The companies that provide domain name server and content delivery network called CloudFlare the bug is only a slight code, that has been flowing out an enormous amount of information, such as password, personal information, messages, cookies, etc. If you did not know about this vulnerability called [Cloudbleed] it may be better to read the rest. This is quite a serious issue .
Just after Tavis Ormandy, a member of Google's security analysis team, Project Zero, reported the vulnerability, CloudFlare, one of the world's leading online security companies, immediately took countermeasures.
The problem was the Web site that used CloudFlare's service has leaked data for months, until receiving a bug report from Mr. Ormandy. According to the company, it seems that leaks began in September of 2016, but it is unclear at the moment that a malicious hacker noticed the vulnerability and exploited it before they modified the code.
Cloudflare's customers include a variety of leading online services, including Uber, OKCupid, 1Password ( announced the user's data is safe ), FitBit and so on. In other words, there is a possibility that sensitive personal information leaked out in an unimaginable amount .
A big security vulnerability like Cloudbleed take times to see the full picture of the damage. For now, we should change the password. Of course everything. If possible, let's introduce 2 -step verification. If you do not wish to do so, please read the rest. You will see how serious this case is and why thorough defensive measures are needed.
What is CloudFlare in the First place?
It may not be familiar the name CloudFlare, but many of the online services, we like to prefer, use their skills. Cloudflare calls them - online performance and security companies . Originally it was only an app that follows the source of spam, but now we provide all the services to the website. We also provide security services such as content delivery, domain name server system, and defense against DDoS attacks.
The fact that they are security enterprises makes irony this time more ironic. Various companies pay money and have Cloudflare protect their data. Indeed, this time, its true opposite occurred.
"I tell my investigation to Cloudflare. Private messages of the leading dating site and, conversation full text of a certain famous chat service, password manager of data, video frame of adults video site, hotel booking data, such as is found you. I have to say is, HTTPS request full text, client IP address, response full text, cookies, passwords, keys, data, all is that "said Ormandy Mr. are described as the recommendation. According to him, data seems to have leaked from 3,438 domains only in 5 days during February .
How does Cloudbleed works
Cloudbleed may be interesting if you know some circumstances. Because only one character of CloudFlare's code leads to vulnerability. It seems like a mistake in coding rather than a malicious act, but from the facts found out, Cloudbleed looks a bit like Heartbleed where information leaks out during a particular process. Regarding the magnitude of damage as well, general security services used on many websites are affected, so there is a possibility that it will be as large as Heartbleed.
According to CloudFlare's official blog, the origin of the first thing was the change of the HTML parser to "cf_html". An HTML parser is an application that reads codes and extracts necessary information such as start tag and the end tag. This makes it easy to change the code.
A problem occurred when Cloudflare rewrote the source of cf_html and the source of the previously used parser, "Ragel", to correspond to their software. Little mistakes of code happen to be { " > = " which should be a place of " == " from was "} is buffer overflow ". In other words, the software continues to write data to the "buffer" which is the temporary data storage location where the area is limited, and after filling up the memory, it writes the data to another place (more details refer Cloudflare blog).
Did you Victim yourself too?
It is still unclear which site was damaged. According to CloudFlare, there seems to be only a few complaint that resulted in data leakage, but since it there was no complaints last six months, do not know how much information leaked out. Furthermore, all the sites to erase in order stopping the remaining data even after the leak. The problem is not only that but even if the site is not using CloudFlare's services, CloudFlare users are using it a lot, leaked data may be left on the site .
Mr. Ryan Lackey, who is also an entrepreneur security experts, the blog post would be helpful. His company, CryptoSeal, was acquired by CloudFlare in 2014.
Cloudflare provides technology to major Web services such as Uber, FitBit, OKCupid, and others. So, rather than trying to find out which service your service uses Cloudflare, you should change all passwords on this occasion. In addition, after this update mobile of the app once the logout, and re-login, please. Also, if possible, you should use 2-step verification for services that you think are important.
Changing the password is really troublesome work, but it should be changed regularly regardless of whether there is such a problem or not. Also, it is the best protection against hackers to keep all you can do with two-step certification. Of course, on the net it does not exist in really secure ones, it is Cloudbleed even those with the two-step authentication, it might leaked.
According to Mr. Lackey, the probability that one individual will be affected by this leak is low, and phishing and others are more dangerous. CloudFlare also says that many of the leaked sites are ' forgotten WordPress blogs. ' However, Mr. Lackey says that the most terrible thing about this problem is that this is a trivial level .
Lackey said "This is the smallest level of leakage for CloudFlare, so a slightly greater level of leakage can be a threat to the Internet as a whole". Certainly, if there is a problem with so far with only one letter mistake, what will happen if there is a problem with one line of code?
For backbone systems like CloudFlare, we can hardly deal with it. What you can do is to try self-defense anyway, periodically change your password, or introduce two-step authentication, to prevent hacking beforehand.
