Find us at SXSW, where Robert will be speaking on a panel: Connected Cities, Hackable Streets.
In cities around the world, street lights, public transit systems, and electric meters are already connected to the internet. Soon, smartphone controlled, self-driving cars will roam cities and every part of the urban fabric could be Wi-Fi enabled. While tomorrow’s smart cities will usher in efficiencies and convenience, they’ll also bring about security threats and vulnerabilities. Hackers have already demonstrated they can remotely take over cars and switch off traffic lights. So, how can urban planners and engineers build cities of the future that are resilient enough to guard against cunning criminal hackers who may want to bring Singapore or San Francisco to a grinding halt?
Featuring: Tom Cross, Drawbridge Networks; Robert Hansen, founder of OutsideIntel. Moderated by Nadya Bliss, Global Security Initiative, Arizona State University. JW Marriott Salon 6. 12:30 – 1:30 p.m.
Read Full Article
Online asset management firm OutsideIntel estimated that that over 5.3 million domains were potentially exposed to the issue. The site has a link to a master list of potentially exposed sites.
According to Robert Hansen, posting at OutsideIntel, the vulnerability potentially affects more than 5 million sites including such popular sites as FitBit and OkCupid. The bug was active from February 13 to February 18. During that period, one out in 3.3 million HTTP requests made through Cloudflare may have leaked data.
Read the Full Article
With the recent findings by Google’s Project Zero with regard to sites hosted at Cloudflare being vulnerable to an attack dubbed Cloudbleed, there has been a lot of talk about which sites might be in scope for this attack and which users of those sites should be concerned. This has widespread implications for passwords, secret questions/answers, credit cards, API keys, etc.
People have been helpfully attempting to find the total list of domains that are in scope since it wouldn’t behoove Cloudflare to out their customer list. For instance this Github page lists 4,288,852 Cloudflare sites that are potentially in scope.
Using OutsideIntel I was able to uncover that same number plus an additional 1,030,501 sites that are potentially in scope. In total that comes to 5,319,353 domains (about a 24% increase).
You can download the master list here (27M gzip compressed format). It contains both lists de-duped into one master list. If you are running a Linux derivative you can check the sites you are interested in by doing something like:
$ egrep -Z "\.tanium\.com$" cloudflare-list.txt.gz
I hope that’s helpful! Please change your passwords, secret questions and answers, API keys, etc. for any sites you deal with within this list, just to be safe.
Want to learn more about your IT assets, or those of your competitors, customers, vendors, partners, etc? Click here to get access to OutsideIntel.