home | log | search | bash |


Transcript for 24-02-2017, 28 lines:

00:00:12 punkman: "We've discovered (and purged) cached pages that contain private messages from well-known services, PII from major sites that use cloudflare, and even plaintext API requests from a popular password manager that were sent over https"

00:00:24 punkman: "The examples we're finding are so bad, I cancelled some weekend plans to go into the office on Sunday to help build some tools to cleanup. I've informed cloudflare what I'm working on. I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We're talking full https requests,

00:00:25 punkman: client IP addresses, full responses, cookies, passwords, keys, data, everything."

00:02:14 punkman: "Cloudflare pointed out their bug bounty program, but I noticed it has a top-tier reward of a t-shirt. "

03:23:27 punkman: https://www.nytimes.com/2017/02/23/world/asia/kim-jong-nam-vx-nerve-agent-.html

03:23:29 assbot: Log In - New York Times ... ( http://bit.ly/2lLGUjw )

03:25:21 asciilifeform: was my though also. chick probably fed pralidoxime ahead of the deed.

03:27:53 punkman: they could just let her die along with the old man

05:33:11 kakobrekla: somebody wake up alf to remind me that if some crackpot konspiraci theories are real it meas all of them are

05:42:08 punkman: in other lulz https://motherboard.vice.com/en_us/article/a-fake-dark-web-hitman-site-is-linked-to-a-real-murder

05:42:09 assbot: A Fake Dark Web Hitman Site is Linked to a Real Murder - Motherboard ... ( http://bit.ly/2lM1gcP )

05:43:52 punkman: "during a forensic examination of Stephen's devices, officers found a deleted backup file of an identical bitcoin address sent by Dogdaygod to Besa Mafia."

05:56:03 kakobrekla: anyway nice find punkman re CF

08:15:06 punkman: kakobrekla: https://www.google.com/search?q=%22CF-Host-Origin-IP:%22+%22authorization:%22

08:15:07 assbot: "CF-Host-Origin-IP:" "authorization:" - Recherche Google ... ( http://bit.ly/2lgg5Bh )

08:15:46 kakobrekla: l0l

08:16:43 kakobrekla: not much there

08:18:26 punkman: possibly happening since september 2016

10:47:33 Framedragger: "Cloudflare told me that they couldn't make Tuesday due to more data they found that needs to be purged. They then told me Wednesday, but in a later reply started saying Thursday."

10:48:40 Framedragger: cloud "leaking private data to worldwide caches" motherfuckin' flare.

10:49:10 Framedragger: great attitudes there.

10:51:47 Framedragger: as mentioned on HN, while google may have removed the sensitiv results, yandex/baidu may not have. a nice adventure quest right there :)

12:57:17 kakobrekla: Framedragger, post if you find anything interesting

14:15:42 punkman: ^ Common Crawl has public dumps, I bet they'll have a bunch of em

16:00:16 punkman: https://medium.com/incerto/surgeons-should-notlook-like-surgeons-23b0e2cf6d52

16:00:17 assbot: Surgeons Should Not Look Like Surgeons – INCERTO – Medium ... ( http://bit.ly/2lhFp9U )

16:39:09 Framedragger: this one's a nice one.

17:39:06 Framedragger: (something not too characteristic for his articles: quite a few typos / redundant words; wonder if he's just illustrating what he meant; i guess the point is that it shouldn't matter, and it doesn't matter)