First  Prev  1  2  Next  Last
Post Reply Crunchyroll Not Affected by CloudFlare Leak
Administrator
shinji 
205108 cr points
Send Message: Send PM GB Post
16 / M / Tokyo-3
Offline
Posted 2/24/17 , edited 3/1/17
Hi Everyone,

You may have heard recently that the web security service CloudFlare experienced a leak of sensitive data. We just wanted to let everyone know that Crunchyroll is not affected by the leak as we do not use any of the services that were compromised. All Crunchyroll user data remains safe, so don't worry!

That being said, it is always a good idea to change your passwords regularly, and to choose long and complex ones that are not used in other places.

Keep safe~!

24183 cr points
Send Message: Send PM GB Post
38 / M
Offline
Posted 2/24/17 , edited 3/1/17
Cool, was curious about this, thanks for informing.
35801 cr points
Send Message: Send PM GB Post
Offline
Posted 2/24/17 , edited 2/24/17
Good to know but this is a good exuse to change my password anyway
1793 cr points
Send Message: Send PM GB Post
31 / M / Azeroth
Offline
Posted 2/24/17 , edited 3/1/17
For clarification, that means CR does not use "Email Obfuscation", "Server Side Executes" or "Auto HTTPS Rewrites"?


https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

We quickly identified the problem and turned off three minor Cloudflare features (email obfuscation, Server-side Excludes and Automatic HTTPS Rewrites) that were all using the same HTML parser chain that was causing the leakage. At that point it was no longer possible for memory to be returned in an HTTP response


...which are all part of "ScrapeShield"?

https://blog.cloudflare.com/introducing-scrapeshield-discover-defend-dete/

Even if CR does not use the affected services, it shares resources with ones who do, which could lead to leaking of CR data.


The Cloudflare's "ScrapeShield" feature parses and obfuscates HTML, but since reverse proxies are shared among customers, it would affect all CloudFlare customers.


So, I would think still soon to /declarevictory at the moment.
30000 cr points
Send Message: Send PM GB Post
84 / F / Bite the pillow.
Offline
Posted 2/24/17 , edited 2/28/17

shinji wrote:



That being said, it is always a good idea to change your passwords regularly, and to choose long and complex ones that are not used in other places.

Keep safe~!

Any thoughts of implementing two-factor authentication for CR accounts?
1005 cr points
Send Message: Send PM GB Post
46 / M
Offline
Posted 2/24/17 , edited 3/1/17
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/


Because Cloudflare operates a large, shared infrastructure an HTTP request to a Cloudflare web site that was vulnerable to this problem could reveal information about an unrelated other Cloudflare site.


My understanding is that all memory within a single shared nginx process was open game. Only requests to specific broken sites using the broken services would actually return leaked information, but the origin of the leaked information could be any site that had requests served through the same process. This means that any site, even if it didn't use the broken features, was potentially victim to this information leak.
3014 cr points
Send Message: Send PM GB Post
22 / M
Offline
Posted 2/24/17 , edited 3/1/17
Agreed with @atbaaba and @TheGrandAlliance

From my understanding of the vulnerability, Crunchyroll did not have to be using the buggy HTML rewriting service to be harmed, the traffic from Crunchyroll simply had to be going through the same server as another site who used the service. Since the bug allowed for any unallocated memory to be leaked, surely this memory could have included Crunchyroll data, unless for some reason the same server was never used for Crunchyroll and another site that used HTML rewriting.

Hoping for some clarification
31706 cr points
Send Message: Send PM GB Post
27 / M / BAYSIDE,NY
Offline
Posted 2/24/17 , edited 2/24/17
thanks for letting us know crunchy..
36398 cr points
Send Message: Send PM GB Post
38 / F / Seireitei, Soul S...
Online
Posted 2/24/17
I already had a pretty strong password for Crunchyroll but I changed it last night just in case. I'd been using it for awhile anyways.
67998 cr points
Send Message: Send PM GB Post
M / 483 miles from "T...
Offline
Posted 2/24/17 , edited 2/25/17
No sweat! I have a book a passwords and a special way to decipher them. And anytime I fill out any security questions, they are never the same "favorites" or dog names, or maiden names.
So If I do get hacked, they won't get very far...lol
1793 cr points
Send Message: Send PM GB Post
31 / M / Azeroth
Offline
Posted 2/24/17 , edited 2/25/17

Bankshot wrote:

No sweat! I have a book a passwords and a special way to decipher them. And anytime I fill out any security questions, they are never the same "favorites" or dog names, or maiden names.
So If I do get hacked, they won't get very far...lol


Problem isn't password per se in this leak, problem is potentially all traffic could be exposed. So forum data. Like ur sex messages to ur GF. Or nude pictures. Or maybe CC numbers. The like...
67998 cr points
Send Message: Send PM GB Post
M / 483 miles from "T...
Offline
Posted 2/24/17 , edited 2/25/17

TheGrandAlliance wrote:


Bankshot wrote:

No sweat! I have a book a passwords and a special way to decipher them. And anytime I fill out any security questions, they are never the same "favorites" or dog names, or maiden names.
So If I do get hacked, they won't get very far...lol


Problem isn't password per se in this leak, problem is potentially all traffic could be exposed. So forum data. Like ur sex messages to ur GF. Or nude pictures. Or maybe CC numbers. The like...


Eh...Well, still not a problem. I live a pretty GP life, no sexting, no pictures, not even dirty jokes. If they think they can hang my computer full of loli's over me unless I give them the nuclear codes, they will be waiting a long time...
Ah, make that PG life...
1461 cr points
Send Message: Send PM GB Post
36 / M
Offline
Posted 2/25/17
That's good, considering how often cloudflare screws up and i can't access CR for hours (or one time almost a full day)
6235 cr points
Send Message: Send PM GB Post
28 / M / Norway
Offline
Posted 2/25/17
I changed it anyway. Better safe than sorry.
36398 cr points
Send Message: Send PM GB Post
38 / F / Seireitei, Soul S...
Online
Posted 2/25/17 , edited 2/26/17
I'm having trouble with the site today, more so than a normal Saturday. I've tried to watch four different shows now, Blue Exorcist (the first season), Iron Blooded Orphans, RWBY and My Love Story!!, and the only video I could get to play was the My Love Story!! one, and even when I did it was skipping. I have a fast internet connection and normally everything plays just fine and pages on the site load quickly. However, today I'm having trouble with even the pages just loading. I know that on most weekends lately the site's been slow at loading, but it hasn't been this slow yet. And this is the error message that I keep getting when I get an error message page:



So my question is: Is Cloudflare just messing up like it normally messes up, just more severe than normally, or is this related to the leak that it had and Crunchyroll spoke too soon about being affected? Would be nice to get an update on it.

*Edited to finally show the picture of the screenshot I got of the error message. For some reason it wasn't working before because it was adding a dollar $ sign to the picture name at the beginning of it, but I figured it out and removed it. That's never happened to me before, and it kept doing it every time I uploaded the picture into the post, without me adding anything to the picture name. Another Cloudflare issue? I actually tried uploading a few pictures into this post to see what happened with the name, and all of them did that, added the dollar $ sign before the numbers for the picture name.
First  Prev  1  2  Next  Last
You must be logged in to post.