Recommended for you

Start writing a post

Lifestyle

Tech Translation - Cloudbleed

What's that red rain? Your data.

Peter Mulroe

Mar 08, 2017

Caldwell, New Jersey

Peter Mulroe

In a staggering display of modern irony, Cloudflare, a large content delivery network (CDN) and internet security provider unknowingly leaked user data for months.

The cause was an obscure bug that emerged in September 2016 and lasted until this past February. A software "bug" refers to a coding flaw that causes unexpected results or behaviors.

This bug caused random user information to be displayed below normal content on pages and apps. Like the image below, it was a a seemingly scrambled bunch of letters and foreign symbols.

That scramble is another user's internet traffic. Mostly mundane but also potentially containing passwords, cookies and tokens in plain sight, for anyone who activated the bug to see.

Notable affected names include - Patreon, 4chan, Yelp, OkCupid, and Uber. View the whole list here.

To make matters worse those pages were saved, or cached, by search engines. Awkward.

How did this happen? What are the repercussions?

That's our Tech Translation topic. Class is in session.

The Short Explanation

While different from past issue nicknames like Heartbleed, nerds apparently lack originality and went with Cloudbleed. One article comment from The Hacker News pointed out that clouds don't bleed, but can form fallstreak holes. Cloudstreak has a better ring to it, no? #VoteForCloudstreak

I digress.

Cloudflare is an intermediary for internet companies and their users. Site and app content pass through their networks before reaching you. In September they updated their information parsing software, which scans and modifies your content to provide modern features like hiding your email from scummy ad robots.

Bugs tend to emerge under some odd combination of settings and circumstances. In this case, about 0.06% of all web pages end with a broken script or image tag. For instance, if the very last thing on a site is an image, the code could be:

<IMG HEIGHT = "50px" WIDTH = "200px" SRC="

Normally the image URL would go after SRC= and a closing "> wraps it up neatly. It's not a huge deal, most browsers can handle small syntax errors like that.

The problem was their code to inspect all that website code, otherwise known as a parser. It was written with Ragel, by the way.

Imagine you're at the grocery store, waiting to check out. The cashier is blind and can only tell when your stuff, the site you're looking at, ends by the plastic dividers.

The laden conveyor represents everyone's internet traffic. Separate groups and item combinations, but all traveling along Cloudflare's network.

Due to a misorder of commands and a whole lot of crap luck, those grocery dividers did not stay put. The cashier mixed people's groceries together and they all wound up in your pantry. Therefore, someone else's completely different website data just showed up at the bottom of your screen in a garble of text.

For my nerds: When the parser encountered an open attribute at the end of a page, it did not know to not stop. Instead it continued to read from adjacent memory, which contained data from other customers' requests. Read Cloudflare's general writeup and incident analysis for more info.

An estimated 0.00003% of page requests contained leaks. But ten million requests a minute starts to pile up.

So we're screwed?

Not quite. In fairness, Cloudflare has done a solid job responding to the incident and is being transparent. The issues were fixed the same day and they immediately contacted search engines to start purging bugged pages.

At this point they're looking for any evidence of data mining. If someone noticed early on and quietly collected that information, after several months they could have something substantial. Thankfully that doesn't seem to be the case.

This was like leaving the faucet on all day when you leave for work. Nobody was hurt or defamed, but you seriously question the kind of adult you're turning out to be. Cloudbleed is a reminder for the tech world that silly mistakes can still happen without anyone noticing.

If you frequently use services mentioned above, change your passwords. Not much else to do right now.

That's all folks. Hopefully we learned something today.

Drop a comment or reach out on social media to discuss with me.

@pjmulroe #MakeSecurityGreatAgain #Cloudbleed

Report this Content

This article has not been reviewed by Odyssey HQ and solely reflects the ideas and opinions of the creator.

Adulting

18 Things I Want To Do Now That I'm 18

I'm technically an adult, so I'm legally required to live a little, right?

Emory University

1475

Flickr

For the entirety of my high school career, I was always seen as the goody-two-shoes. I never got in trouble with a teacher, I kept stellar grades, and when I wasn't doing extracurricular activities, I was at home studying. Even when I did go out, it was usually with a bunch of fellow band geeks. The night would end before 11:00 PM and the only controversial activity would be a fight based on who unfairly won a round of Apples-to-Apples when someone else clearly had a better card (I promise I'm not still holding a grudge).

Now that I'm officially an adult, I want to pursue some new things. I want to experience life in a way that I never allowed myself to do prior to entering college. These are the years that I'm supposed to embark on a journey of self-discovery, so what better way to do that than to create a bucket list?

