTTP response.

    Because of the seriousness of such a bug, a cross-functional team from software engineering, infosec and operations formed in San Francisco and London to fully understand the underlying cause, to understand the effect of the memory leakage, and to work with Google and other search engines to remove any cached HTTP responses.

    Having a global team meant that, at 12 hour intervals, work was handed over between offices enabling staff to work on the problem 24 hours a day. The team has worked continuously to ensure that this bug and its consequences are fully dealt with. One of the advantages of being a service is that bugs can go from reported to fixed in minutes to hours instead of months. The industry standard time allowed to deploy a fix for a bug like this is usually three months; we were completely finished globally in under 7 hours with an initial mitigation in 47 minutes.

    The bug was serious because the leaked memory could contain private information and because it had been cached by search engines. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence.

    The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of request
    https://blog.cloudflare.com/incident...re-parser-bug/
    Great minds discuss Ideas, Average minds discuss Events, Small minds discuss People. E.R.

    Anytime I'm in doubt I go outside and give it a little shake.
    Liberty Tree.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •