Pages: [1]   Go Down
  Print  
Author Topic: CloudBleed: What you need to know  (Read 418 times)
HCK
Global Moderator
Hero Member
*****
Posts: 79425



« on: February 27, 2017, 04:05:22 pm »

CloudBleed: What you need to know

CloudFlare, a popular internet intermediary service that provides performance and security for a host of other sites, has had a large data leak.

Dubbed "CloudBleed", it made potentially sensitive information available online, including from popular sites like OKCupid and Authy.

What happened with Cloudflare?

From the CloudFlare blog:


  Last Friday, Tavis Ormandy from Google's Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare.
 
  It turned out that in some unusual circumstances, which I'll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.
 
  For the avoidance of doubt, Cloudflare customer SSL private keys were not leaked. Cloudflar...

Source: CloudBleed: What you need to know
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: