Serious Cloudflare bug exposed a potpourri of secret customer data

Matt Palmer mpalmer at
Thu Mar 2 23:15:22 UTC 2017

On Sat, Feb 25, 2017 at 07:21:48AM +0000, Mike Goodwin wrote:
> Useful information on potentially compromised sites due to this:

"This list contains all domains that use Cloudflare DNS"

That's only marginally more useful than saying "any domain matching /^.*$/";
plenty of domains use Cloudflare's DNS without using the proxy service (and
it is, barely, possible to use the proxy service which had the bug without
using the DNS service).

- Matt

A byte walks into a bar and orders a pint. Bartender asks him "What's
wrong?" The byte says "Parity error." Bartender nods and says "Yeah, I
thought you looked a bit off."

More information about the NANOG mailing list