CloudBleed with millions of sites (and SecNews)

CloudBleed είναι το ανεπίσημο για ένα ζήτημα ασφαλείας που ανακαλύφθηκε στις 17 Φεβρουαρίου του 2017 και πλήττει τα Cloudflare proxies.

For those who do not know Cloudflare is one of the largest companies offering CDN, protection against DDOS attacks, web page optimization technologies, dedicated SSL and more. Cloudflare services are used by more than 5,5 million websites according to the company. is one of them.CloudBleed

Basic service is offered for free, but webmasters, organizations and large companies can upgrade for additional features and better protection.

The gap ς CloudBleed επέτρεπε στους servers να τρέχουν “past the end of a buffer” που επέστρεφε memory που περιείχε προσωπικές πληροφορίες. Μεταξύ των πληροφοριών αυτών είναι τα HTTP cookies, authentication tokens, HTTP Post bodies, και άλλα ευαίσθητα δεδομένα.

The subject was revealed by a researcher Google Project Zero, and has already been defined by Cloudflare.

The problem for Internet users is that the cookies they use to connect to these sites or other data may have been leaked. Although the problem has been fixed, the machines s have temporary data stored, and attackers could collect it.

Όταν η Google ανακοίνωσε στην Cloudflare την ευπάθεια, ειδοποίησε και άλλες μηχανές αναζήτησης προειδοποιώντας για καθάρισμα των cached αποτελεσμάτων αναζήτησης. Έτσι οι μηχανές αναζήτησης φέρεται να “ανακάτεψαν” τα cached δεδομένα, αλλά αυτό δεν σημαίνει ότι δεν υπάρχουν ακόμα ευαίσθητες πληροφορίες ελεύθερες στο .

It would be best to change passwords to all Cloudflare sites and services. This is of course not easy and it is rather time consuming to find out if the services and sites you visit use Cloudflare.

There is currently a list of one of his users GitHub   which displays all sites that use Cloudflare services. Some of them: Patreon, 4chan, Medium, Bitpay,,,, and Greek

That's it tool DoesItUseCloudflare it will also answer any of your questions about pages that you want to see if their data has leaked.

What about SecNews? visitors do not have to worry because they do not have any accounts on the site. The authors and administrators of the page, in addition to having already changed their passwords, use 2FA for each link on the site.

Επισκέπτες και μέλη (όσοι διαθέτουν λογαριασμό) μεγάλων ιστοσελίδων αγορών που χρησιμοποιούν την υπηρεσία CloudFlare, θα πρέπει να αλλάξουν άμεσα κωδικούς πρόσβασης, και αν τους δίνεται η δυνατότητα να χρησιμοποιήσουν έλεγχο ταυτότητας factors.

To easily check which pages are using Cloudflare you can use an add-on for Firefox and Chrome. The CloudBleed designed by the developer of NoSquint Plus, and will analyze your browser's browsing history to reveal any site page that Cloudflare uses.

This will allow you to find the pages considered dangerous data leakage and change your passwords.

Download the Add-on


Chrome The Best Technology Site in Greecefgns

Subscribe to via Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).