Inquisitor Horus
Proton
- Joined
- Sep 29, 2016
- Messages
- 197
- Nebulae
- 210
In CloudFlare happened major leak of data from client-websites.
In the CloudFlare, world famous company, that provides a variety of services for the maintenance and security of sites, there was a leak of personal data, including cookies, the API, keys and passwords. The company said this two days ago in their blog. While it was not seen cases of deliberate use of these data, but it is necessary to take into consideration, that part of them could be cached by search engines.
How this happened?
The problem was discovered on February 18 Google Project Zero employee Tavis Ormandy, but she could appear September 22, 2016. CloudFlare announced that amount of data leak began to rise since February 13, when a change in the code led to the fact that every 3rd 300 300th HTTP-request became public - and this is serious for a network of this scale.
https://twitter.com/taviso/status/832744397800214528?ref_src=twsrc^tfw
Ormandy said that he found records of hotel reservations, the passwords from the password management, communication with online dating sites. "I do not even know how much of the Internet is in Cloudflare CDN, - he wrote on 19 February. - We are talking about a full HTTP-requests, the IP-address of the client, cookies, passwords, keys, data, everything, "After representatives CloudFlare saw the message Ormandy, they turned off the three features that used the vulnerable code, and contacted with the search engines. to remove cached information.
And what was leaked?
Leakage (informally named Cloudbleed in honor of the exploit Heartbleed) was the result of "buffer overflow" errors in code generated HTML-parser Ragel, previously used by the company. CloudFlare announced that the bug was present in the system for several years, but was only discovered after moving to a different parser, cf-html, that "changed the buffering process" and led to the leak.
The company explains the delay in the announcement of the leak desire to "make sure that all the search engines will be cleared before the public announcement." It is worth noting that CloudFlare was able to detect all three sources of leaks in just 7 hours after posts by Ormandy and it is really fast - remember the recent history with Microsoft, which did not fix the vulnerability for 90 days, causing Google to publicly report it. However, just in case, should change all passwords, considering how much information is actually stored in CloudFlare.
In the process of writing the news, we have found that an enthusiast wrote extension for Chrome, which checks to see if there are sites of your bookmarkers in «Cloudbleed list." Its source code is also available on GitHub.
Also i want o notice, that if you have similar password on a lot of websites - change all, because they can try to use this data not for only steam or neb.cloud
And, on most of big services, like steam, facebook, gmail e.t.c. exist thing named "Double authentification" or "Mobile authentification", that wouldn't allow villiane to get access to your account.
In the CloudFlare, world famous company, that provides a variety of services for the maintenance and security of sites, there was a leak of personal data, including cookies, the API, keys and passwords. The company said this two days ago in their blog. While it was not seen cases of deliberate use of these data, but it is necessary to take into consideration, that part of them could be cached by search engines.
How this happened?
The problem was discovered on February 18 Google Project Zero employee Tavis Ormandy, but she could appear September 22, 2016. CloudFlare announced that amount of data leak began to rise since February 13, when a change in the code led to the fact that every 3rd 300 300th HTTP-request became public - and this is serious for a network of this scale.
https://twitter.com/taviso/status/832744397800214528?ref_src=twsrc^tfw
Ormandy said that he found records of hotel reservations, the passwords from the password management, communication with online dating sites. "I do not even know how much of the Internet is in Cloudflare CDN, - he wrote on 19 February. - We are talking about a full HTTP-requests, the IP-address of the client, cookies, passwords, keys, data, everything, "After representatives CloudFlare saw the message Ormandy, they turned off the three features that used the vulnerable code, and contacted with the search engines. to remove cached information.
And what was leaked?
Leakage (informally named Cloudbleed in honor of the exploit Heartbleed) was the result of "buffer overflow" errors in code generated HTML-parser Ragel, previously used by the company. CloudFlare announced that the bug was present in the system for several years, but was only discovered after moving to a different parser, cf-html, that "changed the buffering process" and led to the leak.
The company explains the delay in the announcement of the leak desire to "make sure that all the search engines will be cleared before the public announcement." It is worth noting that CloudFlare was able to detect all three sources of leaks in just 7 hours after posts by Ormandy and it is really fast - remember the recent history with Microsoft, which did not fix the vulnerability for 90 days, causing Google to publicly report it. However, just in case, should change all passwords, considering how much information is actually stored in CloudFlare.
In the process of writing the news, we have found that an enthusiast wrote extension for Chrome, which checks to see if there are sites of your bookmarkers in «Cloudbleed list." Its source code is also available on GitHub.
Also i want o notice, that if you have similar password on a lot of websites - change all, because they can try to use this data not for only steam or neb.cloud
And, on most of big services, like steam, facebook, gmail e.t.c. exist thing named "Double authentification" or "Mobile authentification", that wouldn't allow villiane to get access to your account.
Last edited:
Reactions:
List
