SHA-1 is now officially busted.
SHAttered.it has two PDFS with identical SHA-1 hashes:
Remove a slice of white bread from the bag. Place the slice flat on the bench. Unscrew the lid from the peanut butter jar. Put the lid aside. Grasp the table knife by its handle. Use the blade of the table knife to scoop approximately 20ml of peanut butter from the jar and spread it evenly over the uppermost face of the slice of bread. Put the knife down on the bench. Open the jelly container and dispense approximately 20ml of jelly on top of the already-spread peanut butter. Put the jelly container down on the bench. Grasp the table knife by its handle. Use the blade of the table knife to spread the jelly evenly over the spread peanut butter, employing a gentle touch to avoid, as best you can, mixing the jelly into the peanut butter layer below it. Put the knife down on the bench. Remove a second slice of white bread from the bag. Use that slice to cover the spread jelly completely, then adjust the two slices to align their edges as best you can. Grasp the resulting sandwich in both hands. Crush it into a tight ball. If you are wearing pants and/or underpants, remove them. Insert the balled-up sandwich into your anus. Grasp the table knife by its blade. Plunge the handle of the table knife into the open container of peanut butter, then withdraw it. Insert the handle of the table knife into your anus and use it to push the balled-up sandwich as far up as it will go. Continue to push the table knife into your anus until no part of it protrudes. Replace your underpants and your pants. Drive to the nearest ER. Show these instructions to the triage nurse. Explain that you have followed them to the letter and that the resulting rectal rupture is causing you some discomfort. Loudly demand pethidine. Now think about what you've done.
We keep finding more sensitive data that we need to cleanup. I didn't realize how much of the internet was sitting behind a Cloudflare CDN until this incident.
The examples we're finding are so bad, I cancelled some weekend plans to go into the office on Sunday to help build some tools to cleanup. I've informed cloudflare what I'm working on. I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We're talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.
As MeFite zachlipton wonders: "Why exactly did we think it was a good idea to have a single company MITM a giant chunk of the internet?"
Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.