Tech Translation - Cloudbleed
Start writing a post
Lifestyle

Tech Translation - Cloudbleed

What's that red rain? Your data.

3
Tech Translation - Cloudbleed
Peter Mulroe

In a staggering display of modern irony, Cloudflare, a large content delivery network (CDN) and internet security provider unknowingly leaked user data for months.

The cause was an obscure bug that emerged in September 2016 and lasted until this past February. A software "bug" refers to a coding flaw that causes unexpected results or behaviors.

This bug caused random user information to be displayed below normal content on pages and apps. Like the image below, it was a a seemingly scrambled bunch of letters and foreign symbols.

That scramble is another user's internet traffic. Mostly mundane but also potentially containing passwords, cookies and tokens in plain sight, for anyone who activated the bug to see.

Notable affected names include - Patreon, 4chan, Yelp, OkCupid, and Uber. View the whole list here.

To make matters worse those pages were saved, or cached, by search engines. Awkward.

How did this happen? What are the repercussions?

That's our Tech Translation topic. Class is in session.


The Short Explanation

While different from past issue nicknames like Heartbleed, nerds apparently lack originality and went with Cloudbleed. One article comment from The Hacker News pointed out that clouds don't bleed, but can form fallstreak holes. Cloudstreak has a better ring to it, no? #VoteForCloudstreak

I digress.

Cloudflare is an intermediary for internet companies and their users. Site and app content pass through their networks before reaching you. In September they updated their information parsing software, which scans and modifies your content to provide modern features like hiding your email from scummy ad robots.

Bugs tend to emerge under some odd combination of settings and circumstances. In this case, about 0.06% of all web pages end with a broken script or image tag. For instance, if the very last thing on a site is an image, the code could be:

<IMG HEIGHT = "50px" WIDTH = "200px" SRC="

Normally the image URL would go after SRC= and a closing "> wraps it up neatly. It's not a huge deal, most browsers can handle small syntax errors like that.

The problem was their code to inspect all that website code, otherwise known as a parser. It was written with Ragel, by the way.

Imagine you're at the grocery store, waiting to check out. The cashier is blind and can only tell when your stuff, the site you're looking at, ends by the plastic dividers.

The laden conveyor represents everyone's internet traffic. Separate groups and item combinations, but all traveling along Cloudflare's network.

Due to a misorder of commands and a whole lot of crap luck, those grocery dividers did not stay put. The cashier mixed people's groceries together and they all wound up in your pantry. Therefore, someone else's completely different website data just showed up at the bottom of your screen in a garble of text.

For my nerds: When the parser encountered an open attribute at the end of a page, it did not know to not stop. Instead it continued to read from adjacent memory, which contained data from other customers' requests. Read Cloudflare's general writeup and incident analysis for more info.

An estimated 0.00003% of page requests contained leaks. But ten million requests a minute starts to pile up.

So we're screwed?

Not quite. In fairness, Cloudflare has done a solid job responding to the incident and is being transparent. The issues were fixed the same day and they immediately contacted search engines to start purging bugged pages.

At this point they're looking for any evidence of data mining. If someone noticed early on and quietly collected that information, after several months they could have something substantial. Thankfully that doesn't seem to be the case.

This was like leaving the faucet on all day when you leave for work. Nobody was hurt or defamed, but you seriously question the kind of adult you're turning out to be. Cloudbleed is a reminder for the tech world that silly mistakes can still happen without anyone noticing.

If you frequently use services mentioned above, change your passwords. Not much else to do right now.

That's all folks. Hopefully we learned something today.

Drop a comment or reach out on social media to discuss with me.

@pjmulroe #MakeSecurityGreatAgain #Cloudbleed

Report this Content
This article has not been reviewed by Odyssey HQ and solely reflects the ideas and opinions of the creator.
Swoon

23 Pandemic-Approved Date Ideas That'll Send Sparks Flying From Six Feet Apart

There's a safe way to date right now and yes, it includes masks.

119517

While some people would rather opt out of dating altogether during the pandemic so they don't have to wear a mask on a first date, others are choosing to listen to both guidelines and their heart in order to find love during the time of coronavirus (COVID-19).

Should you be one of the individuals welcoming romance right now, there are pandemic-approved dates you can go on that still adhere to guidelines (and yes, you'll have to wear a mask).

Keep Reading... Show less

I didn't believe the notification when it came through to my phone: Ruth Bader Ginsburg had died from complications due to cancer.

Keep Reading... Show less

In our patriarchal society, men hide from their feelings, but toxic masculinity is literally killing men. They swallow the pain and move on so that they can look, feel, and act "tough."

But, strength is derived from asking for help and voicing your struggle and, trust me, working on your mental health is one hell of a struggle. The real way to "man up" is to acknowledge the downfalls in unjust societal norms. Mental health problems do not mean that a man is weak, they are neurologically-based disorders that require professional treatment.

