Comment by rdl
8 years ago
3438 domains which someone could have queried, but potentially data from any site which had "recently" passed through Cloudflare would be exposed in response, right? Purging those results helps with search engines, but a hypothetical malicious secret crawler would still potentially have any data from any site.
It doesn't have to be a secret crawler. Just one that wasn't contacted by cloudflare (I didn't see any non-US search providers mentioned).
In other words, Baidu are currently sitting on a treasure trove of keys and passwords.
Possibly not, Baidu and CloudFlare have a well-documented long-term partnership.
10 replies →
+Yandex
I wonder if archive.org or archive.is have anything cached...
archive.is was red, meaning it uses Cloudflare....
www.doesitusecloudflare.com
4 replies →
correct
Have you asked them for an eta on your shirt?
You know a company isn't serious about security when their top security bounty is a t-shirt. Instagram has a better policy, for God's sake.
4 replies →
fuck :(
Indeed, this is the point in the comment thread where you get the feeling the internet is broken.
12 replies →
Which means any user who has used any service which uses CloudFlare, right? At least in theory.
11 replies →
It may seem like a nightmare Internet data security scenario, but it looks like Tavis is going to get a free t-shirt out of the deal, so let's just call it a wash.