Does anyone know about ZenDesk?

wkleem
wkleem
Community Member

I may have been affected by Cloudflare indirectly, as a a user of various sites that use ZenDesk as its support site. Presumably, I should change password for all affected sites?

Most of those sites I visit infrequently.

https://support.zendesk.com/hc/en-us/articles/115003535408-2017-02-24-Security-Advisory-Cloudflare-HTTPS-Traffic-Leak?preview=true%23articles

As far as I can tell, there is no way to cumitatively look at the all the affected sites and I will have to attempt to remember which sites use what support software.

Not a 1Password question per se, but Agilebits does use Cloudflare but was found to be unaffected?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @wkleem: Good observation. You're right that some companies use different services behind the scenes which may have been affected by the Cloudflare vulnerability. Unfortunately the only way to know for certain is if they let their customers know. If you do get notifications from companies about accounts that we haven't added to Watchtower yet, please let us know so we can do so.

    And while we use Cloudflare for 1Password.com, our customers (and frankly us, as users ourselves) were not affected since we're not relying on the transit layer for our security.

  • wkleem
    wkleem
    Community Member

    @brenty

    None of the affected Cloudflare sites have let me know or have indicated on their site that they are affected. It's either I am unaffected or it's sloppy customer service :)

    One site, Mayer is using Cloudflare but is still on Http! for its main landing site.
    mayer.sg/

  • wkleem
    wkleem
    Community Member

    Agilebits may want to flag the above site? How do I check the security of a site?

  • DanielP
    DanielP
    1Password Alumni

    Hey @wkleem

    You can use the Watchtower feature to be alerted when a website is suspected to have been compromised. With regards to the site you mentioned, if it doesn't come with an HTTPS version, that has to be considered inherently insecure, so I am not sure there is much we can do in that respect. 1Password will warn you when you try to fill credentials on an unsecure webpage though, which is a very useful feature in this case.

  • wkleem
    wkleem
    Community Member
    edited March 2017

    I am not seeing Watchtower yet in 1Password 6 for Windows or Teams? Perhaps I have missed something?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @wkleem: We're testing a basic version of it in an internal build of the new 1Password 6 Windows desktop app. We're hoping to release a new public beta soon. :)

  • wkleem
    wkleem
    Community Member

    @brenty, I am on the stable channel.

  • AGAlumB
    AGAlumB
    1Password Alumni

    No worries! We'll have a new stable version for you after that. Cheers! :)

This discussion has been closed.