blog.atwork.at

news and know-how about microsoft, technology, cloud and more.

Cloudbleed-Use Multi Factor Authentication asap

Some hours ago, a security vulnerability became public regarding services of Cloudfare. Read this article "Cloudbleed" and strengthen your IT-security!

"Cloudfare Inc. is a U.S. company that provides a content delivery network, Internet security services and distributed domain name server services, sitting between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites." see Wikipedia. A lot of Internet companies are using Cloudfare for the distribution of their content.

Please read this article at Cloudbleed: How to deal with it. The article's beginning informs about the issue:

"Tavis Ormandy (Tavis Ormandy) of Google's Project Zero uncovered a major vulnerability in the Cloudflare Internet infrastructure service. Essentially, web requests to Cloudflare-backed sites received answers which included random information from other Cloudflare-backed sites! This information could potentially include confidential information (private messages on dating sites, emails), user identity information (Personally Identifying Information (PII), and potentially in a healthcare context, Protected Health Information (PHI), or user, application, or device credentials (passwords, API keys, authentication tokens, etc.)"

image

To see which sites are affected, see https://github.com/pirate/sites-using-cloudflare

This includes services as Zendesk, Uber, stackoverflow.com, medium.com, yelp.com, localbitcoins.com and about 10,000 more sites. I didn't see sites as Microsoft, Apple, Amazon or Google included in that list, but a lot of other popular services.

So, our recommendation is: Use Multi Factor Authentication (MFA) for your relevant and admin accounts immediately!

Thanks Christoph Wille for that tip!

Comments (1) -

  • Toni Pohl

    2/25/2017 2:27:31 PM |

    See also
    "We explain what is it, how it affects you and what can you do. "
    https://flipboard.com/@flipboard/flip.it%2FYQV-5t-cloudbleed-bug-everything-you-need-to-k/f-e52a849b6e%2Fcnet.com

Loading