Security Alert: Cloudflare Parser Bug

 

On February 18th, 2017 Google's Tavis Ormandy contacted CloudFlare to report a bug on CloudFlare's edge servers.
CloudFlare indicated that only a small number of websites were affected (~150) and these customers have already been contacted.

However, considering that the bug has existed since September 22nd, 2016 and was brought to CloudFlare's attention on February 18th, 2017, if you're a CloudFlare customer you may want to exercise some caution (we did, 'just in case').

The Good News

If your website is already hosted with us (ProfessionalWebsites.biz) then you have nothing to worry about, according to CloudFlare our servers were not affected.

But Just In Case

Because we're kind of freaky when it comes to security, we took the same security precautions recommended for sites that were affected.

What To Do If You Think Your Website was affected?

Start by changing your passwords. Then read the 'what should I do?' section of the following link, depending on your configuration more work may be required.

https://github.com/ pirate/sites-using-CloudFlare #what-should-i-do

Is There Anything Else You Should Do?

Yes. Now is as good a time as any to review your security procedures and make any necessary changes. Maybe stronger passwords are in order, maybe you need to look at something more advanced like two-factor authentication. (Mobile phone two-factor authentication is one of the more common forms.)

When it comes to security there is never a final definitive answer that fits everyone in all situations. Someone managing a busy e-commerce website might put a wee bit more effort into their investigation than a single page website that does not allow logins and collects no customer information.

Still that single page website would look "a little less than professional" if someone stole your login password and defaced your website. If you're in business and you have a public website your reputation could be harmed by something as simple as a rude image where your logo should be.

Further Reading

A Word About Passwords
How Secure Is Your Small Business Network?
How To Flush Your Business Down The Tubes In A Few Minutes

References

https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
https://github.com/pirate/sites-using-cloudflare
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139