This is a false flag, as a very small proportion of sites and users would have been impacted by the ClouBleed bug. This app will just scare people or warn people for no apparent reason in most cases.
@aircooledcafe I completely agree. The Cloudbleed bug is very serious without a doubt but CloudFlare have clarified it is on such a minute scale. CloudFlare's Content Delivery Network and DDoS Mitigation services improve our Internet experience daily and they handled this incident very well. Unsure why people are conspiring that all sites are affected. 😒
@djstoresssss@aircooledcafe Isn't some of the data may still be available via search engine cached versions? Google may have cleared that up, but there are plenty of alternative ones like Yandex.ru. Please correct me if I'm wrong.
I'm thinking in terms of insurance-like premiums. The CF system had 1 incident, by definition (incidents/year) they're less reliable, than others, that did not have anything of that sort happening recently.
CB incident is not adding more credibility to CF, that's for sure. Some of the US banks have been hit hard by 2008, and I, as a new customer, would probably prefer the ones that did not get involved too much in junk bonds bonanza.
To the existing customers, the extension suggests: change your password, use 2-step verification (which is almost always a good idea), to the newcomers – these guys are using the software, that is probably less reliable now because of CB. Scary? I don't know. Rational
But I see what you mean now, thanks for sharing.
Today we've built Cloudbleed Indicator, detector if you wish, a Google Chrome Extension (Firefox is coming soon) inspired by https://www.producthunt.com/post...
Test any page and see if it is using CloudFlare or not. Inspired by Feb 2017 Cloudbleed security incident.
Cloudbleed Indicator does not fix the issue, it recognises it using Google Public DNS (DNS-over-HTTPS).
If the cloud icon is bleeding, you might consider:
- changing your password,
- using 2-step verification (if available),
- leaving the site altogether.
Cloudbleed (also known as CloudLeak and CloudFlare Bug) is a security bug discovered on February 17, 2017 affecting Cloudflare's reverse proxies, which caused their edge servers to run past the end of a buffer and return memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. Some of this data was cached by search engines.
@stas_kulesh I appreciate where this is coming from, but really this should be renamed. It's a Cloudflare indicator. It also suggests that all Cloudflare based sites have been hit.
@goos3d_ie perhaps you're right, let's see how they're going to handle this at the end of the day. Sometimes it's better to be safe than sorry.
P.S.: I'm no security expert, just needed an extension that does precisely this job for me.
UIQuill
UIQuill
UIQuill