Yang pakai CloudFlare + Wordpress W3TC Harap Reset API Key !!!

[voezie]

Sumber: Twitter

Saran dari CloudFlare

CloudFlareStatus ‏@CloudFlareSys
Client API keys have been reset for security. Login to CloudFlare and click on Account to regenerate. This affects WordPress W3TC users.

Hal ini karena ada claim dari UGNazi yang dapat mengakses server CloudFlare

Sumber : http://twitter.com/#!/CosmoTheGod

Cosmo ‏@CosmoTheGod
We have gained full access into cloudflare's server and obtained the database, http://4chan.org #defaced #UGNazi @eastdakota

Tambahan:

Silahkan update juga plugin CloudFlare untuk Wordpress yang terbaru di http://wordpress.org/extend/plugins/cloudflare/

 

[voezie]

Pernyataan CloudFlare di Blog nya Post Mortem: Today's Attack; Apparent Google Apps/Gmail Vulnerability; and How to Protect Yourself - CloudFlare blog

[h=2]Post Mortem: Today's Attack; Apparent Google Apps/Gmail Vulnerability; and How to Protect Yourself[/h]
June 1, 2012This morning a hacker was able to access a customer's account on CloudFlare and change that customer's DNS records. The attack was the result a compromise of Google's account security procedures that allowed the hacker to eventually access to my CloudFlare.com email addresses, which runs on Google Apps. While we are still working with Google to investigate the details, we wanted to highlight it here to make people aware that they too may be vulnerable to similar attacks and provide a full accounting of what happened.
Hack a Long Time Coming
This attack appears to have begun in mid-May. It appears an account request was sent to Gmail for my personal email address. Google's procedure asks for a number of questions to attempt to verify account ownership. We're not clear on how the process works, but it appears that weeks after the process was initiated, the hacker somehow convinced Google's account recovery systems to add a fraudulent recovery email address to my personal Gmail account. The password used on my personal Gmail account was 20+ characters long, highly random, and not used by me on any other services so it's unlikely it was dictionary attacked or guessed.
Once the recovery email address was added, the hacker could then reinitiate the password recovery process and get reset instructions sent to the fraudulent email address. Those instructions were then used to reset my personal email this morning.
Google Apps and Privilege Escalation
Like thousands of other companies, CloudFlare uses Google Apps for email. When we first established CloudFlare.com's email address, I listed my personal email address as a recovery email for my account. The hacker was able to use Google's password recovery and have the password reset sent to my personal email for my CloudFlare.com address. Surprisingly, all CloudFlare.com accounts use two-factor authentication. We are still working with Google to understand how the hacker was able to reset the password without providing a valid two-factor authentication token.
Once the attacker had access to my CloudFlare.com email account, the hacker was able to access our Google Apps administrative panel. The hacker appears to have targeted a particular customer, and initiated a password reset request for the customer's CloudFlare.com account. We sent a copy of these requests to an administrative email account for debugging purposes and, ironically, to watch for invalid password reset requests. The hacker was able to access this account in Google Apps and verify the password reset. At that point, the attacker was able to log into the customer's CloudFlare account and change DNS settings to temporarily redirect the site.
Working With Google to Resolve
We were aware of the incident immediately. We have senior contacts at Google who we worked with in order to regain control of the Google Apps accounts (both my personal Gmail account and my CloudFlare.com account). We were able to revert the change to the customer's account. We manually reviewed all other password reset requests and DNS changes. There were no other CloudFlare.com accounts that were accessed or altered.
To ensure that no other accounts can be compromised, we have invalidated all the password reset logs. We have also removed copies of password reset requests from being set to any administrative email accounts in case our Google Apps account is compromised in the future. From our investigations, it appears that at no time was our database accessed or any additional client data exposed. It appears this was, in effect, a very elaborate and sophisticated attack targeting one particular customer's login information.
Protecting Yourself
My personal email address has been removed from any association with CloudFlare. I've also added two-factor authentication to my personal Gmail account -- something that this incident highlights the importance of. I would recommend if you are using Gmail or Google apps, you take the following steps as soon as possible:

• Add two-factor authentication to your account by following the steps here;
• Ensure your password on your email account is extremely strong and not used on any other services; and
• Change any password recovery email to an account that you do not use for anything else and cannot easily be guessed by a determined hacker.

The final puzzle we don't yet know the answer to is how the hacker was able to bypass Google's two-factor authentication on CloudFlare.com email address. That is troubling. That should have prevented this attack, even if the attacker had the password, so it remains concerning to us that it did not. We are working with Google to understand how two-factor authentication was disabled. As we learn more, we'll update this post.

 

[Adhie]

wow,, kalang kabut cloudflare.

Anonymous lewat,
UGnazi lebih menggunakan motto "Talk Less, Do More" dari pada Anonymous.

Anonymous mengancam nyerang FB, tp sampai sekarang FB masih aman terkendali (maaf, oot)

 

[PusatHosting]

haduh kelas berat ini dan ternyata episode terus berlanjut.

 

[voezie]

haduh kelas berat ini dan ternyata episode terus berlanjut.

makanya saya pantau terus update nya klo lengah sedikit bisa jadi korban lah kita...