时间:2024-09-22 08:33:59 来源:网络整理 编辑:行业动态
Cloudflare, one of the giants of internet security responsible for keeping the websites we all visit
Cloudflare, one of the giants of internet security responsible for keeping the websites we all visit safe, is itself the source of a vulnerability that has the potential to rival the Heartbleed bug of 2014. And to make things worse, we don't even know the full extent of the damage yet.
Let's get this out of the way early: Change your passwords.Starting with Uber, Ok Cupid, Yelp, Fitbit, and Authy. But if you don't use the services, don't get complacent. There's a long list of sites that could be affected, and new ones are bound to be added, so stay vigilant.
The leak, being referred to as "Cloudbleed," is a vulnerability that has divulged everything from passwords to private messages on dating sites, hotel bookings and other personal info. And to make things more terrifying, even sites that don’t use the company's service but have a lot of Cloudflare users could have compromised data on their servers.
SEE ALSO:Feds secretly forced Twitter to disclose a user's identity — twiceCloudflare officially announced the situation in a blog post on Thursday night, attributing it to an error in coding that resulted in a "buffer overrun" that was "quickly identified." Cloudflare’s software works to store your data in securely, but because of this bug, some data was accidentally leaked in a way that was not secure enough. Cloudflare has worked to fix this, but the problem is search engines like Google often cache a version of the data, and because of this it’s possible that the data is still out there.
A member of Google's Project Zero team, Tavis Ormandy, noticed the suspected security issue with Google's Edge Network to Cloudflare last Friday, however, the leak could reportedly have begun back on Sept. 22, 2016.
Tweet may have been deleted
As for the information in jeopardy, Ormandy feels you have good reason to fear. "The examples we're finding are so bad ... I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings,' he wrote. "We're talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything."
Tweet may have been deleted
In his online forum, Ormandy detailed his time spent working with Cloudflare to resolve the issue, and admitted he is unaware what information, if any, was compromised. "I don't know if this issue was noticed and exploited, but I'm sure other crawlers have collected data and that users have saved or cached content and don't realize what they have, etc.," Ormandy wrote.
"I didn't realize how much of the internet was sitting behind a Cloudflare CDN until this incident."
When Are Next2024-09-22 08:26
J.K. Rowling tweets heartbreaking video of Heather Heyer's mother2024-09-22 07:42
New Snapchat geofilter to lure teen voters in Scotland2024-09-22 07:17
Snapchat Stories search is here, will deluge you with puppy videos2024-09-22 06:17
If aliens harnessed solar power, could we detect them? NASA investigated.2024-09-22 06:13
Argentines celebrate 'new stage' in Messi's career with PSG2024-09-22 06:08
Those GoFundMe campaigns can't simply buy Congress's internet history2024-09-22 06:06
Adidas reveals upcoming super fly 3D2024-09-22 05:59
Aricell CEO arrested in first case under industrial accidents law2024-09-22 05:52
Life hack from Mariah Carey: to feel fancy, just bathe in your diamonds2024-09-22 05:49
North Korea says it conducted important test to develop multiple warhead missile2024-09-22 08:20
NASA just launched a probe on a mission to sample an asteroid2024-09-22 08:04
[INTERVIEW] Russia brushes off arms deal allegations, flaunts ties with North Korea2024-09-22 07:29
This 'sniffer plane' is how the U.S. monitors North Korea's nuclear tests2024-09-22 07:28
What to expect from Apple's September event: iPhone 16, Apple Watch 10, and more2024-09-22 06:46
Top diplomats of NK, Russia discuss 'upcoming political contacts': reports2024-09-22 06:29
Very excited dad nails insane frisbee golf shot. Son doesn't care.2024-09-22 06:28
S. Korea imposes sanctions on 11 vessels over N. Korea's illegal ship2024-09-22 06:24
NASA's new plan keeps Starliner astronauts in space until 20252024-09-22 06:12
Wikileaks retracts Twitter poll speculating about Clinton's health2024-09-22 05:50