HACKINTOSH.ORG | Macintosh discussion forums

Macintosh News => Apple News => Topic started by: HCK on March 01, 2017, 04:05:14 pm



Title: Cloudflare data leakage doesn’t reveal 1Password secrets
Post by: HCK on March 01, 2017, 04:05:14 pm
Cloudflare data leakage doesn’t reveal 1Password secrets

<article>
   <section class="page">
<p>
Researchers discovered just a few days ago that the content-distribution network (CDN) Cloudflare sometimes returned garbled Web pages that could contain private and secret information instead of the cached data that it was supposed to. CDNs speed up the Web by allowing sites to push pages and media to Internet nodes closer to a user requesting them. (PCWorld has the full story (http://www.pcworld.com/article/3173861/security/cloudflare-bug-exposed-passwords-other-sensitive-data-from-websites.html).)</p><p>
Among the sites mentioned by Tavis Ormandy, a Google Project Zero security researcher who uncovered the fault (https://bugs.chromium.org/p/project-zero/issues/detail?id=1139), was AgileBit’s 1Password.com, though Ormandy referred to it just as “1Password.” AgileBits’ 1Password password and data safe apps can be used as standalone products, synced via Dropbox and other methods, or linked to paid accounts at 1Password.com for business and family purposes to share passwords, documents, and other data. (Macworld has contacted Ormandy for clarification.)</p><p class="jumpTag"><a href="/article/3174226/security/cloudflare-data-leakage-doesnt-reveal-1password-secrets.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>

Source: Cloudflare data leakage doesn’t reveal 1Password secrets (http://www.macworld.com/article/3174226/security/cloudflare-data-leakage-doesnt-reveal-1password-secrets.html#tk.rss_all)