The Clouds are Bleeding!

Recent Cloudflare code typo leads to data leakage

Steve Smith talks about the recent Cloudflare issue that resulted from a typo, leading to a potentially unknown amount of data that has been leaked all over the Internet.

Episode #7-26 released on February 25, 2017

Watch on Youtube

Let us start with the first thing I feel I must say, none of my sites use Cloudflare, and that is because it is not compatible with my current designs. Which is not to say my design is better or worse, but my sites don't have the same issues as many services using the Cloudflare service.

Cloudflare has an issue right now were an untold number of passwords, personal information, messages, cookies, etc. have been leaked all over the Internet. This issue has been reported to be occurring since September 22, 2016 and February 18, 2017, and was only noticed by Ormandy, of Google's Project Zero, before being notified of the issue and after that notification Cloudflare secretly fixed the bugs in code, sealing the gaping hole in security.

Now, you think the issue is over, but the problem is only beginning. Many services use Cloudflare, such as Uber, OKCupid, 1Password, Fitbit, etc. That is a fraction of all the services they currently provide services for. The data leaked accidently by Cloudflare contained passwords, personal information, messages, cookies, etc. This means that every service you use, that, also, use Cloudflare, has their user base currently at risk until passwords, secret questions and answers, etc. are all updated and changed. And, furthermore, it is being suggested to move from single factor to multi factor authentication methods as soon as possible to protect your accounts from illegal access from third parties. There is currently nothing that can be done for the data that has already been leaked. Though, it should be noted, the Cloudflare has stated that they are purging any other leaks that can remain across their entire service.

For those wondering, the error is apparently a simple typo, where the equal sign was used, instead of the greater than symbol. Cloudflare is a security company providing DDOS protection, and provides content distribution network access to any web-site that is setup to use it. The service currently works using any gate technology that allows for IP addresses not to be regionally locked, and thus capable of being connected to anywhere in the world with minimal delay, provided the original server is setup correctly, which is a simple process. They currently have a hundred or more geographic Internet exchange points all over the world.

Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net

Sources & Resources