home | log | search | bash | wiki


Transcript for 24-02-2017, 4 lines:

00:00:12 punkman: "We've discovered (and purged) cached pages that contain private messages from well-known services, PII from major sites that use cloudflare, and even plaintext API requests from a popular password manager that were sent over https"

00:00:24 punkman: "The examples we're finding are so bad, I cancelled some weekend plans to go into the office on Sunday to help build some tools to cleanup. I've informed cloudflare what I'm working on. I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We're talking full https requests,

00:00:25 punkman: client IP addresses, full responses, cookies, passwords, keys, data, everything."

00:02:14 punkman: "Cloudflare pointed out their bug bounty program, but I noticed it has a top-tier reward of a t-shirt. "