Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


jarledb

Webhead
3253 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

#208716 24-Feb-2017 13:08
Send private message

Cloudflare Reverse Proxies are Dumping Uninitialized Memory

 

We keep finding more sensitive data that we need to cleanup. I didn't realize how much of the internet was sitting behind a Cloudflare CDN until this incident.

 

The examples we're finding are so bad, I cancelled some weekend plans to go into the office on Sunday to help build some tools to cleanup. I've informed cloudflare what I'm working on. I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We're talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.

 

 

 

This is scary. There is good reason to belive that a lot of peoples passwords and other sensitive data have been compromised through this security bug.

 

Not impressed by Cloudflare dragging their feet in making this exploit public.

 

 





Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.


Create new topic
hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #1725658 24-Feb-2017 13:12
Send private message

This is certainly a scary one..

 

 

 

@freitasm have an offical comment from cloudflare?





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 




clinty
1182 posts

Uber Geek

Lifetime subscriber

  #1725669 24-Feb-2017 13:31
Send private message
freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1725670 24-Feb-2017 13:31
Send private message

Reading through the linked thread/disclosure I see Cloudflare had turned off the features causing the issue when notified, four days ago. I also see they have already provided a post-morten here.

 

We didn't use those features so I am not worried. I think their response was effective. I wonder why the OP wrote "Not impressed by Cloudflare dragging their feet in making this exploit public." when the thread in question already had a response from Cloudflare (including a link to the post-morten) 30 minutes before this Geekzone thread was live.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup




jbard
1377 posts

Uber Geek


  #1725675 24-Feb-2017 13:41
Send private message

freitasm:

 

Reading through the linked thread/disclosure I see Cloudflare had turned off the features causing the issue when notified, four days ago. I also see they have already provided a post-morten here.

 

We didn't use those features so I am not worried. I think their response was effective. I wonder why the OP wrote "Not impressed by Cloudflare dragging their feet in making this exploit public." when the thread in question already had a response from Cloudflare (including a link to the post-morten) 30 minutes before this Geekzone thread was live.

 

 

 

 

It seems every site using Cloudflare is effected as if any customer on a server you shared had any of those features enabled then your data could have been exposed. 


timmmay
20574 posts

Uber Geek

Trusted
Lifetime subscriber

  #1725678 24-Feb-2017 13:45
Send private message

Bit of a nasty bug. Looks like a very responsible response from CloudFlare. The Google guy went a bit overboard with his whining. 


jarledb

Webhead
3253 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1725684 24-Feb-2017 14:13
Send private message

freitasm:

 

We didn't use those features so I am not worried.

 

 

Its an issue for anyone that has used a site that had this featured turned on.

 

Its prudent to remind people that reusing passwords is a bad idea. But any passwords you have used on sites affected by this vulnerability should also be considered compromised.

 

 

I think their response was effective. I wonder why the OP wrote "Not impressed by Cloudflare dragging their feet in making this exploit public." when the thread in question already had a response from Cloudflare (including a link to the post-morten) 30 minutes before this Geekzone thread was live.

 

 

I just think they took too much time doing it.





Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.


fizzychicken
313 posts

Ultimate Geek


  #1725740 24-Feb-2017 16:18
Send private message
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1725745 24-Feb-2017 16:29
Send private message

And there it is - geekzone.co.nz, geekzone.nz, geekzone.co.in, geekzone.co.uk - some of these domains are redirects and never really used so not sure if these are affected or simply use Cloudflare.

 

In any case, as mentioned, another reason for not reusing passwords.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


nova
250 posts

Master Geek

Trusted

  #1725748 24-Feb-2017 16:41
Send private message

freitasm:

 

We didn't use those features so I am not worried. I think their response was effective. 

 

 

Any site that used CloudFlare could have had their data leaked. Only sites that had the features enabled and malformed HTML would leak data in their responses, but the data could belong to any other site that shared the same server. Very similar to HeartBleed in that regard, except this offered it up for free, rather that requiring a specific exploit. I agree that CloudFlare looks to have been fairly responsive on this,  the only legitimate complaint I can see is that they are downplaying the issue a bit.


timmmay
20574 posts

Uber Geek

Trusted
Lifetime subscriber

  #1725755 24-Feb-2017 16:51
Send private message

That's just a list of all websites that use CloudFlare.


fizzychicken
313 posts

Ultimate Geek


  #1725792 24-Feb-2017 18:36
Send private message

timmmay:

 

That's just a list of all websites that use CloudFlare.

 

 

 

 

I should have probably added the word 'potentially'





michaelmurfy
meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1726000 25-Feb-2017 01:13
Send private message

Just got an email from Cloudflare:

 

 

Dear Cloudflare Customer:

 

Thursday afternoon, we published a blog post describing a memory leak caused by a serious bug that impacted Cloudflare's systems. If you haven't yet, I encourage you to read that post on the bug:

 

https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

 

While we resolved the bug within hours of it being reported to us, there was an ongoing risk that some of our customers' sensitive information could still be available through third party caches, such as the Google search cache.

 

Over the last week, we've worked with these caches to discover what customers may have had sensitive information exposed and ensure that the caches are purged. We waited to disclose the bug publicly until after these caches could be cleared in order to mitigate the ability of malicious individuals to exploit any exposed data.

 

In our review of these third party caches, we discovered data that had been exposed from approximately 150 of Cloudflare's customers across our Free, Pro, Business, and Enterprise plans. We have reached out to these customers directly to provide them with a copy of the data that was exposed, help them understand its impact, and help them mitigate that impact.

 

Fortunately, your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found.

 

To date, we have yet to find any instance of the bug being exploited, but we recommend if you are concerned that you invalidate and reissue any persistent secrets, such as long lived session identifiers, tokens or keys. Due to the nature of the bug, customer SSL keys were not exposed and do not need to be rotated.

 

Again, if we discover new information that impacts you, we will reach out to you directly. In the meantime, if you have any questions or concerns, please don’t hesitate to reach out.

 

Matthew Prince
Cloudflare, Inc.
Co-founder and CEO





Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1726145 25-Feb-2017 16:00
Send private message

I have terminated all current sessions, invalidating all session cookies. I posted more information here.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


jarledb

Webhead
3253 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1726177 25-Feb-2017 16:48
Send private message

Wise move. Anyone using Cloudflare for their website should do the same. I have done that to all sites I manage that use Cloudflare.





Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.


Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.