Internet security cataclysm Cloudbleed hits Singapore. Here’s a list of over 2k local domains affected – Coconuts Hong Kong

admin on February 27, 2017 Leave a Comment

In case youve yet to hear, a tiny bug in Cloudflares code cause huge security problems by leaking an unspecified amount of data including confidential information such as passwords, personal information, and more all over the internet. This rare but worrying security disaster has since been labeled as Cloudbleed.

To put it simply, one small character hiding among the long chunk of codes that makes up the security factors of Cloudflares data ends up being the catalyst of compromising security data in various (major) websites.

According to a blog post on Cloudflares site, this major security leak was caused by as described by Gizmodo the companys decision to use a new HTML parser called cf-html. An HTML parser is an application that scans code to pull out relevant information like start tags and end tags. This makes it easier to modify that code.

And thus, complications turned up when the coding in cf-html clashed with Cloudflares old parser Ragel creating what is known as a buffer overrun vulnerability.

In layman terms, Cloudflares new software tried to store user data in their usual spot, but that place has ran out of space. Thus, it tried to store the remaining data elsewhere, which was picked up by sites like Google.

Simply put, with leaked critical security data such as passwords and personal information, expect hackers to grab the opportunity to utilize these information to compromise the security and trust of these domain sites. In the age of Internet where every information in this day and age is stored in Cloud servers, the seriousness of this situation cannot be understated. Heresa site where you can check if youve visited any sites recently that werehit by the bug.

With the amount of industries operating in Singapore, therell definitely be some companies that utilizes Cloudflares services, and are thus not immune to the Cloudbleed phenomenon. IP addresses, passwords from password managers, messages from dating sites, and much more data have been leaked, according to The Verge.For those interested, theres a whole long list (numbering in the thousands, mind you) of local domain sites affected by Cloudbleed, but herere just some of the notable ones:

http://birdpark.com.sg/

http://www.avgantivirus.com.sg/

Home

https://www.foodpanda.sg/

https://www.tech.gov.sg/

This situation has since been contained and fixed, but we still urge everyone to up their security checks with 2-Factor Authentication (2FA) if it exists, or just outright change your password periodically. As you should, regardless of internet security cataclysms or not.

Covering what's happening in Singapore since 2013. Send tips.

More:
Internet security cataclysm Cloudbleed hits Singapore. Here's a list of over 2k local domains affected - Coconuts Hong Kong

Related Posts
Posted in Cloud Servers

Comments are closed.