Using one of these services makes sites much more robust and secure than they probably would be on average if owners attempted to build defenses themselves. The incident was also significant as a reminder of how much rides on large internet infrastructure and optimization services like Cloudflare. But any exposed sensitive data creates risks. Search engines like Google and Bing that crawl the web, though, automatically cached the errant data-everything from gibberish to users' Uber account passwords and even some of Cloudflare's own internal cryptography keys-making it all easily accessible through search.Ĭloudflare worked with search engines ahead of and after the announcement to remove the leaked data from caches, and experts noted that it was unlikely that hackers used the data malevolently the random leaks would have been difficult to weaponize or monetize efficiently. Leaked data was only deposited on a small subset of Cloudflare customer sites, and usually it wasn't visible on the pages themselves. Google vulnerability researcher Tavis Ormandy discovered the problem on February 17, and Cloudflare patched the bug within hours, but the data leakage could have started as early as September 22, 2016.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |