Comment by slipmagic
8 years ago
I would be pretty mad if a website that I was supposed to trust with my data made an untrue statement about how something was taken care of, when it was not, and then publish details of the bug while cache it still out in the wild, and now exploitable by any hacker who was living under a rock during the past few months.
Actually I proxy two of my profitable startup frontend sites with CloudFlare, so I am affected (not really), but giving them the benefit of the doubt as they run a great service and these things happen.
They are well past deserving the benefit of the doubt.
I would also advise you notify your cloud-based services' customers how they might be affected (yes really), trust erosion tends to be contagious.
Agreed. The condescending downplaying tones displayed just aren't acceptable.
We only host our static corporate sites (not apps) and furthermore never used CF email obfuscation, server-side excludes or automatic https rewrites thus not vulnerable.
5 replies →
So far as I know, nothing like this thing has ever happened at any CDN ever before.
There have definitely been incidents where CDNs mixed up content (of the same type) between customers. Not exactly like this, but close.