Cloudflare CTO Goes Inside the Cloudbleed Bug
Cloudflare’s chief technology officer was frank and apologetic about February’s Cloudbleed bug during today’s Virus Bulletin 2017 keynote. Continue reading Cloudflare CTO Goes Inside the Cloudbleed Bug
Category Archives: Cloudbleed
Security News – Paul’s Security Weekly #503
The risks of using an Android password manager, another WordPress plugin is flawed, hidden backdoors, Cloudbleed gets triggered, and more in this week’s security news! Full Show Notes Subscribe to YouTube Channel Security Weekly Website Follow us on Twitter: @securityweekly http://traffic.libsyn.com/pauldotcom/Pauls_Security_Weekly__503_-_Security_News_converted.mp3 Continue reading Security News – Paul’s Security Weekly #503
Threatpost News Wrap, March 3, 2017
The news of the week is recapped, including the fallout around CloudBleed, the CloudPets breach, and a Slack token bug. The life of Howard Schmidt is also remembered. Continue reading Threatpost News Wrap, March 3, 2017
Cloudflare chief pledges third-party review of code
‘No evidence’ that attackers exploited the vulnerability, says Cloudflare CEO Continue reading Cloudflare chief pledges third-party review of code
Cloudbleed Triggered 1.2M Times, Damage Kept to Minimum
Cloudflare said it could not find evidence of malicious exploitation of the Cloudbleed vulnerability, even though the bug was triggered 1.2 million times. Continue reading Cloudbleed Triggered 1.2M Times, Damage Kept to Minimum
Google Search Results Still Expose Sensitive Data Leaked by ‘CloudBleed’ Bug
Despite helping fix the bug, Google hasn’t cleaned up all the exposed leaked data from its search results. Continue reading Google Search Results Still Expose Sensitive Data Leaked by ‘CloudBleed’ Bug
Threatpost News Wrap, February 24, 2017
Mike Mimoso and Chris Brook recap RSA and discuss the news of the week including the impact of Cloudflare’s “Cloudbleed” bug, Google breaking SHA-1, and more. Continue reading Threatpost News Wrap, February 24, 2017
Cloudbleed — Your Credentials Cached in Search Engines
In case you are still wondering about the SHA-1 being broken and if someone is going to be spending hundreds of thousands of dollars to create a fake Certificate Authority and sniff your OkCupid credentials, don’t worry. Why spend so much money when your credentials are being cached by search engines?… Wait, what?
A serious combination of bugs, dubbed Cloudbleed by [Tavis Ormandy], lead to uninitialized memory being present in the response generated by the reverse proxies and leaked to the requester. Since these reverse proxies are shared between Cloudfare clients, this makes the problem even worst, since random data …read more
Continue reading Cloudbleed — Your Credentials Cached in Search Engines
Cloudflare Bug Leaks Sensitive Data
Cloudflare has fixed an issue where its customer traffic was leaking memory that included sensitive information including authentication cookies, POST data and more. Continue reading Cloudflare Bug Leaks Sensitive Data
Am I Affected by Cloudbleed?
Yesterday, Cloudflare posted an incident report on their blog about an issue discovered in their HTML parser. A very nice report which is worth a read! As usual, in our cyber world, this vulnerability quickly received a nice name and logo: “Cloudbleed“. I’ll not explain in details the vulnerability here,
[The post Am I Affected by Cloudbleed? has been first published on /dev/random]