Steve Smith talks about the recent Cloudflare issue that resulted from a typo, leading to a potentially unknown amount of data that has been leaked all over the Internet.
Episode #7-26 released on February 25, 2017
Let us start with the first thing I feel I must say, none of my sites use Cloudflare, and that is because it is not compatible with my current designs. Which is not to say my design is better or worse, but my sites don't have the same issues as many services using the Cloudflare service.
Cloudflare has an issue right now were an untold number of passwords, personal information, messages, cookies, etc. have been leaked all over the Internet. This issue has been reported to be occurring since September 22, 2016 and February 18, 2017, and was only noticed by Ormandy, of Google's Project Zero, before being notified of the issue and after that notification Cloudflare secretly fixed the bugs in code, sealing the gaping hole in security.
Now, you think the issue is over, but the problem is only beginning. Many services use Cloudflare, such as Uber, OKCupid, 1Password, Fitbit, etc. That is a fraction of all the services they currently provide services for. The data leaked accidently by Cloudflare contained passwords, personal information, messages, cookies, etc. This means that every service you use, that, also, use Cloudflare, has their user base currently at risk until passwords, secret questions and answers, etc. are all updated and changed. And, furthermore, it is being suggested to move from single factor to multi factor authentication methods as soon as possible to protect your accounts from illegal access from third parties. There is currently nothing that can be done for the data that has already been leaked. Though, it should be noted, the Cloudflare has stated that they are purging any other leaks that can remain across their entire service.
For those wondering, the error is apparently a simple typo, where the equal sign was used, instead of the greater than symbol. Cloudflare is a security company providing DDOS protection, and provides content distribution network access to any web-site that is setup to use it. The service currently works using any gate technology that allows for IP addresses not to be regionally locked, and thus capable of being connected to anywhere in the world with minimal delay, provided the original server is setup correctly, which is a simple process. They currently have a hundred or more geographic Internet exchange points all over the world.
Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net
Feel free to ask more questions, comment on the content, share other possible solutions, and suggestions. An account is required, please register, or login to leave your comment. Thank you for your input.
Playing yet again as Talion, infused with the spirit of the Elf Lord Celebrimbor, you continue you quest against Sauron with a new ring forged, free of his corruption. You start the story seeking out Shelob, a Spider Queen who has recently kidnapped Elf Lord Celebrimbor, and you must make a heavy sacrifice in order to return in to your body. From then on you must fight against the hordes of Orcs commanded by Sauron to free Mordor, starting with the city Minas Ithil, where the Palantir is located. The Palantir is a valuable tool that would allow anyone to see what they would like to see, making it a great tool in winning the war over the entirety of Middle-earth. Your task, prevent Sauron by gaining the upper hand, or everything is lost.
Published on November 12th, 2017