Google: this sha-1 collision is really gonna fuck up the internet more than anything else today

Cloudflare: hold my beer

CloudBleed

OpenSSL: Oh boy Heartbleed was a serious vulnerabi...

Cloudflare: Hold my bear

Cloudbleed

DECLARING CLOUDFLARE WEEK

DISCLAIMER : THZ CLOUDBLEED

Hey guys remember when gitlab was something blah blah? Now lets talk about cloudflare for a week!

<!DOCTYPE html>
<head>
<title>hiCloudflare</title>
<link rel="stylesheet" src="main.css" />
</head>
<body>
<h1> Don't mind me, just taking my buffers for a walk</h1>
<script type=

PSA Cloudflare had a bug in there system where they were dumping random pieces of memory in the body of HTML responses, things like passwords, API tokens, personal information, chats, hotel bookings, in plain text, unencrypted. Once discovered they were able to fix it pretty quickly, but it could have been out in the wild as early as September of last year. The major issue with this is that many of those results were cached by search engines. The bug itself was discovered when people found this stuff on the google search results page.

It's not quite end of the world, but it's much worse than Heartbleed.

Now excuse me this weekend as I have to go change all of my passwords.

Surely this post has nothing to do with a certain vulnerability found recently, would it?!

Should cloudflare have taken down their servers to protect their clients? Which is worse, the leak live or the downtime?