CloudBleed a Cloudflare flaw leaks customer data

Cloudbleed aka Cloudleak is a bug in Cloudflare which is a CDN service, a proxy service, and a DNS provider… well to be honest cloudflare is a LOT of things these days and provides a freemium set of services, you can run your site using their DNS, proxy / CDN service for free or pay $20-$200, to get some interesting set of goodies. According to their own homepage: “Cloudflare speeds up and protects millions of websites, APIs, SaaS services, and other properties connected to the Internet. Our Anycast technology enables our benefits to scale with every server we add to our growing footprint of data centers.” They provide these services for ~6 Million websites, and recently a researcher at google found a critical flaw in cloudflare’s inhouse parser that may have leaked passwords and authentication tokens. Tavis Ormandy a self-described “Vulnerability researcher at Google” currently working for Google’s Project Zero which is a security initiative found a bug on February 18th. He posted an issue on Feb 19th. he tweeted looking for anyone from cloudflare security to get in touch with him. Cloudflare people got back to him right away and they worked on solving this issue ASAP. Unfortunately, the issue may be as old as September 2016.  Cloudflare released a statement letting us know that the larger issue started on February 13th when a code update meant one in every 3,300,300 HTTP requests potentially resulted in memory leakage which doesn’t mean anything until you realize the massive amount of information being passed through the Cloudflare network. […]

Enable WebGL on Chrome or Firefox

WebGL on Chrome Enable hardware acceleration : browse to chrome://settings/advanced scroll to the bottom and look for Use hardware acceleration when available make sure Use hardware acceleration when available is checked ✓ if it tells you to then click the relaunch button Check if webGL is enabled in Chrome Copy paste the following in your browser’s address bar chrome://gpu  Look for the WebGL item in the Graphics Feature Status list The status will be one of the following: Hardware accelerated — WebGL is enabled and hardware-accelerated (running on the graphics card). Software only, hardware acceleration unavailable — WebGL is enabled, but running in software. Unavailable — WebGL is not available in hardware or software. You are looking for the status to be #1 from the above list i.e. Hardware accelerated   WebGL on FireFox Enable WebGL Copy paste the following in your browser’s address bar about:config you will be asked to accept a scary warning, I am positive this will be ok unless you start going godzilla or the hulk on unrelated settings 🙂 so.. dont do that. Search for webgl.disabled make sure that its value is set to false Check WebGL status on FireFox browser Copy paste the following in your browser’s address bar about:support Inspect the WebGL Renderer row in the Graphics table The status can be either of two things the name of a  graphics card manufacturer, model and driver i.e. Google Inc. — ANGLE (NVIDIA GeForce GTX 980 Ti Direct3D11 vs_5_0 ps_5_0) Something along the lines of BLocked due to version or Blocked due to unresolved issues. Obviously you want #1 […]