The "Cloudbleed" issue: keeping you safe



  • I had difficulties especially on Sunday. Yesterday, I finally succeeded. Fortunately. I unchecked "save passwords" in browser settings before attempting password recovery. I do not know if it contributed. At last it is solved, God be blessed! Arfffff! ...



  • @adam.jablonski2
    Contact the team directly through http://vivaldi.com/contact as suggested.



  • I lost my vivaldi acc because of this, help me! BTW, don't email the email on this acc. Its the Vivaldi one



  • @dleon: That's what I did a few hours ago. Still waiting for a reply.



  • @pesala: Indeed, I completely forgot about my (now almost unused) hotmail account - password recovery information ended up in there. Thank you so much!



  • @adam.jablonski2
    lol



  • @adam.jablonski2

    Does Pesala deserves an upvote? Certainly yes.



  • @quinca71: Oh, absolutely. So do you.



  • @adam.jablonski2

    Wow, this one I got on the xepa! It was not my intention. But, since it came, welcome! Thank you :fishing_pole_and_fish:



  • @yngve: BleepingComputer's article says that the three options I mentioned had to be enabled for the issue to effect a domain protected by Cloudflare, and I don't know any security experts who are saying that you could find information from one domain in HTTP headers for another domain protected by Cloudflare. I'll have to take some time to go over the vulnerability report, the data made public by Cloudflare, and analysis of that data by other security experts to validate whether or not that is the case.



  • @yngve: So far the only things I am seeing that suggest that data from one domain could end up in the HTTP headers for a page at another domain is the following:

    A statement in the Cloudflare report that said "Because Cloudflare operates a large, shared infrastructure an HTTP request to a Cloudflare web site that was vulnerable to this problem could reveal information about an unrelated other Cloudflare site."

    Google's Tavis Ormandy said "because reverse proxies are shared between customers, it would affect all Cloudflare customers" in his original report on his discovery.

    The second statement could simply be the researcher saying that every website using Cloudflare could be vulnerable to this, and may not mean that he was seeing data from one domain in headers from pages at another domain. There is nothing else in his vulnerability report that indicates that he was seeing information from one domain in headers for pages at another domain, and his screenshots appear to only show information from single domains and not multiple domains.

    As for the first statement, it does clearly say "an HTTP request to a Cloudflare web site that was vulnerable to this problem could reveal information about an unrelated other Cloudflare site." Note it says could, and as opposed to did. That's not to say it didn't happen (obviously it could happen), but at the same time no one is clearly saying that it did happen.

    I'll continue reading to see if anyone has data showing that such a thing actually happened. Obviously in the absence of any real evidence it is safer to just assume the worst. ;)



  • Thank you Team Vivaldi for preserving i_ri' account.
    Thank You Gaelle for your recent solution has i_ri signed-in.



  • 0_1518998378103_1518969469883-viva-cloudflare-resized.png
    Does the cloudbleed ride again? This is the message I received a few minutes ago while logged into my watched posts. The connection fell. Now back again.

    Is this a recurring threat? Thanks in advance.


  • Moderator

    @quinca71 said in The "Cloudbleed" issue: keeping you safe:

    Does the cloudbleed ride again? This is the message I received a few minutes ago while logged into my watched posts. The connection fell. Now back again.

    The forum is protected by Cloudflare and sometimes their servers fail for a short time.
    But your question has nothing to do with this thread!



  • @gwen-dragon

    Thanks. Sorry.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.