CloudBleed Vulnerabilities

Status
Not open for further replies.

Bones

VersoBit Extraordinaire
Administrator
Sep 27, 2016
35
The Fellowsfilm network has not been affected by the CloudBleed Vulnerability. We only utilise CloudFlare for DNS and the acceleration features are only provided on our subdomain (cdn.fellowsfilm.co.uk) which only services images, site resources, and downloads.

Below is a statement that was released to customers on our network who were using CloudFlare for their acceleration features, If you have used any website that uses CloudFlare, We recommend you follow the recommendations below.

A bug was recently discovered with Cloudflare, which VersoBit (among many other service providers/websites) use for DoS protection and other services. Due to the nature of the bug, we recommend as a precaution that you change your security credentials on your personal websites, mail services are not affected:

- Change your password
- Change your two-factor authentication (remove and re-enable it)
- Clients who use API keys are advised to generate a new set of keys

Please note that there are no concrete security incidents regarding our website reported, but we still recommend to take the appropriate security precautions.

The bug has already been fixed by the Cloudflare team, but it caused some sensitive data like passwords may have been leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between Feb 13 and Feb 18 when about 0.00003% of HTTP requests were affected. Although the rate of leakage was low, the information that might have been leaked could be very sensitive, so it's important that you take appropriate precautions to protect yourself.
 
Status
Not open for further replies.