Biochemicals and Nutraceuticals News Advancing nutraceutical quality since 1994
Featured Company:
LIDTKE supplements
Manufacturer of the World's Highest Quality L-Tryptophan Visit Page

Cloudbleed bug compromises personal information

February 26, 2017 •

A new security bug has compromised personal information all across the internet. Thousands of popular websites that use the Content Delivery Network (CDN) Cloudflare were compromised. Random chunks of secure data were passed to the wrong users, including passwords, images, private messages, frames from private video -- everything.[2,3,4,5]

Some of the information was being passed to search engine spiders, and made publicly available as cached webpages through search engines such as Google. This started happening back in September 2016. It is only anyone's guess how long this took to be noticed and for certain individuals to start harvesting as much of the private data as possible.

Some bitcoin sites such as coinbase.com and blockchain.info were among the compromised websites. Users are urged to update passwords, and their old passwords may have been revealed.

What is known is that starting on February 13, 2017 a lot more of the information started being compromised. Apparently that is when knowledge of the bug was first distributed in various security communities and unidentified users began collecting information. It took 5 days for this to be stopped.

Tavis Ormandy, a British bug hunter, discovered the problem by chance a week ago, when he noticed that large chunks of private data were sitting inside of cached pages that been crawled by the Google search engine spider.

A lot of the compromised data has already been scrubbed from the cache, and Google already already found and removed most of the data, but not all of it has been, and Google is far from the only web caching service. Resourceful individuals would still, presently, be able to harvest private information.

A list of compromised websites that use Cloudflare has been released.[1]

[1] https://github.com/pirate/sites-using-cloudflare

[2] https://www.theregister.co.uk/2017/02/24/cloudbleed_buffer_overflow_bug_spaffs_personal_data/

[3] https://www.lifehacker.com.au/2017/02/cloudflare-cloudbleed-bug-exposes-sensitive-data-who-is-affected/

[4] https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

[5] http://gizmodo.com/everything-you-need-to-know-about-cloudbleed-the-lates-1792710616

Disclaimer: This website is intended for educational purposes only and is not intended to replace the diagnosis or recommendations of a health-care professional. The opinions expressed in this website belong to the author only. This information is provided to you in its original, unedited form as an educational and technical service by BIOS Biochemicals Corp. in accordance with The Dietary Supplement and Education Act of 1994, section 403B(a). No claims to product benefits are being made. No statements have been evaluated by the Food and Drug Administration. No dietary supplement products are intended to diagnose, treat, cure or prevent any disease.
© 2107 BIOS Biochemicals Corp. All Rights Reserved.