Month: February 2017

This is quite serious. A lot of small (and not so small) websites uses Cloudflare for CDN and DDoS protection. The issue reported by Google’s Project Zero team indicates that a bug in Cloudflare’s processing causes potentially sensitive information to be leaked. This is already bad, but it is made worse due to caching servers keeping a copy of those information. Someone is compiling a list of notable websites affected. You are advised to change your passwords on those affected websites.

Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare. It turned out that in some unusual circumstances, which I’ll detail below, our edge

Source: Incident report on memory leak caused by Cloudflare parser bug

Often your phone is the weakest link to all of your online and sometimes offline identity. Someone wrote a detailed and lengthy advisory on how to protect yourself against such attacks.

The security loophole these hackers are milking can be used against anyone who uses their phone number for security for services as common as Google, iCloud, a plethora of banks, PayPal, Dropbox, Evernote, Facebook, Twitter, and many others. The hackers have infiltrated bank accounts and tried to initiate wire transfers; used credit cards to rack up charges; gotten into Dropbox accounts containing copies of passports, credit cards and tax returns; and extorted victims using incriminating information found in their email accounts.

But the hackings should scare anyone with a mobile phone, an email account or an online bank account.

Source: Hackers Have Stolen Millions Of Dollars In Bitcoin — Using Only Phone Numbers