Articles
Pages
Products
Research Papers
Blogs
Search Engines
Events
Webinar, Seminar, Live Classes
Monday, 27 February 2017 02:37

CloudFare Bug Could Be Leaking Personal Info

By: 

Thanks to Google and Tavis Ormandy, your personal information is secure. If you are a frequent user of Uber, Ok Cupid or FitBit, then know that your passwords, messages or the content of your emails might not be personal anymore. Someone out there might be going through your emails or reading your messages as you read this.

Tavis Ormandy is a security researcher who works with Google’s Project Zero. He discovered a bug on cloudFare’s software that has been persistently sending personal information since September 2016. It proliferated this month beginning February 13-18 before discovery. The bad part is that personal information and other details are part of search engine results. This confirms fears of personal data indexing.

 

CloudFare is a security company that provides content distribution services to millions of sites. Amongst these sites are the riding sharing service Uber and the dating site Ok Cupid.

CloudFare is invisible to most users. It plays a crucial role and acts as a funnel where retailers, bankers and insurance companies can route their services securely. Once CloudFare was notified, they took steps to rectify the problem quickly, according to their Co-Founder Mathew Prince. Even though there are no solid indications of data exploitation, it is nevertheless worrisome. Shockwaves can be felt all across the software security world. In a blog post, they said that this data leak was because they were somehow upgrading their code. Running their new and old codes concurrently might have caused the leak. Only a small subset of their websites were compromised.

 

Once CloudFare was notified, they took steps to rectify the problem quickly, according to their Co-Founder Mathew Prince. Even though there are no solid indications of data exploitation, it is nevertheless worrisome. Shockwaves can be felt all across the software security world. In a blog post, they said that this data leak was because they were somehow upgrading their code. Running their new and old codes concurrently might have caused the leak. Only a small subset of their websites were compromised.

 

It is good that this bug was discovered early. CloudFare is a back end and security service provider for most websites. It’s technically invisible for simple internet users, but plays a critical role. Their codes usually crawl through websites picking out HTML errors. With this flaw, it means that when CloudFare code discovers errors, it doesn’t ping back CloudFare monitoring. It instead allows other website utilizing CloudFare services to access these websites and possibly retrieve personal data. This data is readable.

 

CloudFare CTO reassured customers that the problem is being fixed with mitigation above industry standards in use. According to a post on their website, their technical teams were working hard to fix and clean up the bug. They have since reached out to major search engines and requested them to dispose off any cached data that might include leaked personal information.

So, if you are a subscriber of any of their services take a cautious approach and change your password.

Author : Dalmas Ngetich

Source : https://easterndaily.com/cloudfare-bug-leaking-personal-info/

 

 

 

 

Leave a comment

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait
online research banner

airs logo

AIRS is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Subscribe to AIRS Newsletter

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media