It’s always interesting to see very technical bug like Cloudbleed hit the mainstream media. Cloudflare went from something with little consumer awareness to hyperbolic destroyer of Internet-worlds overnight. It helps that Cloudbleed sounds terrifying in a biblical sense.
In all this noise, Troy Hunt put together a piece outlining some more subdued thoughts on the Cloudflare security bug. It certainly doesn’t underplay the severity, but also avoids sensationalism. It’s a great piece to put the security concerns into perspective, and actually looks at the risk it truly poses.
Troy Hunt’s Blog comments:
It has a cool name and a logo – this must be serious! Since Heartbleed, bug branding has become a bit of a thing and more than anything, it points to the way vulnerabilities like these are represented by the press. It helps with headlines and I’m sure it does wonderful things for bug (brand?) recognition, but it also has a way of drumming up excitement and sensationalism in a way that isn’t always commensurate with the actual risk.
That said, the Cloudflare bug is bad, but the question we need to be asking is “how bad”? I saw the news break yesterday morning my time and I’ve been following it closely since. As I’ve written a lot about Cloudflare in the past and been very supportive of their service, I’ve had a lot of questions from people. I want to share my take on it – both the good stuff and the bad stuff – and per the title above, I’m going to be very pragmatic about the whole thing.
Read more at: Pragmatic thoughts on #CloudBleed
- Pragmatic thoughts on #CloudBleed - March 3, 2017
- 3D Xpoint: A Guide To The Future Of Storage-Class Memory - November 28, 2016
- A Brief Linux Interlude – Partitions, Logical Volumes, and Layouts - November 15, 2016
- New Open Source Software Trireme Tackles Container Security - November 11, 2016
- Simple way to build a custom Docker-ready Raspberry Pi image - November 11, 2016
- A Quick Intro Screen on Linux - November 10, 2016
- What I’m Listening To: Podcast Edition Part 1 - November 9, 2016
- Aruba ClearPass and Managing Unknown Devices - October 20, 2016
- AWS and VMware, What is Happening Here? - October 20, 2016
- Traffic Optimization with Teridion - October 19, 2016