Protect yourself from Cloudbleed
A security bug that went unnoticed for months has now been patched, but who has been affected and how can you protect yourself from potential exploitation?
Despite the fact that ‘Cloudbleed’ sounds like the name of an emo band from the mid 2000s, it’s actually a serious security bug that affected content distribution network (CDN) Cloudflare. In September 2016, the company, which also provides internet security and distributed domain name server services to many websites, fell victim to a bug in the HTML parsing software it uses to read data from client websites, leaking sensitive information, including passwords and cookies, over one million times. A member of Google’s Project Zero — a team of security analysts hired to uncover zero-day software vulnerabilities — discovered the bug in February 2017 and alerted Cloudflare of the issue. Now, while there have not yet been any reports of that leaked data having being exploited — and the vulnerability itself has thankfully been patched — what can you do to protect yourself and your data from this and similar bugs?