[Spoon]

Someone on a slack I visit linked this, and I was wondering if HLP could in any shape or form have been affected by this?
https://github.com/pirate/sites-using-cloudflare
Most of this is stuff I won't really pretend to understand, so I figured someone with a bit more knowhow about the subject could say something more meaningful

[Phantom Hoover]

What I'm hearing is "change every password you've ever used on a Cloudflare site", which in practice might as well be "change all your passwords on every website that hasn't explicitly been called safe". The severity of this leak is totally unprecedented in the history of network security in terms of the amount of potentially-compromised data. Literally any data that you sent through Cloudflare in the last several months may have ended up publicly displayed on someone's broken Chinese news website.

[Spoon]

hard-light.net is on the list of known domains affected

Reminder that there are inactive admin accounts that could pose a serious security risk here.

[mjn.mixael]

I'm so...tired... of having to change passwords across all sites every few weeks because of this crap. I take the given advice and use different passwords on just about every site.. but a leak like this? **** all that matters.

[Spoon]

^Agreed so much^

[X3N0-Life-Form]

^ Triple agreed ^

If that **** is as bad as it looks, it means I gotta change at least 3/4 of my passwords, awesome ...

[Zacam]

So, full stop here.

As of at least 3 hours ago, CloudFlare has certified/asserted that HLP as a domain has not been or had its traffic compromised in any way as a result of this vulnerability.

They are continuing with validating and monitoring for if that changes, and if it does, I'll be notified.

[chief1983]

But I hope you guys aren't using the same password here as anywhere else as we aren't using SSL for logins.  Your plaintext pass is already all over the tubes.

[Mongoose]

Is it bad that even with news like this I can't really summon the energy to go through and make my personal practices more secure?  Like, it's ridiculous enough even trying to keep track of passwords I've used in multiple places as-is, and my browser's list of saved passwords is long enough to substantially warp local space-time.  It's getting to the point where it doesn't seem humanly possible to keep everything straight, unless I go the dad route and put sticky notes around my monitor.

[jr2]

Is it bad that even with news like this I can't really summon the energy to go through and make my personal practices more secure?  Like, it's ridiculous enough even trying to keep track of passwords I've used in multiple places as-is, and my browser's list of saved passwords is long enough to substantially warp local space-time.  It's getting to the point where it doesn't seem humanly possible to keep everything straight, unless I go the dad route and put sticky notes around my monitor.

Same here.

[Spoon]

Maybe consider using a password manager in that case?
(I dont use them myself, I've got no recommendations)

[jr2]

Maybe consider using a password manager in that case?
(I dont use them myself, I've got no recommendations)

I don't either, but: http://www.tomsguide.com/us/best-password-managers,review-3785.html

[karajorma]

I use last pass and I haven't ever wanted to go back since I started. It does cost a bit if you want multiple devices though. - Apparently they changed that. So now there's no real excuse not to use a password manager of some sort. 

[rev_posix]

I use last pass and I haven't ever wanted to go back since I started. It does cost a bit if you want multiple devices though.

Not any more.

https://lastpass.com

Free:
    Access on all devices Now Free
    Save & fill passwords
    Password generator
    Secure notes
    Share passwords & notes
    Security challenge
    Two-factor authentication (2FA)


Premium $1 /month, billed yearly

Premium includes
Everything in Free, plus:

    Shared family folder - up to 5 users
    YubiKey & Sesame 2FA options
    Priority tech support
    LastPass for applications
    Desktop fingerprint identification
    1GB of encrypted file storage

[Mongoose]

Hmm...I've been a bit wary of the concept of password managers in the past, but it might be worth giving it a shot.  Provided the extension plays nice on Pale Moon, anyway.

[rev_posix]

Hmm...I've been a bit wary of the concept of password managers in the past, but it might be worth giving it a shot.  Provided the extension plays nice on Pale Moon, anyway.

Unfortunately it doesn't.

The firefox plugin is an SDK/jetpack extension which isn't supported under the current palemoon build (27.1.1.1).

I've not looked to see if there is a way to get it working yet

EDIT:  From the palemoon forum:

The latest version of Lastpass (from lastpass.com, not the AMO) works fine if installed with Moon Tester Tool.

You need to download it with wget since hitting the "download" button doesn't actually download it, it tries to install it (which fails because it needs to be installed with Moon Tester Tool)

Code: Select all
 wget https://lastpass.com/lastpassffx/xpi.php -O lpffx.xpi

EDITEDIT:  And it does seem to work when doing it this way.  Moon Tester Tool is it's own add-on from the pale moon project page.

[mjn.mixael]

I tried password managers.. none of them were particularly graceful on mobile devices...

[karajorma]

Well compared with the alternative of reusing the same password, Lastpass isn't bad. Hell, it will even automatically fill in the password for you. Plus the other advantage is that you can have ridiculously long passwords for things. I routinely use 50 character passwords for most websites now. Even ones I don't particularly care about.

[The E]

topical video