CloudBleed: The cloud isn’t secure any more (Stay secure, protect yourself with a VPN)

May 18, 2017 Posted in VPN Education by No Comments

Despite all the numerous benefits that cloud computing offers, the biggest issues have always been with the medium’s level of security as the cloud is susceptible to determined and skilled hackers. As the cloud cannot rely on the isolation of a physical network, it is more vulnerable to bugs like the recently discovered CloudBleed.

What is CloudBleed?

CloudBleed is a bug that was discovered by Google researchers in February 2017. The bug was found to affect Cloudflare’s reverse proxies and it caused private data such as authentication tokens and HTTP cookies among other types of sensitive data to become vulnerable. Cloudfare hosts OK Cupid and Uber among other popular websites so the data of millions of people was put at risk. Researchers compared it to the 2014 Heartbleed bug.

How did it happen?

The leak was triggered when certain webpages on the network randomly had a unique combination of unbalanced HTML tags. This confused the proxies of the Cloudfare servers and it led to them to randomly leaking or spitting out data to others on the network. This was true for even data held behind the biggest levels of security such as network with a custom-built VPN operating a HTTPS website.

Due to the data breach, the information of Cloudfare’s customers was sent to other customers who were online at the time. The problem was that this sensitive data was cached by search engines which adversely affected the privacy of millions of people across the globe. If you personally visited a website run by Cloudfare during this period, there is a good chance that your search engine may have cached information belonging to someone else.

Get a VPN asap!

For anyone using the cloud for all their activities, it is essential that you know that it will be years before the cloud is fully secure. You need to take several security steps to protect your data in the event that something like Cloudbleed occurs and compromises your data. Buying a VPN alone is never enough, but rather the first step of a comprehensive security apparatus especially if your network houses extremely sensitive data.

For businesses who can afford it, we recommend hiring a firm to build a customized VPN apparatus or doing it yourself if you possess the technical skills. Security cannot be taken for granted for even one second on the cloud.

Leave a Comment