Is 1Password.com still using Cloudflare?
1Password Version: Not ProvidedExtension Version: Not ProvidedOS Version: Not ProvidedSync Type: Not Provided
@ohreally: We use CloudFlare for some services, yes. Is there something in particular you were asking about?
@ohreally: Just a follow up here after verifying with the team. Apparently I tend to confuse "CloudFlare" and "CloudFront", as I used the former rather than the latter at least once just then. We are using CloudFront (and CacheFly) for hosting some content (images, for example), but are not using CloudFlare. If there's more context let me know and I'll be happy to clarify.
@wkleem: Yep. We had previously used CloudFlare for some services, which, coupled with my confusion with Cloud Front, resulted in my first comment here. Way to rub it in!
I ask because Tavis Ormandy seems to think otherwise
You can find our response here:
Ah, indeed. Both the Twitter comment and blog post were referenced in the discussion that wkleem linked above. Anyway, that was 8 months ago. Hopefully he doesn't still think that.
@wkleem: Change your passwords for affected sites (i.e. not 1Password, but others using CloudFlare and relying on SSL/TLS for their security). There aren't a lot of CloudBleed-specific entries in Watchtower because 1) it can't be determined for many sites and 2) vastly more are already in our database for other, unrelated breaches.