The Good and Bad News About Cloudbleed

The affected company was transparent. But you still should change all of your passwords.

Read Original Article
Photo: Shutterstock
Media Outlet: Slate Future Tense

Josephine Wolff  wrote for Slate about a Cloudfare bug:

More security, we’re generally inclined to believe, makes us more secure. The entire industry of computer security tools and services—from firewalls to authentication systems to password managers—is predicated on this notion that adding security to your computer systems makes them less vulnerable to attack or infiltration. But a bug disclosed last week serves as an important reminder that every new layer of security you add introduces new potential vulnerabilities, even as it may reduce or eliminate others.
This time, the culprit was Cloudflare Inc. Even if you’ve never heard of Cloudflare, odds are your online activity has passed through its servers: It handles traffic for popular services including Uber, Fitbit, 1Password, and OkCupid. Those companies, and many others, hire Cloudflare to help them ensure that their online traffic and servers are secure, reliable, and speedy. For instance, among other services, Cloudflare can help protect customers from denial-of-service attacks and configure SSL encryption for their websites.

Author:

Josephine Wolff was a Class of 2016 & 2017 Cybersecurity Initiative Fellow at New America, where she will write a book about cybersecurity incidents from the last decade, tracing their economic and legal aftermath and their impact on the current state of technical, social, and political lines of defense.