Cloudflare Reverse Proxies are Dumping Uninitialized Memory

bugs.chromium.org/p/project-zero/issues/detail?id=1139
TL,DR: Any passwords you have sent to a Cloudflare-hosted site might show up in some other random page somewhere on the internet.
Thanks centralization!

Other urls found in this thread:

blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
web.archive.org/web/20170224022728/https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
thehackernews.com/2017/02/bypass-aslr-browser-javascript.html
en.wikipedia.org/wiki/PCI_compliance),
en.wikipedia.org/w/index.php?title=PCI_Compliance&redirect=no
twitter.com/NSFWRedditVideo

Nobody Could Have Expected This™®
Even though this is a horrible fuckup, MitM-as-a-service is still useful in general™
We NEED Cloudflare, goy™

Blog post by Cloudflare:
blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
web.archive.org/web/20170224022728/https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

what would it take to make it so your computer never routed any cloudshit packets at all? is it possible?

Pretty easy if you have a router which isnt a consumer grade shitbox. Look up all their netblocks on ARIN (and the other regional registries and then null route them.

yeah

Enjoy not being able to use any sites however

the C-uck language strikes again

It's not like javascript permitted bypass ASLR protection
thehackernews.com/2017/02/bypass-aslr-browser-javascript.html

WHEN THE FUCK IS KIKEFLARE GOING TO FINALLY DIE! GODDAMN!

Its creators started the company by selling personal information to the intelligence agencies.

Cloudflare is probably backed by the government, you're not going to see it gone ever.