More details around the security issue at Cloudflare, reported last week, and this week’s outage at AWS have emerged. The WHIR has compiled links to the companies’ respective post-mortems so you can read what happened in more detail.
Cloudflare’s ‘Cloudbleed’ Bug
Last week Cloudflare disclosed a security hole in its HTML parser which instead of just parsing HTML injected extra code – sometimes injecting sensitive information. In a post-mortem this week, Cloudflare CEO Matthew Prince said that based on its analysis so far there is no evidence that the bug was maliciously exploited before it was patched. Cloudflare said the review is ongoing, but here is what it knows so far.
That massive AWS S3 outage that happened on Tuesday was an employee’s fault. Oops. According to a post-mortem by Amazon on Thursday, an AWS employee working on fixing the issue with S3 made the problem worse when they accidentally switched off more servers than intended. You can read more on our sister site Data Center Knowledge, and read the full Amazon post-mortem here.
Yahoo Data Breach
Yahoo has uncovered more information on the data breach that has killed its valuation in its deal with Verizon. This week Yahoo general counsel Ronald Bell resigned after an investigation into the security breaches found that the legal team had enough information to warrant further inquiry but didn’t sufficiently pursue it.