In case you’ve yet to hear, a tiny bug in Cloudflare’s code caused huge security problems by leaking an unspecified amount of data – including confidential information such as passwords, personal information and more – all over the internet. This rare but worrying security disaster has since been labeled as “Cloudbleed.”
To put it simply, one small character hiding among the long chunk of codes that makes up the security factors of Cloudflare’s data ended up being the catalyst of compromising security data in various (major) websites.
Why did it happen?
According to a blog post on Cloudflare’s site, this major security leak was caused by – as described by Gizmodo – the company’s decision to “use a new HTML parser called cf-html. An HTML parser is an application that scans code to pull out relevant information like start tags and end tags. This makes it easier to modify that code.”
And thus, complications turned up when the coding in cf-html clashed with Cloudflare’s old parser Ragel, creating what is known as a “buffer overrun vulnerability.”
In layman terms, Cloudflare’s new software tried to store user data in the usual spot, but that place ran out of space. Thus, it tried to store the remaining data elsewhere, which was picked up by sites like Google.
How is Cloudbleed affecting domain sites?
Simply put, with leaked critical security data such as passwords and personal information, expect hackers to grab the opportunity to utilize this information to compromise the security and trust of these domain sites. In the age of the Internet, where every information is stored in Cloud servers, the seriousness of this situation cannot be understated. Here’s a site you can check if you’ve visited any sites recently that were hit by the bug.
So what does this have to do with Singapore?
With the amount of industries operating in Singapore, there’ll definitely be some companies that utilize Cloudflare’s services, and thus are not immune to the Cloudbleed phenomenon. IP addresses, passwords from password managers, messages from dating sites, and much more data have been leaked, according to The Verge. For those interested, there’s a whole long list (numbering in the thousands, mind you) of local domain sites affected by Cloudbleed, but here’re just some of the notable ones:
This situation has since been contained and fixed, but we still urge everyone to up their security checks with 2-Factor Authentication (2FA) if it exists, or just outright change your password periodically. As you should, regardless of internet security cataclysms or not.