You are reading the article What The Cloudbleed Leaks Tell Us About Online Security updated in September 2023 on the website Nhahang12h.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested October 2023 What The Cloudbleed Leaks Tell Us About Online Security
An astounding amount of websites use reverse proxies and DDoS mitigation services such as Cloudflare (e.g. Reddit) to protect them from major catastrophes and keep the lights on consistently. These services often market themselves as providers of security and performance enhancement.
What Is All This?!For the uninitiated, Cloudflare is a service that acts as a middleman between your website and the wider Internet. When you go to a site that uses the service, you are actually connecting to Cloudflare which connects to the site and relays its output to you. It will cache some of the more frequently visited pages so that the site doesn’t have to reply every single time someone connects, thereby reducing the impact that large amounts of traffic have on the local server. This also helps reduce the impact that distributed denial of service (DDoS) attacks have on your site since there’s a middleman that can thwart the brunt of these attacks, acting as a sort of traffic light that lets legitimate visitors through and stops bots in their tracks. Cloudflare and other reverse proxy services (like Incapsula and Akamai) will often market themselves as purveyors of website security.
What Is Cloudbleed?Cloudbleed is an event in which a bug was discovered in Cloudflare’s software by a member of Google’s Project Zero team that uncovered private messages from major websites, online password manager data, and full HTTPS requests from several other servers. Cloudflare’s response to connection requests would often overrun their allocated buffer space and present data from any other customers accessing websites at that point in time. It leaves everything out in the open and presents a catastrophic security risk for anyone using or owning websites that rely on the service.
The bug was patched towards the end of February, although the service admits that data leaks may have been going on as early as the introduction of its new HTML parser on 22 September 2023.
Lessons LearnedIf you’ve been reading our stories for a while, you may remember a very similar event known as Heartbleed back in 2014 in which websites using OpenSSL were vulnerable to an exploit that could expose fragments of private data to snooping parties. This together with the more recent Cloudbleed kerfuffle teaches us one valuable lesson: nothing is one hundred percent reliable, not even the services with the explicit purpose of protecting you.
This is not meant to bash Cloudflare. The bug could have happened to any service. The point here is that the Internet is not a place where you should expect a guaranteed level of safety. You could do everything possible to protect yourself and still be left out in the open by a situation that you have no control over.
What Should You Do?The truth is, as Inc.Com’s Joseph Steinberg writes, “The current risk is much smaller than the price that would be paid in increased ‘cybersecurity fatigue,’ leading to much bigger problems in the future.” What he means to say here is that the nature of the bug makes the chances that your password leaked so astronomically low that changing it will only have the effect of wearing you down. When a real crisis hits, you may be too exhausted by all the noise, panic and hype that you may ignore a call to change your password in a crucial moment. Cloudbleed isn’t that moment. But by all means, if you really feel the need to do so, change your password.
Other than that, just remain vigilant and do not ignore emails from the services you love. The moment a crisis hits, they’ll most likely send you a friendly letter with everything you need to know about it and might even provide suggestions on what you should do to ensure you aren’t affected.
Miguel Leiva-Gomez
Miguel has been a business growth and technology expert for more than a decade and has written software for even longer. From his little castle in Romania, he presents cold and analytical perspectives to things that affect the tech world.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox
Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time.
You're reading What The Cloudbleed Leaks Tell Us About Online Security
Update the detailed information about What The Cloudbleed Leaks Tell Us About Online Security on the Nhahang12h.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!