Cloudflare Security Bug

2017-11-02T15:52:51+00:00 February 27, 2017|

Eagle Eye Networks does not use Cloudflare – a website performance enhancement service.

There was a relatively severe security issue detected by Tavis Ormandy at Project Zero in the Cloudflare service. He found that certain private information could be extracted under some rare circumstances. It’s a severe security issue, but it’s been fixed.

It’s particularly interesting because once the vulnerability was known, Cloudflare was able to completely fix it in 7 hours and 47 minutes. That’s a great response time and is indicative of what you get with a professional cloud service.

In order to deliver that kind of service, companies need a full in-house engineering team, a top-notch operations team, and a full in-house security team. You are not going to get this level of response when outsourcing or using a service that is not fully staffed and professional. Too many operators in the physical security business operate using an outsourced model or lightly staffed security.

Eagle Eye has a full level of professional all in-house staff, and we work hard on our cybersecurity.

https://arstechnica.com/security/2017/02/serious-cloudflare-bug-exposed-a-potpourri-of-secret-customer-data/
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/