CloudBleed

[jjjackson]

Does this site have a problem?

Wow, the website uses cloudflare, and therefore, was subject to Cloudbleed!

HTML Code:

http://www.doesitusecloudflare.com

Try this url and see what happens.

It's a good thing almost all the personal info we put on this site is a lie.

Edit: I check the Papiao site and it passed the test.

[jjjackson]

WHAT IS CLOUDFLARE
CloudFlare is a CDN, CDN standing for Content Delivery Network. I will explain it in words, but there is also a handy info graphic- so if you don’t feel like reading, scroll down a bit.

When you attempt to load a website, you are loading it from a server. The webmaster will have a server, or use a web hosting provider (this server is called the origin server).

Things that affect web-loading speed are (extremely simplified):

Speed of Origin Server (this can be negated with a CDN, will get onto that later)
Traffic on Origin Server (can also be negated by CDN)
Distance between you and the origin server (Can also be negated with a CDN!)
How does a CDN negate this? Here we go:

CDNs host the website,
It does this by caching, so it will download every few minutes or so, removing weight off the origin server
CDNs can detect where you are, and then calculate the closest server, so instead of connecting to a on the other side of the world, you are connecting to one in your own country.
CDN servers are also much, much faster than traditional servers.

WHAT CAUSED THE CLOUDFLARE LEAK
CloudFlare was returning memory, that contained customer data that should be private. This data could include (depending on the site) passwords, authentication tokens, HTTP post bodies.

Here comes the problem: Some of this data was being cached by search engines.

Google’s Project Zero told CloudFlare of this bug in secret (called responsible disclosure), instead of revealing it to the public. CloudFlare immediately solved this bug, then made a press statement, telling people what happened. CloudFlare don’t know how long this bug has been there for, so, they warned people that they should change their passwords.

WEBSITES EFFECTED BY THE CLOUDFLARE LEAK
We can’t get the exact list of all the sites affected by the CloudFlare Leak, but this is a list of all the websites that use CloudFlare (22mb size .txt), and this is a list of the companies who admitted they have been affected:

android-cdn-api.fitbit.com
cdn.meaww.com
conservativetribune.com
cn-dc1.uber.com
data-api.teespring.com
discordapp.com
dmsprod.shrbt.com
gateway.discord.gg
img.kpopmap.com
intangibleobject.uservoice.com
iphone-cdn-client.fitbit.com
mp3net.az
offtopic.com
roomimg.stream.highwebmedia.com
runningboardwarehouse.com
s7.addthis.com
secure.meetup.com
us43.blackfdsessionfz.co
www.blackfridaydeals2016.co
www.bungie.net
www.kiwidisk.com
www.matchedcars.com
www.metroseks.com
www.pledgesociety.com
www.projectwonderful.com
www.stay22.com
www.taxslayer.com
www.vaseljenska.com
xa.firefox1.com
cn-dc1.uber.com
If a site you use is listed there, CHANGE YOUR PASSWORD.



FOOTNOTE
In technology, things like this happen, it is inevitable. With the constant growth of technology, there are bound to be mistakes and missteps. The least we can do is be prepared. Computerphile will explain this in a much simpler, and more detailed way, and if you wish to remain safe, use this site.

We need your questions. Hopefully this week we can do a Q&A were I take the most suggested questions and do my best to answer them. So, be sure to send us questions on Facebook and Twitter, and answers will be provided.

As per usual…

Follow us on Twitter, like us on Facebook and subscribe to our subreddit (reddit was affected by CloudFlare, but password reset is not needed). If you haven’t already subscribe to our newsletter by entering your email into the box on the homepage.