Reed the story here:
http://www.theregister.co.uk/2017/02/24/cloudbleed_buffer_overflow_bug_spaffs_personal_data/We are safe here:
http://www.doesitusecloudflare.com/?url=https%3A%2F%2Fforum.avast.com%2Findex.phpThis leak was triggered when webpages had a particular combination of unbalanced HTML tags,
which confused Cloudflare's proxy servers and caused them to spit out data belonging to other people –
even if that data was protected by HTTPS.
How to check SRI:
https://sritest.io/Where to generate hashes:
https://www.srihash.org/Website owner are advised to check whether they were affected in any way.
Like with the following procedure:
1. Research the impact for their websites.
2. Research suspicious logins for accounts on their site, none detected probably.
Else -
3. CloudFlare reverse proxy functionality should be de-installed.
4. All password reset tokens are to have been reset.
5. All existing (https-)sessions have to be reset.
6. All passwords of accounts are to be reset.
Password reset-link to website, mail to users.
Migrationplan can be started to halt the use of CloudFlare completely.
When you went here earlier, you could have known before the 'cloudbleed' incident:
http://www.crimeflare.com/polonus
