Cloudbleed – Cloud Security at Risk
Cloudbleed is one of the newest reasons to be cautious of cloud services and their security. Google’s Project Zero member Tavis Ormandy, found this security flaw and coined the name “Cloudbleed” after the 2014 security bug “Heartbleed” which affected millions of websites. Cloudbleed affects users of Cloudflare, a cloud solutions service. “Cloudflare provides essential internet infrastructure and security to millions of websites. On its website, Cloudflare lists Nadaq, Bain Capital, OKCupid, ZenDesk and Cisco among others under its “Trusted by” section.” (cnet Thankfully, Cloudbleed will not affect that many sites, but does affect major companies such as: Uber, Fitbit, OKCupid, and thousands more. Although thousands of companies are affected by this bug, the interval of time in which the bug was active was only from February 13th to 18th. Information that could be at risk is: “username or a password, a photo or frames of a video as well as behind-the-scenes things like server information and security protocols. At this time, there is no indication that any of this information was accessed by hackers.” (cnet)
1.) Will Cloudbleed make you think twice on what companies you do business with?/Do you ever think about a companies IT infrastructure when doing business with them?
2.) Do you feel that Cloudbleed will cause other companies to reevaluate their cloud services solutions?