Cloudbleed
Saturday, February 25, 2017
For months, a bug in CloudFlare resulted in malformed pages spraying uninitialized memory. This uninitialized memory contained anything that passed through CloudFlare: passwords, cookies, HTTP headers, HTTP content, even internal cloudflare TLS certificates.
NEDOCS is not affected, and NEDOCS users need not take any action. You may be affected, however, if you have used many of the popular internet sites.
Please take a look here at the originating story: https://bugs.chromium.org/p/project-zero/issues/detail?id=1139.
Take a look here at a partial list of affected sites: https://github.com/pirate/sites-using-cloudflare.
We suggest all users to change ALL passwords you may have with these websites. As a simple security measures we always advise our users to change their password periodically. We also always advise our users to use separate passwords for each app.
NEDOCS is not affected, and NEDOCS users need not take any action. You may be affected, however, if you have used many of the popular internet sites.
Please take a look here at the originating story: https://bugs.chromium.org/p/project-zero/issues/detail?id=1139.
Take a look here at a partial list of affected sites: https://github.com/pirate/sites-using-cloudflare.
We suggest all users to change ALL passwords you may have with these websites. As a simple security measures we always advise our users to change their password periodically. We also always advise our users to use separate passwords for each app.