Last Thursday the cyber security experts told us about Cloudbleed. “What is that?” you ask.

It was a spill of data that impacts millions of users worldwide. About 1 in 3 million data requests passing through a large communication services provider, Cloudflare, leaked information. The impact included almost 3,500 domains used by 150 Cloudflare customers (Thomson, 2017) (Graham-Summing, 2017). One observer suggested that Cloudflare appears to process about 25 million requests per second (Thomson, 2017). Cloudflare serves “more web traffic than Twitter, Amazon, Instagram, Bing & Wikipedia combined.” (Cloudflare, n.d.)

This was a spill not an attack. Information that was not requested was exposed in servicing internet requests. Cloudbleed was detected and reported by an ethical observer and some of the best security minds worked to clean up the spill within hours (Thomson, 2017).

In our complex digital world there are many service providers working to insure we have timely and secure access to information. Cloudbleed leaked secured information over months of operation. Activity peaked in-mid February (Graham-Summing, 2017). A simple coding mistake in one software component at Cloudflare caused the spill. Under certain technically complex conditions, applications seeking to retrieve data from the cloud got more than they asked for.

Some of the best minds in communication worked to clear up the problem but no one knows if some criminal was able to exploit the problem or whether all of the copies of the data that was leaked have been permanently destroyed.

So what can you do?

If you are a student studying for a technical degree, learn how to build and test secure applications.

For everyone, it is time to be “better safe than sorry.” Your passwords may have been handed over to a hacker. Change your authentication information and potentially the process you use to login because your password may have been in the spilled information. (Stop.Think.Connect., n.d.) Security experts think it is time for everyone to do something about authentication even had there not been a Cloudbleed.

References

Cloudflare. (n.d.). Cloudflare: About Cloudflare. (Cloudflare, Inc.) Retrieved February 28, 2017, from https://www.cloudflare.com/about-overview/

Graham-Summing, J. (2017, February 23). Cloudflare: Incident report on memory leak caused by Cloudflare parser bug. Retrieved February 28, 2017, from https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

Limer, E. (2017, February 24). WISN Channel 12 Milwaukee: How to protect yourself from the internet's new security flaw, Cloudbleed. (HEARST television) Retrieved February 28, 2017, from http://www.wisn.com/article/cloudbleed-explained/8975761

Simonite, T. (2015, October 19). MIT Technology Review: Intelligent Machines: You've Been Misled About What Makes A Good Password. Retrieved February 28, 2017, from https://www.technologyreview.com/s/542576/youve-been-misled-about-what-makes-a-good-password/

Stop.Think.Connect. (n.d.). General Tips & Advice (English): Protect Your Personal Information. Retrieved February 28, 2017, from https://stopthinkconnect.org/tips-advice/general-tips-and-advice

Thomson, I. (2017, February 24). The Register Security: Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug. Retrieved February 28, 2017, from https://www.theregister.co.uk/2017/02/24/cloudbleed_buffer_overflow_bug_spaffs_personal_data/


SITE MENU

 

Summer Research Experience

The Department of Mathematics, Statistics and Computer Science hosts a Summer Research Experience (REU) for Undergraduates. This program provides undergraduates with an intensive, faculty-mentored, summer research experience in the areas of applied mathematics, high-performance computing, statistics, ubiquitous systems and mathematics education. Learn more