Announcement Possible site security breach related to Cloudflare

[Amin]

Our site was one of many thousands of sites using Cloudflare, which recently disclosed a serious security breach that Cloudflare is suggesting affected a very small percentage of their sites.

More information here:

Incident report on memory leak caused by Cloudflare parser bug
Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster

I do not have any specific information to suggest that our site was directly involved. Cloudflare has said that they will notify owners of affected domains, and I have not received a notification. but as a precaution, it would be a good idea for all members to take the following steps:

• Change your password on this site as well as any other site which uses the same password.
• Avoid using the same password across multiple sites, especially ones which require the highest security (email, banking, etc).
• Use two-factor authentication on the sites which require high security. We offer two-factor authentication as an option on this site.

In order to further enhance security for our members, we will no longer require date of birth entry at registration, and I've purged all date of birth info from our database. Members can still choose to enter this information in their profile, but I'd advise against it.

 

[carlb]

Thanks, Amin. I'm going to have to get serious about my password management. Not the worst, but not best practices, heh.

 

[Brian]

I've made a living for a long time finding mistakes in other people's code. If anyone has seen "Hidden Figures", I've worked with code from the IBM 7090 and the predecessor IBM 704. In 1981 I found a mistake that had been made in the early 1960s. In an Atomic Structure Analysis code.

This was a novice level mistake.

Makes you wonder how many other mistakes have not been discovered by the vendor.

 

[Amin]

Fwiw, we are no longer using Cloudflare (for reasons unrelated to this "memory leak").