Takealot.com Data Leak

takealot-logo

Cloudflare, which provides services to millions of websites, has revealed that a bug has caused website passwords, cookies, and authentication tokens to be temporarily available in plain text. The list of 4.2 million domains possibly affected includes some of the internet’s most popular websites.

The Internet infrastructure company Cloudflare, which provides a variety of performance and security services to millions of websites, revealed late Thursday that a bug had caused it to randomly leak potentially sensitive customer data across the internet.

The flaw was first uncovered by Google vulnerability researcher Tavis Ormandy on February 17, but could have been leaking data since as long ago as September 22. In certain conditions, Cloudflare’s platform inserted random data from any of its six million customers—including big names like Fitbit, Uber, and OKCupid—onto the website of a smaller subset of customers. In practice, it meant that a snippet of information about an Uber ride you took, or even your Uber password, could have ended up hidden away in the code of another site.

South African e-commerce website, takealot.com compromised.

One of these websites is Takealot.com, the popular online shopping site in South Africa. I have not searched the entire list of 4.2 million sites but I am quite sure that there are a few thousand South African websites affected by this data leak.

What is disturbing is that Takealot.com undoubtedly know about this leak but have not notified any of their customers about the leak and that their personal information could be compromised.

You can search the list here: http://cloudflarelistcheck.abal.moe/

Or you can download the list of 4.2 million sites here: https://github.com/PIRATE/SITES-USING-CLOUDFLARE

It is possible that your passwords and personal information from affected websites may be at risk. I strongly recommend that you immediately change the passwords for accounts that are most critical to you to be strong, unique and not used for any other account. When reused passwords are stolen, it will impact your other accounts. This was true before Cloudbleed and is even truer today.

Notable sites compromised

What the Dawie Roodt incident teaches us.

Dawie Roodt
Dawie Roodt

We have all heard about the economist Dawie Roodt and his family being attacked in his home in Pretoria. It’s a terrifying story and a reality for many South Africans that have fallen victim to mindless, ruthless and murderous gangsters.

Dawie was sitting in his study when his daughter entered the study accompanied by 3 intruders. Apparently one had a gun, one had a knife and the other had a panga. In the house was his wife and their three children. They were tied up, gagged and blindfolded and systematically robbed of their possessions. Eventually Dawie managed to convince the one with the knife to take him to his car under the auspices that he had money in the car. He managed to free his hands and overpower the robber, but not before being seriously wounded in the process. The power went off due to loadshedding and the robbers fled. Dawie was rushed to hospital. Thankfully no-one else was injured or killed.

Don’t be lulled into a false sense of security.

Being secure requires effort.
Being secure requires effort.

One thing stuck by me reading his account of the horrific incident. Dawie said that he didn’t know if attacking the robber was the right thing to do. He’s an economist, well versed in accounting but not in the martial arts.

What should he have done? Do you know what you need to do in such an event? Can it be prevented? What can we learn from this?

I have been trained in unarmed combat and was a instructor in the national defence force and South African police. I have been practising and teaching self-defence for the past 30 years and I would like to share some thoughts that could save your life and the lives of your family. Hindsight is a perfect art as they say, but that is how we learn. Through our own experiences and the experiences of others. Let us not allow this opportunity to learn escape us.

You are never safe.

Don’t think because you live in a security estate that you are safe. Yes, you are safer, but not immune. Don’t think that because the estate has an electric fence and cameras that you are properly protected. You are not. Few people that live in security estates have proper security. Dawie Roodt also though he was safe in a secure estate. We know how that turned out. Don’t be lulled into a false sense of security.

Invest in proper security.

Many people have security. They have burglar bars that are not burglar proof. They have electric fences that are easily scaled by intruders. They have cameras that mean nothing, because identifying a criminal after the fact is too late. They have dogs that can be easily poisoned. They own guns but don’t know how to use them, or keep them locked up in a safe.

Don’t think that standard burglar bars are adequate. I have seen criminals crawl through burglar bars that would seem impossible. There is also no point in burglar bars if your doors are constantly open.

Get decent perimeter security and early warning detection system. Early detection could be in the form of beams around the perimeter of your property. Make sure your security is serviced regularly and in good working order. Make sure your family knows how to operate your security systems.

If you can afford it, employ a guard at night. I know there are people that are going to say that it’s an overkill, but I can’t put a cost on the lives of my family. Get a guard from a reputable security company. It will be the best investment you can ever make for your family.

Prevention is better than cure. If the criminals find your property too difficult to breach, they will move their attentions elsewhere. Make sure you are not regarded as an easy target.

Health and fitness

If you are unhealthy, unfit and overweight you can’t protect your family. Look after your body and exercise regularly.

Self defence

Invest in self defence training for your family. If you have practised scenarios where you are attacked in your home you will be better prepared to deal with it. Importantly, your family will know what to do and will react instinctively in a crisis situation, increasing your chances of survival ten fold. By self-defence I don’t mean the local Karate school. Karate is about as helpful as a plastic knife. Learn self-defence from ex military or police trainers.

Submit or fight?

Every house invasion is different and your reaction will depend on a number of situations. Suffice to say that by not resisting you will have a better chance of survival. This is not necessarily true in a farm setup because robbers have much more time on a farm. It is likely that they will take their time to torture and hurt you and your family. In a residential area they have to be very quick. They don’t have time. The longer they stay the more dangerous it becomes. You have to get them out as soon as possible. Give them what they want – all of it. Don’t even think about it. Don’t try and be clever and waste their time. If they get irritated then you are in trouble.

You can only consider to resist if you KNOW that you are going to win. You can’t gamble with the lives of your family. This means that you must have a clear opportunity to overpower them. Given the right opportunity it is possible, but the odds in Dawie’s case of 3-1 were not good.

Always target the most dangerous one first. The guy with the gun is your first target. If you are able to overpower him and take the gun, you will have the upper hand. In Dawie’s case this could work, but not if the other guys also had guns.

Never split them up. Don’t separate the bad guys because you will be leaving your family alone. Even if you manage to overpower one bad guy, the others will still be with your family and that’s very dangerous. Stick with your family at all times. Stay close to the most dangerous guy. Wait for the right opportunity. You have to get your hands on the firearm in order to deal with the other bad guys. If they are any good, you won’t be able to. Resign yourself to your fate by submitting. Only attack if you KNOW you are going to succeed, because failure can cause the death of your entire family. Knowing when to attack and how to disarm someone requires training.

So what can we learn from the Dawie Roodt incident? As I said, hindsight is a perfect art, but there are lessons. This doesn’t mean that Dawie did anything wrong either. He did the best he could at the time. Perhaps you can do better by learning from his experience.

  • Don’t have a false sense of security. Invest in security even if you stay in a security estate. No-one is safe.
  • Be healthy and fit.
  • Learn self defence from a reputable instructor.
  • Fight only if the odds are in your favour.

Some more of my articles about security and crime: