Is it possible that server private HTTPS keys were leaked in the uninitialized data? Will @cloudflare do a SSL key flush / replace?
-
-
-
We don't think so, just the contents of HTTPS sessions.
End of conversation
New conversation -
-
-
Yes, we recovered and purged cached 1Password api data.
-
this contradicts the avelanche of statements from
@1Password in response to this issue. - 3 more replies
New conversation -
-
-
I know you do not have to do this but we would appreciate a heads-up before a post like this. Our phones, twitter, DMs are on fire.
-
Tavis’s bug doesn’t mention you by name. He couldn’t realistically notify every customer of Cloudflare.
End of conversation
New conversation -
-
-
hmm anything to worry about
@1Password? -
Nothing to worry about here. I got your back:https://blog.agilebits.com/2017/02/23/three-layers-of-encryption-keeps-you-safe-when-ssltls-fails/ …
- 3 more replies
New conversation -
-
-
.
@taviso So.. Cloudflare is actively MITM:ing HTTPS traffic of its customers and modifying it with buggy parsers? Insane. -
that's like the main feature of CF. It's supposed to be easy for users who don't know about HTTPS and stuff to be "secured"
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.