Hello, welcome to the Monday, February 27th, 2017 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich,

and I'm recording from Jacksonville, Florida. Google and Cloudflare announced an interesting vulnerability

in Cloudflare's infrastructure. Now, if you're not familiar with Cloudflare,

Cloudflare offers proxy services for large numbers of websites, anything from small hobby

websites for which Cloudflare offers free services to real massive websites that use Cloudflare for load balancing.

The problem discovered by Google was that Cloudflare occasionally includes random memory content

in pages that it serves back to users. The memory content is not at all related to the page that's being served.

So it could be from a different domain, a different user, and similar to a heart bleed.

It could include passwords, session cookies, and secret SSL keys.

So the nature of the vulnerability does appear to be somewhat similar

to Heart Pleat, but it's limited to Cloudflare. It's not affecting any websites that are not

hosted behind Cloudflare's proxies. Now, the vulnerability is not at all related to SSL. There are three specific features that Cloudflare's proxies. Now, the vulnerability is not at all related to SSL. There are three

specific features that Cloudflare points out that caused the leak in conjunction with

unbalanced HTML tags. Email off-usecation server site excludes and automatic HEPES rewrites did cause the problem.

For these features, Cloudflare does actually parse the HTML on this site, and then of course

that's where the leak happened if some HTML tag wasn't closed correctly.

So what does it really mean to you?

Well, if you are hosting a website that's behind Cloudflare's proxies, then there is a chance

that your user's data was leaked as part of this event.

You should probably notify your users, check with Cloudflare,

if they have any more guidance there.

There's also a chance that webpages with leaked data got cached by Google,

...