Friday Buzz: Cloudflare’s Massive Bug

The widely used content delivery platform is working with Google employees to plug a leak that may have affected sensitive information involving numerous users. Also: A phone call that fills any association employee with dread.

If you’ve used a website over the last six months—good chance of that, probably—you may want to change your passwords today.

That’s because of a major new bug involving a fundamental service used by millions of websites. Late last night, the widely used content security platform Cloudflare revealed that it had been subject to a memory leak issue related to its parser. The leak affected both secure and nonsecure sites—meaning that sites that asked for your passwords or credit card information might have been exposed.

“The bug was serious because the leaked memory could contain private information and because it had been cached by search engines,” the company stated on its website. “We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence.”

The number of requests directly affected by this issue was very small—about 1 in every 3.3 million HTTP requests at its peak, according to the company—but due to Cloudflare’s use on millions of popular sites, the scale means that a lot of people were affected anyway.

Tavis Ormandy, a Google engineer who uncovered the bug, wrote on a forum thread that it was one of the most alarming security issues he had ever run into.

“I’m finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings,” Ormandy wrote. “We’re talking full HTTPS requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.”

Both Google and Cloudflare are working around the clock to clean up the issue.

A Feeling of Horror

Abner Gonsalves, CAE, the partner relationship manager at Health eCareers, has a fun little post about the feeling of dread that comes with a certain part of the association management experience—when members call you up.

“[F]or whatever reason, people still love to pick up the phone and call nonprofits. In real time,” he writes. “What is this, 1988? And the dreaded ‘A Member Called Today’ message can totally derail an entire nonprofit organization.”

If you feel that sense of dread, Gonsalves’ GIF-heavy post will help you at least find the humor in it.

What’s coming up in the association world next week? Deirdre Reid’s always -handy Association Brain Food guide of upcoming webinars should keep you busy.

Burnout is a serious issue for nonprofit leaders. At the Wild Apricot blog, read up on a few ideas to keep the burnout problem at bay.

Quote of the day: “The most useful mindset is to approach each offering like it is the first time you are launching it,” says Amanda Kaiser of Smooth the Path.

(Cloudflare logo)

Ernie Smith

By Ernie Smith

Ernie Smith is a former senior editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!