CLOUDBLEED: CLOUDFLARE HACKED, YOUR PASSWORD IN DANGER OF SECURITY BRIDGE!
Greetings everyone, how safe is YOUR PASSWORD.
Sometime ago, Web-infrastructure provider CLOUDFLARE disclosed the discovery and subsequent mitigation of a bug — now known as “CLOUDBLEED” — in its system. This was a big-deal bug, and it’s been patched (though, in some cases, the more paranoid might want to change their passwords), and you’re welcome to take my word for it and stop reading now. But if you’d like to know what happened, why, and what you should do, read on.
Before understanding the bug, it’s important to understand what Cloudflare is. Cloudflare provides a number of services to millions of websites, mostly focused on maintaining those sites’ stability and security. They’ll mirror sites and set up redundancies if the site suddenly becomes swarmed with traffic, or handle a site’s implementation of SSL, the system that provides secure web traffic. They’re used by many large tech companies — some of which you almost certainly use yourself — but generally speaking, Cloudflare works unseen in the background; and if you’re just a casual web browser, there’s no reason you should have heard of it.
Still, it’s an extremely important company for the infrastructure of the internet. Long story short, a portion of the traffic between you and the websites you use flows through Cloudflare. And, in fact, many different websites use the same Cloudflare hardware at the same time.
So: Cloudbleed, now what? The big problem with the bug was that Cloudflare would return sensitive data stored on uninitialized memory when an HTTP request was made under very specific circumstances and technological configurations. The Google team that found the bug was finding “private messages from major dating sites, full messages from a well-known chat service, online password-manager data, frames from adult-video sites, [and] hotel bookings.”
WHAT TO DO NOW?
Regularly update or change your password for security reasons (suggestively, minimum of 16 strong characters).
Make sure you mix alphanumeric and symbols together for a stronger password configuration, with $, &, #, @,_, /, etc. As your password make up characters.
Activation of 2FA when possible, this will go a long way safeguarding your investment and online assets. Have a hard copy backup of your security API keys.
Good article, but with bruteforce attacks it's about the length of the password and symbols doesn't matter much. So If I were you I would change the what to do, to: Make sure you use atleast 12 characters and symbols
Great contribution Sir, right up with your suggestion
Congratulations @bitdude! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP