Cloudflare bug = **possible** password leaks (glowforge.com + makezine.com + thingiverse.com + 4,000,000+ other sites possibly effected)


#1

These things are frequently overblown, but it’s also probably worth knowing about.

The full list of possibly effected sites is apparently more than 4 million long. Linked below is a site with the full list, a “notable” list, and a list generated by cross-referencing against Alexa’s top 10,000 sites. I read the cross-referenced list to look for sites I have accounts with; it took a while, but I’m glad I did.

Makezine.com and thingiverse.com are the only two that jumped out at me as sites that Glowforgers might also have accounts with, but if you find more please post them below.

Oh, wait… damn.

glowforge.com is in the list of possibly effected sites


  • CNCZone.com is on there too.
  • formlabs.com (use the “forgot your password” option to change it, also, since the “log out” button/link doesn’t seem to function, use a private browser window to gain access to the “forgot your password” option)
  • shapertools.com (use the “forgot your password” option to change it)

Cloudbleed security question
#2

Page to change your Glowforge password…
https://glowforge.com/account


#3

Another reason why users should NOT use the same password across multiple accounts.

It is a pain in the a** to have separate passwords, but something like LastPass makes password management across multiple devices very tolerable.


#4

Very true, using a password manager can be very helpful! 2-Factor-Authentication is good too, when available, except it usually means giving the site your phone number (which I hate doing).

A related/topical Engadget/Wirecutter article…

One of the managers on the list, 1Password, is apparently a site possibly effected by this bug, though it seems that they’re saying that they actually weren’t effected.


#5

Good to know. I use 1Password and have been pretty happy with it. They’re pretty proactive about things.


#6

"came down to a typo in the code that caused a buffer overrun"
One serious downside about being a programmer is knowing how really easy it is to make stupid errors which can have nasty consequences, and knowing how much really ugly/bad/sloppy horrible code is out there doing important things. scary.