Serious Cloudflare bug exposed a potpourri of secret customer data
mpalmer at hezmatt.org
Thu Mar 2 23:15:22 UTC 2017
On Sat, Feb 25, 2017 at 07:21:48AM +0000, Mike Goodwin wrote:
> Useful information on potentially compromised sites due to this:
"This list contains all domains that use Cloudflare DNS"
That's only marginally more useful than saying "any domain matching /^.*$/";
plenty of domains use Cloudflare's DNS without using the proxy service (and
it is, barely, possible to use the proxy service which had the bug without
using the DNS service).
A byte walks into a bar and orders a pint. Bartender asks him "What's
wrong?" The byte says "Parity error." Bartender nods and says "Yeah, I
thought you looked a bit off."
More information about the NANOG