Change Your Passwords. Now.
by GIZMODO.com Article
Review by Charles Mohapel
GIZMODO.com, GitHub.com News ISBN/ITEM#: CM170224MEMORY
Date: 24 February 2017
Having received several warnings in the last 2 days to reset our passwords on various unrelated accounts, we checked the primary websites to verify that these were not phishing scams. It turns out that the warnings to reset our passwords are legitimate. Apparently a massive memory leak from web services and security company Cloudflare may have exposed user data for thousands of sites. It occurs to us that anyone using Cloudflare may wish to switch over to someone with better security.
A massive memory leak from web services and security company Cloudflare may have exposed user data for thousands of sites. In other words: it's time to change your passwords.
There’s lots left to discover about the impact of the leakage -- which is being called Cloudbleed, similar to the Heartbleed bug back in 2014. What we do know that makes this so worrisome is that some of the memory leaks, which may have included user data, was able to be cached by search engines. Once indexed, nefarious types may have scraped and stored that data.
Cloudbleed was discovered by Tavis Ormandy of Google’s security analysist team Project Zero on February 18th. How it was found and patched, and what exactly was causing these leaks is exhaustively detailed by Cloudflare in a blog post. According to Cloudflare, "the greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage."
Our Other Pubs: