CLOUDBLEED: CLOUDFLARE HACKED, YOUR PASSWORD IN DANGER OF SECURITY BRIDGE!

in hacked •  7 years ago  (edited)

Greetings everyone, how safe is YOUR PASSWORD.
Sometime ago, Web-infrastructure provider CLOUDFLARE disclosed the discovery and subsequent mitigation of a bug — now known as “CLOUDBLEED” — in its system. This was a big-deal bug, and it’s been patched (though, in some cases, the more paranoid might want to change their passwords), and you’re welcome to take my word for it and stop reading now. But if you’d like to know what happened, why, and what you should do, read on.

Before understanding the bug, it’s important to understand what Cloudflare is. Cloudflare provides a number of services to millions of websites, mostly focused on maintaining those sites’ stability and security. They’ll mirror sites and set up redundancies if the site suddenly becomes swarmed with traffic, or handle a site’s implementation of SSL, the system that provides secure web traffic. They’re used by many large tech companies — some of which you almost certainly use yourself — but generally speaking, Cloudflare works unseen in the background; and if you’re just a casual web browser, there’s no reason you should have heard of it.

Still, it’s an extremely important company for the infrastructure of the internet. Long story short, a portion of the traffic between you and the websites you use flows through Cloudflare. And, in fact, many different websites use the same Cloudflare hardware at the same time.

IMG-20170704-WA0003.jpg

So: Cloudbleed, now what? The big problem with the bug was that Cloudflare would return sensitive data stored on uninitialized memory when an HTTP request was made under very specific circumstances and technological configurations. The Google team that found the bug was finding “private messages from major dating sites, full messages from a well-known chat service, online password-manager data, frames from adult-video sites, [and] hotel bookings.”

WHAT TO DO NOW?

  • Regularly update or change your password for security reasons (suggestively, minimum of 16 strong characters).

  • Make sure you mix alphanumeric and symbols together for a stronger password configuration, with $, &, #, @,_, /, etc. As your password make up characters.

  • Activation of 2FA when possible, this will go a long way safeguarding your investment and online assets. Have a hard copy backup of your security API keys.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
http://nymag.com/selectall/2017/02/what-is-cloudbleed-cloudflare.html

Alright Cheetah, you've won this time.
Keep it up

that's hilarious! lol

Good article, but with bruteforce attacks it's about the length of the password and symbols doesn't matter much. So If I were you I would change the what to do, to: Make sure you use atleast 12 characters and symbols

Great contribution Sir, right up with your suggestion

Congratulations @bitdude! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!