Cloudbleed – The Major Security Bug of 2017

Here is an overview of Cloudbleed—a security bug which shocked the IT landscape in 2017.

Countdown to 2018 has just begun. 2017 will be known for many technological advancements and security threats as well. One of the major security concerns was Cloudbleed. On 23rd February 2017, Cloudflare revealed the presence of a latest security bug in its system due to the programming error. This bug has risked thousands of users’ info at the risk.

Basically, Cloudbleed leaks out the data of one Cloudflare customer’s to the other that are under the server’s memory on that particular moment. Besides, some of the leaked data chunks are cached by search engines like Google, Microsoft Bing and Yahoo.

In simple words, if you are visiting Cloudflare or its client’s websites, chances are your information including chats, encryption keys, and even passwords can be leaked to the other user who is browsing at the same time.

It’s like as if you are “sitting down at a restaurant, supposedly at a clean table, and in addition to being handed a menu, you’re also handed the contents of the previous diner’s wallet or purse.” (Courtesy: The Register)

Want to know more? Below given information about Cloudbleed will cover your how, what, why and when regarding the bug.

What is Cloudbleed? How It Was Discovered?

As you have read it earlier that Cloudbleed is the security bug that can expose one user’s information to other.

It was discovered by Google Project Zero Team’s member Tavis Ormandy who claimed to inform Cloudflare about the issue on February 17. He cited that buggy code in “its (Cloudflare) edge servers allowed data to run over the buffer and return memory that wasn’t encrypted.” In fact, Tavis Ormandy named it Cloudbleed after the 2014 security bug Heartbleed.

Is Cloudbleed Nasty? How Much Damage It Has Done?

Cloudbleed was dangerous in its earlier stages when it was undiscovered. According to Cloudflare, it has caused over million data leaks between September 22 and February 18, though there is no evidence of data exploitation till date. Good thing is that it is no more threat as Cloudflare has claimed to resolve it. However, more preventing measures are required to prevent it from occurring again. Apart from that, the companies (particularly Cloudflare’s clients) have to figure out whether their customer’s information was influenced.

So this was all about Cloudbleed, a major security threat of 2017, and how much damage it has done. Let’s see which security bug will come on the surface in 2018. Make sure to stick with your basic cyber security practices to avoid being fallen to such security concerns this year.

About Ng Wei Khang

Ng Wei Khang, CEO at a Singapore based IT consultancy company, APIXEL IT Support, has been operational for over 8 years from now. Apixel provides fixed price IT Support Services with unlimited packages that includes small business server setup, Cloud Solution Configuration, Network management and Data security & Theft prevention. The company also provides expert IT consultancy to SMEs in Singapore.

View all posts by Ng Wei Khang →

Leave a Reply

Your email address will not be published. Required fields are marked *