San Francisco (AFP) - Internet users Friday were being urged to change all their passwords in the wake of a Cloudflare bug that could have leaked passwords, messages and more from website visits.

A Cloudflare service used by millions of websites to enhance security and performance said that it had fixed the flaw quickly after being alerted a week ago by Google researcher Tavis Ormandy.
only a week ago . k

"It turned out that in some unusual circumstances, our edge servers were running past the end of a buffer
really
and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data,"
that all
Cloudflare chief technology officer John Graham-Cumming said in a blog post.

"And some of that data had been cached by search engines."
OKayeeee
Essentially, sensitive data intended to be temporarily stored overflowed
oh
"buffering" memory space and was then tucked
tucked huh
into more exposed spots such as web pages that could then be captured by online search engines,
tucked and captured
according to descriptions of the bug.

"We fetched a few live samples
really
you really fetched em alive
and we observed encryption keys, cookies, passwords, chunks
not chunks to
of POST data and even HTTPS requests for other major Cloudflare-hosted sites from other users," Ormandy said in an online post about the flaw.

"This situation was unusual, (personally identifiable information) was actively being downloaded by crawlers
uh huh
and users during normal usage, they just didn't understand what they were seeing."
dumb fuks
Ormandy said in a Twitter message fired off from @taviso that Cloudflare has been leaking information for months,
months huh
jeopardizing supposedly secure data at major websites including Uber, OKCupid, Fitbit and 1Password.

A cry for people to change all of their online passwords because of the bug buzzed at Twitter, where "#CloudBleed" hashtag was a trending topic.

so everything is normal ?
chunks lined up in a row , crawlers tucked in jeopardizing buffeted overflow of buzzed bugs fetched cloudfare cloud bleeding
simple

 

Can anyone translate ?

 

Yes, computer novices like me and others don't stand a chance. Bugs, viruses, compromised programs, and such are not "if", but "when"...I have the dead laptop to prove it. Fucking miscreants.

 

Yeah its an amusing read.
like WTF Are you talking about

running past the end of a buffer
is that overshooting the end of the airfield runway

sensitive data intended to be temporarily stored overflowed
raining ?

 

Anytime there is a breach it is never good but it isn't as bad as some are making it out to be and like I have said a million times that cookies are the weak link in any program. The one's here are not encrypted and I have said before that if you ever forget your password I can tell it to you in most cases but NEVER go look unless I am asked by a member that I can verify is their account ... Check that, never is a little strong and "rarely" would be a better word LOL.

One of the cookies allows certain people to log into a few websites without a password and it fucking drives me crazy when programmers don't write complete escapes or have incomplete strings into their code and I have warned admin here of that concern too ...

This one is relatively small and didn't affect all of their customer base but they jumed all over it and plugged the leak and it never hurts to refresh your passwords regularly anyway.

The biggest problem with this is that some search engines "cached" the information so until all of them can purge their servers the bug will still be floating around but they wrote countermeasures to combat the weakness.

People pay me good money to debug their software for good reason, I am not in a hurry to bring something to market before it is failsafe and if they are I won't take them on as clients because they are making cost the determining factor and in my opinion quality should take that spot ...

You can have the best AV software in the world but unless it has the "definitions" in it's database, it won't detect a problem like this since it is a source code problem and not an end user problem. I use cyber security defense that took us 5 years to write and test before we implimented it in our systems and because of that we get a lot of "hosting" requests from businesses that know they would be secure with us, but we turn most down and don't need the headache.

The problem is in the authenication cookies and tokens and I just did a search and found a few affected ones in a Bing and Yahoo search so the bug is still looking for another host. It is in the hands of website administraors on their end to fix this and all you can do is reset your password but even that for some websites might not be worth the trouble to do a "forced" reset.

Uber was hit the hardest by this "bug" and btw the damage is around 0.00003% of searches and millions may sound like a lot but considering that there are billions of users it isn't as bad as it sounds.

 

This is a "bug" and not a virus btw. Chalk that up to bad programming and worse debugging.

 

Many of us have been saying since the advent of a net -- for me about 1980 with an intra net -- NOTHING is safe on a network. There are too many people with too many computers and too much time who hack just to hack.

 

Network or otherwise ,
anybody who thinks anything on the internet is safe , has their proverbial in the sand ,
or up their arse.

 

What about when the xnxx servers were hacked. They got a government agency involved. Bet you folks didn't know that, lol.