2352362.PNG

Dear Cloudflare Customer:

Thursday afternoon, we published a blog post describing a memory leak caused by a serious bug that impacted Cloudflare's systems. If you haven't yet, I encourage you to read that post on the bug:

https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

While we resolved the bug within hours of it being reported to us, there was an ongoing risk that some of our customers' sensitive information could still be available through third party caches, such as the Google search cache.

Over the last week, we've worked with these caches to discover what customers may have had sensitive information exposed and ensure that the caches are purged. We waited to disclose the bug publicly until after these caches could be cleared in order to mitigate the ability of malicious individuals to exploit any exposed data.

In our review of these third party caches, we discovered data that had been exposed from approximately 150 of Cloudflare's customers across our Free, Pro, Business, and Enterprise plans. We have reached out to these customers directly to provide them with a copy of the data that was exposed, help them understand its impact, and help them mitigate that impact.

Fortunately, your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found.

To date, we have yet to find any instance of the bug being exploited, but we recommend if you are concerned that you invalidate and reissue any persistent secrets, such as long lived session identifiers, tokens or keys. Due to the nature of the bug, customer SSL keys were not exposed and do not need to be rotated.

Again, if we discover new information that impacts you, we will reach out to you directly. In the meantime, if you have any questions or concerns, please don’t hesitate to reach out.

Matthew Prince
Cloudflare, Inc.
Co-founder and CEO

 

 

슬프게도 저는 영해가.. 안됩니다

 

 

제목 없음-1.png

 

제목 없음-241252.png

532656.PNG

(3시경 많은 부하)

 

 

25일 기해서 사이트에 대부분의 글이 안보이는 상태인데

 

이와 관련된 이야기인지 도움좀 부탁합니다 :0..

 

글은 있으나 글이 게시판에 표시되지 않습니다

 

이번달 코노하 서버비 충전금액이 조금 모자라긴한데 곧 채워넣을 예정입니다.

 

이와 관련되있는걸까요?

  • Lv8
    해당메일은
    https://xetown.com/index.php?mid=alley&category=14750&document_srl=511392
    여기에 나와있는 내용이고, 기진곰님이 풀어서 설명해놓으셨어요.

    요약하면, 클플경유하는 과정에서 비번이나 기타 정보들이 전혀 보호되지 않은 상태로 전송되는걸 구글이 발견했고, 이게 보안에 큰 위협이 될수 있다는 내용이고요.
    XE사이트 자체에 문제를 일으킬 내용은 아닌걸로..
  • Lv15

    오늘 발견된 보안 취약점으로 강제 삭제 당하신 듯 합니다... XE 1.8.31 버전으로 패치하셔야 합니다.

    이미 삭제된 글은 .... 그냥 백업본으로 복구 하는 수 밖에 없습니다.

    https://xetown.com/lakepark/512165

  • 끼야아아아악