Cloudbleed

March 4, 2017 | Views: 3013

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello, everyone!

A new attack came into existence in the “bleed” family. By “Bleed family” I mean Heartbleed, Ticketbleed and now the newest Cloudbleed.

Cloud flare faced the problem “Cloudbleed” last week. So, before starting what cloud bleed is, we need to understand what CloudFlare is.

CloudFlare provides essential internet infrastructure and security to millions of websites, mostly focusing on maintaining those site’s stability and security. Cloudflare is responsible for secure web traffic. It provides faster loading, DDoS mitigation, firewall protection and several other options that you need to be secure while surfing the internet. For those who want to gain a more comprehensive understanding, can go to the CloudFlaree website.

Now, let’s understand what Cloudbleed is –

Cloudbleed is the biggest security glitch in CloudFlare security, to date. Many commonly known and visited websites use CloudFlare services, so the users that have personal data on those sites could have their data compromised due to the flaw in CloudFlare. This is the serious issue because CloudFlare would return sensitive data stored in uninitialized memory while making HTTP requests under some specific technical circumstances. Discovered by Google Project Zero security researcher Tavis Ormandy, according to him, it is a major flaw in CloudFlare security that causes the leakage of private session keys and other sensitive information across websites hosted behind CloudFlare.

There was a typo mistake in HTML code which gives the permission to add an extra character and in return, it could be an overflow returning many of the private data of many users.

That’s it for now. If you are not familiar with the news, watch the following video:

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
3 Comments
  1. Is this an Buffer Overflow attack?

  2. very fast application, i l’île it better

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 871 / December 14, 2019
How do I Get MTA Certified?
Views: 1425 / December 12, 2019
How much does your PAM software really cost?
Views: 1862 / December 10, 2019
How Do I Get into Android Development?
Views: 2251 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel