New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Cloudflare "hacked"
Today cloudflare e-mail was hacked. And the hacker got access to cloudflare. Interesting.
http://blog.cloudflare.com/post-mortem-todays-attack-apparent-google-app
Thanked by 1Amfy
Comments
Agreed. Cloudflare is all hype and ran by hacks.
TL;DR version: Gmail is a potential point of failure. Why oh why do people keep trusting free services like this for such vital tasks? Save me the speech about how google apps for business isn't necessarily free, it's still a product that any home user is familiar with and easy to exploit. Minor changes, same basic product. Like a mail server is that hard to run.
Oh well, these people just keep reminding us all not to make rookie mistakes. Hindsight is 20/20, and we're all benefiting from that.
At least they write a detailed post and keep their users updated.
cough WHMCS cough
One more step I'd add to their list is "do not use any correct answers to account verification questions". I use random strings for things like mother's maiden name and the name of my high school mascot and such...
Hmm, bypassed Google's 2 Factor Authentication? That's a troubling thought, hope that's not how they got in.
I added 2-factor auth to my Gmail account specifically because it was hacked in 2010. I had a relatively strong password at the time. It was 16 characters and a combo of letters, numbers and non-alphanumeric characters. Considering I'm not a valuable target to anybody, I doubt they spent time to brute force my password. I have always suspected it was a security vulnerability in Gmail that compromised my account, and if that's the case, they could bypass 2-factor auth as well. This pretty much proves it in my mind. Google started heavily promoting 2-factor auth in 2010 when LOTS of Gmail accounts were being hacked. It's their security theater.
@BuzzPoet
The same CRAP happened to me u_u
Is sad, and a shame :S
Social Engineering yet again,
@BuzzPoet: My personal gmail was hacked back then as well, and I could never figure out how they did it. I enabled 2fa straight after I got it back.
Maybe you guys had keylogger on your computer? Or your 10 emergency keycodes have been leaked?
I had a keylogger on my machine a few years ago and lost a gmail account because of it. Tried to recover it and google support was pretty crappy. The stupid thing is that you can change your security questions and backup e-mail addresses in GMail whenever you want. It was my fault for getting the keylogger, but I still feel like I should have been able to recover my account...
Doubt it was a keylogger, I ran scans straight after and tripled check everything, regardless, I got my account back through recovery email 1 hour later.
That's one of the reasons I don't use Google for mail. It's just a too big target.
I would say that Google Mail is far more secure (in terms of hacker attacks) than anything you (or me) could set up. As long as you use 2-factor-authorization, random answers to the security questions and a secure backup mail address you should be fine.
That's why I don't set-up a mailserver but pay someone to do so ;-)