Challenges at Cloudflare
Publish on: 2 March 2017
Last week Cloudflare announced a critical software bug that caused confidential data like passwords, cookies, authentication tokens to leak in plain text from its customers’ websites. A major setback for the content delivery network, which offers enhanced security and performance to more than 5 million websites.
Remediation was made difficult as some data was automatically cached by search engines. This made particularly difficult to clean up after discovery. Cloudflare asked some big player (Google, Bing, Yahoo and other search engines) to scrub data manually
The leakage event took place mostly from Feb. 13 to Feb. 18. Then, 1 in every 3,300,000 HTTP requests to Cloudflare sites would have caused data to be revealed. Would be attackers could have then accessed data in real-time, or later through search engine caches. Cloudflare’s investigations revealed no evidence that hackers had discovered or exploited the bug.
Some cyber security experts expressed frustration that Cloudflare didn’t move faster in the remediation process and that the company’s final blog post on the matter “severely downplays the risk to customers”. Many did acknowledge that Cloudflare was responsive and responsible as possible in managing this emergency.
From our perspective at SNAPI Guard – companies require flexible options for DDoS and other security incidents either caused by hackers or errors by partners and suppliers – hybrid, always on – or “clean pipe” protection fully managed by the highest level cyber security experts.
In short, it is up to organizations to always be vigilant and protect themselves with the best solutions possible.
CLICK HERE TO ACCESS THE THREAT FACED BY YOUR ORGANIZATION. UNDER ATTACK? CALL 1 844-557-6274.