Keep Reading... Show less
Swoon

11 Things Your Boyfriend Should Do Before He Drops $499 On A PS5

Let's start with spending less time gaming and more time with you.

4288

Scrolling through Twitter this week had me rolling on the floor laughing as I read some of the hilarious tweets from ladies who, whether in a relationship or not, shared reactions to the news that PlayStation 5 is on its way

As this "buy your boyfriend a PS5" joke takes off across the internet, let's just say, there are a few things your BF should be doing before dropping $499 on the new gaming system — or, if the tweets are real for some, before you buy it for him as a gift.

Keep Reading... Show less
Politics and Activism

Sorry, But 'I Don’t Care About Politics' Is Not A Valid Excuse For NOT Voting

The younger generation of voters is so crucial to the upcoming election because our vote is going to shape the world that we are about to enter as adults.

27169

When I ask my friends if they are voting this term most of them respond with "no" followed by an explanation of "I don't care enough," "It doesn't affect me," or "I don't keep up with politics," etc. I get it, as a college student I know that there are many other things to be concerned about like school, relationships, work, and friends. I also understand that keeping up with politics can seem like trying to keep up with an over-exaggerated reality show that has way too many seasons. Not to mention most news stations and websites are biased so it's hard to decipher if what you hear is true or fake.

However, despite all of this annoyance, as the next generation of Americans, we have to remember that we owe it to ourselves, our families, and to our futures to care.

Keep Reading... Show less
Tasia Sli

Tasia Sli and Anna Yang met in quintessential New York fashion at a chic rooftop event, inquisitive Yale grad Anna gravitating towards model/entrepreneur Tasia.

Keep Reading... Show less
Photo by Anna Hernández-Buces

"Do you have big parties on Cinco de Mayo?"

Keep Reading... Show less

Two of my favorite things in life are reading and books. Obviously, they go hand-in-hand. In my life, I've realized that there is nothing better than learning about the current world or getting fully immersed in another world. Reading can inspire, teach, and entertain you.

For me, the feeling of opening a book and smelling that fresh book smell can't compete with anything else.

Keep Reading... Show less

Expecting mother and wife to singer/songwriter John Legend may have accidentally slipped up and revealed the gender of her and Legend's third baby today on her Instagram story.

Keep Reading... Show less
Lifestyle

20 Books About Latin And Hispanic Heritage Absolutely Everyone Should Have On Their Bookshelf

Any ally of the community needs to be reading these incredible reads.

9164

I go through phases when it comes to what I like to read. I am typically reading two books at any given time: one serious nonfiction and one escapist fiction novel to have on hand and open up depending on my mood.

What remains consistent, however, amongst most of my fellow bibliophiles is a desire to try new and different authors and genres. I, as an Indian woman, have been partial to reading books written by fellow Indian and Desi writers since I first got a library card.

Keep Reading... Show less
Health and Wellness

I Asked 46 Women What They Thought About The Term 'Plus-Size', And Here's What They Had To Say

It's 2020, where change is inevitable and norms are not only questioned, but challenged.

4552

We live in a world where it's become customary to push boundaries, break rules, and question standards upheld by society. Though try as we might, some of these standards are harder to conquer than others — body image is one of the top contenders.

For years, the body positivity movement has pushed for the acceptance of all marginalized body types not represented or celebrated in the media. Recently, we've gotten better at appreciating and accepting all body types, but one thing that's still lingering is the stigma of body image in the fashion industry — more specifically, the term "plus-size."

Keep Reading... Show less
Netflix

Many popular TV shows are holding off premiers until spring, so most people are relying on their television subscriptions to get them through a socially distant fall semester.

Thankfully, Netflix was busy filming this past year because there is a ton of new original content coming in the near future. From mysteries to romances, here are some of the best new shows you have to check out this year:

Keep Reading... Show less
Entertainment

Taylor Swift Sang 'betty' At The ACMs And It Was The Perfect First Live 'folklore' Performance

I guarantee that Inez is spreading rumors about how fire this performance was.

3761
CBS

The Academy of Country Music Awards were last night and the performances were wonderful, but Taylor Swift's live version of "betty" from her newest album "folklore" really took the cake for me.

Keep Reading... Show less
Health and Wellness

9 Reasons I Unfollowed All The Fitness Influencers On My Instagram Feed

I don't need to feel bad about myself because of who I follow on social media.

2285

Throughout quarantine, something that a lot of us picked up on was working out. With all the free time, it seemed like the perfect opportunity to work on that "dream bod" you've been wanting for years, or to just feel good about yourself.

A common way to stay motivated and keep yourself on-task is to follow fitness influencers on various platforms. For some people, yes, this can be a healthy and helpful way to keep your drive. In other cases, however, this can do more harm than good.

Keep Reading... Show less
Facebook Comments