Friday, February 24, 2017

Cloudbleed: What you need to know and what you need to do

Cloudflare has had a sizeable data leak. Here's what that means for you.

On February 17, 2017, vulnerability researcher from Google's Project Zero Tavis Ormandy stumbled across what looked like a really nasty data leak from Cloudflare, a web performance and security company. He quickly contacted the "right" people at Cloudflare and the situation was addressed in less than an hour.

Any data breach can be significant. Especially when a service has over one billion users. We'll direct you to the Cloudflare incident report for the full details of what happened (warning: it's pretty technical). In layman's terms, data was leaked that was potentially sensitive. This data was available to anyone, even web spiders used by search engines. SSL keys were not leaked.

The Cloudflare features that used the affected HTML parser (email obfuscation, Server-side Excludes, and Automatic HTTPS Rewrites) were in use by a lot of companies. Most likely companies that you have online accounts with. This means your data may have been exposed.

Mobile Nations, which operates Windows Central, uses some of Cloudflare's services. In fact, you'll find us on the list floating around of sites potentially affected. We have verified that the affected services aren't in use nor have ever been used on any Mobile Nations sites.



from Windows Central - News, Forums, Reviews, Help for Windows Phone http://ift.tt/2mtR4m5
via IFTTT

No comments:

Post a Comment