Reed the story here: http://www.theregister.co.uk/2017/02/24/cloudbleed_buffer_overflow_bug_spaffs_personal_data/
We are safe here: http://www.doesitusecloudflare.com/?url=https%3A%2F%2Fforum.avast.com%2Findex.php
This leak was triggered when webpages had a particular combination of unbalanced HTML tags,
which confused Cloudflare’s proxy servers and caused them to spit out data belonging to other people –
even if that data was protected by HTTPS.
How to check SRI: https://sritest.io/
Where to generate hashes: https://www.srihash.org/
Website owner are advised to check whether they were affected in any way.
Like with the following procedure:
- Research the impact for their websites.
- Research suspicious logins for accounts on their site, none detected probably.
Else - - CloudFlare reverse proxy functionality should be de-installed.
- All password reset tokens are to have been reset.
- All existing (https-)sessions have to be reset.
- All passwords of accounts are to be reset.
Password reset-link to website, mail to users.
Migrationplan can be started to halt the use of CloudFlare completely.
When you went here earlier, you could have known before the ‘cloudbleed’ incident: http://www.crimeflare.com/
polonus