Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Cloudflare "hacked"
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Cloudflare "hacked"

SpencerSpencer Member
edited June 2012 in General

Today cloudflare e-mail was hacked. And the hacker got access to cloudflare. Interesting.
http://blog.cloudflare.com/post-mortem-todays-attack-apparent-google-app

Thanked by 1Amfy

Comments

  • subigosubigo Member

    @Jack said: LOL

    Agreed. Cloudflare is all hype and ran by hacks.

  • jarjar Patron Provider, Top Host, Veteran
    edited June 2012

    TL;DR version: Gmail is a potential point of failure. Why oh why do people keep trusting free services like this for such vital tasks? Save me the speech about how google apps for business isn't necessarily free, it's still a product that any home user is familiar with and easy to exploit. Minor changes, same basic product. Like a mail server is that hard to run.

    Oh well, these people just keep reminding us all not to make rookie mistakes. Hindsight is 20/20, and we're all benefiting from that.

  • At least they write a detailed post and keep their users updated.

    cough WHMCS cough

  • raindog308raindog308 Administrator, Veteran

    One more step I'd add to their list is "do not use any correct answers to account verification questions". I use random strings for things like mother's maiden name and the name of my high school mascot and such...

    Thanked by 1marrco
  • VictorVictor Member

    Hmm, bypassed Google's 2 Factor Authentication? That's a troubling thought, hope that's not how they got in. :|

    Thanked by 2netomx klikli
  • I added 2-factor auth to my Gmail account specifically because it was hacked in 2010. I had a relatively strong password at the time. It was 16 characters and a combo of letters, numbers and non-alphanumeric characters. Considering I'm not a valuable target to anybody, I doubt they spent time to brute force my password. I have always suspected it was a security vulnerability in Gmail that compromised my account, and if that's the case, they could bypass 2-factor auth as well. This pretty much proves it in my mind. Google started heavily promoting 2-factor auth in 2010 when LOTS of Gmail accounts were being hacked. It's their security theater.

  • yomeroyomero Member

    @BuzzPoet
    The same CRAP happened to me u_u
    Is sad, and a shame :S

  • Social Engineering yet again,

  • VictorVictor Member
    edited June 2012

    @BuzzPoet: My personal gmail was hacked back then as well, and I could never figure out how they did it. I enabled 2fa straight after I got it back.

  • gianggiang Veteran

    Maybe you guys had keylogger on your computer? Or your 10 emergency keycodes have been leaked? :D

  • KairusKairus Member

    I had a keylogger on my machine a few years ago and lost a gmail account because of it. Tried to recover it and google support was pretty crappy. The stupid thing is that you can change your security questions and backup e-mail addresses in GMail whenever you want. It was my fault for getting the keylogger, but I still feel like I should have been able to recover my account...

  • VictorVictor Member

    Doubt it was a keylogger, I ran scans straight after and tripled check everything, regardless, I got my account back through recovery email 1 hour later.

  • nabonabo Member

    That's one of the reasons I don't use Google for mail. It's just a too big target.

  • @nabo said: That's one of the reasons I don't use Google for mail. It's just a too big target.

    I would say that Google Mail is far more secure (in terms of hacker attacks) than anything you (or me) could set up. As long as you use 2-factor-authorization, random answers to the security questions and a secure backup mail address you should be fine.

  • nabonabo Member

    @gsrdgrdghd said: Google Mail is far more secure (in terms of hacker attacks) than anything you (or me) could set up

    That's why I don't set-up a mailserver but pay someone to do so ;-)

Sign In or Register to comment.