Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Last Daily Podcast (Fri, Feb 24th):#SHA1 Collisions Found; Mirai Botnet Arrest

Latest Diaries

Cloudflare data leak...what does it mean to me?

Published: 2017-02-24
Last Updated: 2017-02-24 18:25:16 UTC
by Rick Wanner (Version: 1)
0 comment(s)

The ISC has received several requests asking us to weigh in on the ramifications of the Cloudflare data leak, also being referred to by some as CloudBleed.

The short version of the vulnerability is that in rare situations, a bug in Cloudflare's edge servers could be triggered, which would cause a buffer overrun to occur. When these buffer overruns occurred, random data would be returned in the replies from the Cloudflare servers. Private chat messages, user logins and passwords, and many other bits of data were found in the random data. This data would be data from any of Cloudflare's customer applications, which is a very big list of some of the most popular sites on the Internet.  Potentially over 4 million domains. (Partial list of popular sites and the full list are available here).  Most seriously, these pages, containing random data, were cached to Google's search results (those results have now been scrubbed of Cloudflare data).  

It is believed that this vulnerability was present from 22 Sept, 2016 until 18 Feb. 2017.

What does this mean to you?  Unfortunately, the data leak means that this needs to be treated as another data breach. If you have an account on any Cloudflare hosted application, which we almost certainly all do, it is time to go and change your passwords.  I would also strongly recommend that you use this as an opportunity to enable 2-factor authentication on any application that supports it.

 

UPDATE 20170224 17:45 UTC: It appears Cloudflare customers have started sending out password change requests. I just received my first a few minutes ago.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Practical collision attack against SHA-1
Feb 23rd 2017
1 day ago by Rick (3 comments)

Quick and dirty generic listener
Feb 22nd 2017
2 days ago by Jim (0 comments)

Microsoft Patch Tuesday, or is that "Patch Next Tuesday"? - Flash Player RCE patched today
Feb 21st 2017
2 days ago by Rob VandenBrink (1 comment)

2 Apple Updates Today as Well - GarageBand and Logic Pro X
Feb 21st 2017
2 days ago by Rob VandenBrink (1 comment)

Investigating Off-Premise Wireless Behaviour (or, "I Know What You Connected To")
Feb 21st 2017
2 days ago by Rob VandenBrink (6 comments)

Hardening Postfix Against FTP Relay Attacks
Feb 20th 2017
4 days ago by Johannes (2 comments)

Brazilian malspam sends Autoit-based malware
Feb 18th 2017
6 days ago by Brad (4 comments)

RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
Feb 18th 2017
6 days ago by Rob VandenBrink (9 comments)

View All Diaries →

Latest Discussions

The format of BGP messages with routeviews
created Feb 22nd 2017
2 days ago by samara (0 replies)

Platform Markings on Headlines
created Feb 9th 2017
2 weeks ago by Anonymous (0 replies)

Automation Software, Consultant or Both?
created Jan 25th 2017
4 weeks ago by Anonymous (1 reply)

Importance of File Integrity Monitoring software
created Jan 18th 2017
1 month ago by Promisec (0 replies)

New Incident Response/Forensics tool : srum-dump.exe
created Jan 12th 2017
1 month ago by Mark (1 reply)

View All Forums →

Latest News

View All News →

Top Diaries

Dyn.com DDoS Attack
Oct 21st 2016
4 months ago by Johannes (9 comments)

Microsoft Patch Tuesday Delayed
Feb 18th 2017
6 days ago by Johannes (7 comments)

Critical Vulnerability in Cisco WebEx Chrome Plugin
Jan 24th 2017
1 month ago by Johannes (10 comments)

Port 7547 SOAP Remote Code Execution Attack Against DSL Modems
Nov 29th 2016
2 months ago by Johannes (21 comments)

RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
Feb 18th 2017
6 days ago by Rob VandenBrink (9 comments)