Ready to Start Your Career?

Cloudbleed

bachan 's profile image

By: bachan

March 4, 2017

cloudbleedHello, everyone!A new attack came into existence in the "bleed" family. By "Bleed family" I mean Heartbleed, Ticketbleed and now the newest Cloudbleed.Cloud flare faced the problem "Cloudbleed" last week. So, before starting what cloud bleed is, we need to understand what CloudFlare is.CloudFlare provides essential internet infrastructure and security to millions of websites, mostly focusing on maintaining those site's stability and security. Cloudflare is responsible for secure web traffic. It provides faster loading, DDoS mitigation, firewall protection and several other options that you need to be secure while surfing the internet. For those who want to gain a more comprehensive understanding, can go to the CloudFlaree website.Now, let's understand what Cloudbleed is -Cloudbleed is the biggest security glitch in CloudFlare security, to date. Many commonly known and visited websites use CloudFlare services, so the users that have personal data on those sites could have their data compromised due to the flaw in CloudFlare. This is the serious issue because CloudFlare would return sensitive data stored in uninitialized memory while making HTTP requests under some specific technical circumstances. Discovered by Google Project Zero security researcher Tavis Ormandy, according to him, it is a major flaw in CloudFlare security that causes the leakage of private session keys and other sensitive information across websites hosted behind CloudFlare.There was a typo mistake in HTML code which gives the permission to add an extra character and in return, it could be an overflow returning many of the private data of many users.That's it for now. If you are not familiar with the news, watch the following video:
Schedule Demo