Keep Reading...Show less

Featured

10 Life Lessons from Christmas Classics

The holiday classics that shaped my life

The University of Alabama

894

Flickr

The holiday season is full of stress, debt, and forced conversation. While we rush through the month of December, it's important to take a step back and enjoy the moments before they're gone. Most families love to watch Christmas movies, but these beloved films provide more than entertainment. Here are 10 life lessons that I've learned from the holiday classics we watch every year.

Keep Reading...Show less

Featured

15 Mind-Bending Riddles

Hopefully they will make you laugh.

Ursinus College

200073

Ilistrated image of the planet and images of questions

StableDiffusion

I've been super busy lately with school work, studying, etc. Besides the fact that I do nothing but AP chemistry and AP economics, I constantly think of stupid questions that are almost impossible to answer. So, maybe you could answer them for me, and if not then we can both wonder what the answers to these 15 questions could be.

Keep Reading...Show less

philosophical

Recommended for you

Tech Translation - Cloudbleed

What's that red rain? Your data.

The Short Explanation

So we're screwed?

Subscribe to our Newsletter

I'm technically an adult, so I'm legally required to live a little, right?

1. Watch an R-rated Scary Movie in a Movie Theater

2. Buy a Lottery Ticket

3. Vote in an Election

4. Participate in a Run (or a Walk, Realistically) for Charity

5. Go on a Road Trip

6. Start a Savings Account

7. Get a Credit Card

8. Sign up for Spotify Premium

9. Go to a Club

10. Start a Meditation Routine

11. Go to a Yoga Class

12. Treat Myself to a Dinner for One

13. Volunteer for a Charity

14. Participate in a Research Study

15. Bake Something (That Ends Up Being Edible)

16. Go Skydiving

17. Be Called for Jury Duty

18. Figure Out What I Want to Do With my Life

The holiday classics that shaped my life

1."But what would happen if we all tried to be like Santa and learned to give as only he can give: of ourselves, our talents, our love and our hearts? Maybe we could all learn Santa's beautiful lesson and maybe there would finally be peace on Earth and good will toward men."

"Sometimes the most real things in the world are the things we can't see."

"If you won't use your heart, who cares if it gets broken? If you just keep it to yourself, maybe it'll be like my rollerblades. When you do decide to try it, it won't be any good. You should take a chance. Got nothing to lose."

"Remember, no man is a failure who has friends."

"Life is made up of meetings and partings. That is the way of it."

"If you look for it, I've got a sneaky feeling you'll find a that love actually is all around."

"Sometimes things look good on paper, but lose their luster when you see how it affects real folks. I guess a healthy bottom line doesn't mean much if to get it, you have to hurt the ones you depend on."

"'Maybe Christmas,' he thought, 'doesn't come from a store. Maybe Christmas, perhaps, means a little bit more.'"

"Faith is believing when common sense tells you not to."

"There's room for everyone on the nice list."

Hopefully they will make you laugh.

1. Why are towels considered dirty when you get out of the shower clean?

2. Who closes the bus door once the bus driver gets off?

3. Why is there a "d" in "fridge" but not in "refrigerator"?

4. If you drop soap on the floor is the floor clean or the soap dirty?

5. Is the "S" or the "C" silent in the word "scent"?

6. Does expecting the unexpected make the unexpected the expected?

7. Would Lightning McQueen buy car insurance or life insurance?

8. Who put the alphabet in alphabetical order?

9. What color are mirrors?

10. If 2 mind readers read each other's minds whose mind are they really reading?

11. Is there a synonym for "synonym"?

12. If your shirt isn't tucked into your pants, are your pants tucked into your shirt?

13. Why is it called "quick sand" if you sink slowly in it?

14. If I try to fail, but succeed, which one did I do?

15. If Cinderella's shoe fit perfectly, why did it fall off?

As if May wasn't enough, a truly spectacular Northern Lights show lit up the sky on Oct. 10, 2024

Northern Lights in Pittsburgh, Pennsylvania

Northern Lights in Outer Banks, North Carolina

Northern Lights in Massachusetts

Northern Lights in New Jersey

Northern Lights in California

Northern Lights in Bronx, New York

Northern Lights in St. Louis, Missouri

Northern Lights in New York City

Northern Lights in Maine

Northern Lights in New Hampshire

Northern Lights in Kentucky

Northern Lights in Myrtle Beach, South Carolina

The world needs you.

Trending Topics

Top Creators

Trending Stories

Best of Lifestyle

Subscribe to Our Newsletter

Facebook Comments

Subscribe to our
Newsletter