Some hours ago, a security vulnerability became public regarding services of Cloudfare. Read this article “Cloudbleed” and strengthen your IT-security!
“Cloudfare Inc. is a U.S. company that provides a content delivery network, Internet security services and distributed domain name server services, sitting between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.” see Wikipedia. A lot of Internet companies are using Cloudfare for the distribution of their content.
Please read this article at Cloudbleed: How to deal with it. The article’s beginning informs about the issue:
“Tavis Ormandy (Tavis Ormandy) of Google’s Project Zero uncovered a major vulnerability in the Cloudflare Internet infrastructure service. Essentially, web requests to Cloudflare-backed sites received answers which included random information from other Cloudflare-backed sites! This information could potentially include confidential information (private messages on dating sites, emails), user identity information (Personally Identifying Information (PII), and potentially in a healthcare context, Protected Health Information (PHI), or user, application, or device credentials (passwords, API keys, authentication tokens, etc.)”
To see which sites are affected, see https://github.com/pirate/sites-using-cloudflare
This includes services as Zendesk, Uber, stackoverflow.com, medium.com, yelp.com, localbitcoins.com and about 10,000 more sites. I didn’t see sites as Microsoft, Apple, Amazon or Google included in that list, but a lot of other popular services.
So, our recommendation is: Use Multi Factor Authentication (MFA) for your relevant and admin accounts immediately!
Thanks Christoph Wille for that tip!