Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Cloudflare "hacked"

Cloudflare "hacked"

SpencerSpencer Member
edited June 2012 in General

Today cloudflare e-mail was hacked. And the hacker got access to cloudflare. Interesting. http://blog.cloudflare.com/post-mortem-todays-attack-apparent-google-app

Thanked by 1Amfy

Comments

  • JackJack Member

    LOL

  • subigosubigo Member

    @Jack said: LOL

    Agreed. Cloudflare is all hype and ran by hacks.

  • JarJar Member
    edited June 2012

    TL;DR version: Gmail is a potential point of failure. Why oh why do people keep trusting free services like this for such vital tasks? Save me the speech about how google apps for business isn't necessarily free, it's still a product that any home user is familiar with and easy to exploit. Minor changes, same basic product. Like a mail server is that hard to run.

    Oh well, these people just keep reminding us all not to make rookie mistakes. Hindsight is 20/20, and we're all benefiting from that.

  • At least they write a detailed post and keep their users updated.

    cough WHMCS cough

    Proud member of the VPS Collectors Club

  • One more step I'd add to their list is "do not use any correct answers to account verification questions". I use random strings for things like mother's maiden name and the name of my high school mascot and such...

    My Advice: : VPS Advice | My Blog: : raindog308.com
    Thanked by 1marrco
  • VictorVictor Member

    Hmm, bypassed Google's 2 Factor Authentication? That's a troubling thought, hope that's not how they got in. :|

    FiberVolt | Quality Los Angeles & Chicago Virtual Servers - http://fibervolt.com

    Thanked by 2netomx klikli
  • I added 2-factor auth to my Gmail account specifically because it was hacked in 2010. I had a relatively strong password at the time. It was 16 characters and a combo of letters, numbers and non-alphanumeric characters. Considering I'm not a valuable target to anybody, I doubt they spent time to brute force my password. I have always suspected it was a security vulnerability in Gmail that compromised my account, and if that's the case, they could bypass 2-factor auth as well. This pretty much proves it in my mind. Google started heavily promoting 2-factor auth in 2010 when LOTS of Gmail accounts were being hacked. It's their security theater.

  • yomeroyomero Member

    @BuzzPoet The same CRAP happened to me u_u Is sad, and a shame :S

  • Social Engineering yet again,

    The Original Daniel.

  • VictorVictor Member
    edited June 2012

    @BuzzPoet: My personal gmail was hacked back then as well, and I could never figure out how they did it. I enabled 2fa straight after I got it back.

    FiberVolt | Quality Los Angeles & Chicago Virtual Servers - http://fibervolt.com

  • gianggiang Member

    Maybe you guys had keylogger on your computer? Or your 10 emergency keycodes have been leaked? :D

  • KairusKairus Member

    I had a keylogger on my machine a few years ago and lost a gmail account because of it. Tried to recover it and google support was pretty crappy. The stupid thing is that you can change your security questions and backup e-mail addresses in GMail whenever you want. It was my fault for getting the keylogger, but I still feel like I should have been able to recover my account...

  • VictorVictor Member

    Doubt it was a keylogger, I ran scans straight after and tripled check everything, regardless, I got my account back through recovery email 1 hour later.

    FiberVolt | Quality Los Angeles & Chicago Virtual Servers - http://fibervolt.com

  • nabonabo Member

    That's one of the reasons I don't use Google for mail. It's just a too big target.

    "Kids, you tried your best and failed miserably. The lesson learned is: never try."

  • @nabo said: That's one of the reasons I don't use Google for mail. It's just a too big target.

    I would say that Google Mail is far more secure (in terms of hacker attacks) than anything you (or me) could set up. As long as you use 2-factor-authorization, random answers to the security questions and a secure backup mail address you should be fine.

  • nabonabo Member

    @gsrdgrdghd said: Google Mail is far more secure (in terms of hacker attacks) than anything you (or me) could set up

    That's why I don't set-up a mailserver but pay someone to do so ;-)

    "Kids, you tried your best and failed miserably. The lesson learned is: never try."

Sign In or Register to comment.