[02-28-2017] WTAG – Craig Peterson
Joined Jim Polito today to talk about a cloud bleed by a service called Cloudflare, where they recently had a massive memory leak exposing data from different sites using the service. And at this point, the best suggestion would be changing passwords from all the websites that you have logins with.
To keep you on the safer side, make sure to use password managers. Link to related article below with my recommended password manager.
The Best Password Managers to Fight CloudBleed
Incident report on memory leak caused by Cloudflare parser bug
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 02/28/2017
Cloudbleed Bug – Change your Passwords Now
Jim Polito: He’s here. Thank God! Coz listen, Y2K was nothing. But CloudBleed is. Joining me now, our Tech Talk guru friend Craig Peterson. Good morning, sir.
Craig Peterson: Hey, good morning Jim. Yeah, this is a big problem. You got it right.
Jim: Yeah. So you send me, you know, usually in advance. All the stuff. You know, what we’re gonna talk about. About what we can talk about. And it’s the same stuff, by the way, that you folks can find out about at the end of the segment. We’ll give you a number and Craig will text it to you. But all of a sudden, stop the presses, last night. We get this thing from him. Jim, cloudbleed. I’m like, oh my God. So what is cloudbleed? And Danny tells me that you have to change every single password that you’ve ever had in your life.
Craig: Yeah, that’s probably kind of a good description in Danny’s advice there. Cloudbled is a term for a new internet data leak. There’s a company out there that works with businesses. And what they do is they try and speed up websites.
Craig: And so they have a software, the company is called Cloudflare. And that software when… here’s the basic. I’m trying to make this really simple, Jim, so Danny can understand it.
Craig: So if you have a website, you hire Cloudflare, and if someone tries to go to your website, they actually go to Cloudflare who serves up the pages and everything else from your website. And it really helps speed things up. You know they have servers all over the country and around the world. And so now, it’s good sense for a lot of businesses. Particularly businesses who are kinda lower level if you will. Or the one I just pushed that off on someone else.
Jim: Ok. So like I don’t have the resources to, you know, set up my own IT stuff. But I want some of the same stuff that the big guys have. So I go to them. Is that what you’re saying?
Craig: Yeah that’s basically it. If you don’t wanna have data centers all around the world so that someone, for instance, in Florida gets real fast response. So that someone in Seattle. And so that someone in Hong Kong.
Craig: So you have servers located all around the world to make it fast. So instead of having to wait a few seconds for a page to load, because nowadays our tolerance for page load times is somewhat seconds.
Jim: I don’t it. Remember when we had dial up? We got all the patience in the world? If something doesn’t load instantaneously, I’m on the verge of a stroke.
Craig: Yeah, exactly. And that’s what Cloudflare did for a lot of businesses. Did. They’re still in business. At least for now. So there are thousands of web pages here. Hundreds, if not, thousands of websites who were using Cloudflare including some very, very major websites.
Jim: Oh boy.
Craig: Yeah. And what happened is they ended up with a data leak. And they were using some codes that was, you know, supposedly good, but ended up having some real problems. And those problems were that now, your username, you password, your personal data is available to anyone who bother doing a Google search.
Jim: Oh boy.
Craig: Ok. So it’s spilling data. It’s spilling data since last September. And this is probably the worst we’ve had. It’s called, as you mentioned here, cloudbleed. Because there’s another one that had to do with SSL, which is a type of encryption. But this is much, much worse.
Jim: Oh boy.
Craig: You know, leaked cookies which are used to keep track of you and your logins to websites.
Jim: Right. Right.
Craig: Authentication tokens. HTP post bodies. So anything you posted. So if you were using a bank that was using these guys, your banking information is out there. Your account information. Your credit card information, if you ever put it out on a website. Your address. Your phone number. Your passwords. Absolutely anything you sent to a website could potentially be exposed right now.
Jim: Lovely. We’re talking with Craig Peterson, our Tech Talk guru, about this thing called cloudbleed. So you’ll get this from Craig first. And then the rest of the media will catch on eventually and you’ll start hearing this all the time. Now, Craig, what do I do? Today, after the show, other than going and sitting in the hallway and trying to fall asleep coz it’s National Public Sleeping Day, what do I got to do before I nod off?
Craig: Well, I’d follow Danny’s advice here. The first thing you need to do is change, literally, every password for every website that you use online.
Craig: Now, let me give you a little bit more advice here.
Jim: Well, I’m leaning over to my computer to do it as we speak. The folks watching on Charter Channel 193 can see, as we speak, I’m doing this.
Craig: Now, don’t change it to password, ok? We don’t want to get another Democratic Party leak, right?
Jim: So, 1234, I shouldn’t use that PIN either, right?
Craig: No. That’s probably not a great one.
Craig: And by the way, there’s another article that we’re not gonna be able to get to today, about some other wonderful guys out there who are working for the Democrats. Who had a hundred thousand dollars given to them by an Iraqi politician. And these were breaking into computer systems including those computer systems of Democrats on National Defense Committee, Homeland Security committees. Maybe we finally found the Russians and maybe they were these guys who were apparently on the payroll of Iraq. But anyways back to the…
Jim: Oh God.
Craig: So, I would advise everyone, you need to go out there. You need to get one of two different programs. There’s lots of them in the space. So these are called password managers. My absolute favorite is called 1Password. The digit 1, Password.
Craig: Another one that you can use, there’s actually a few of them, LastPass. It’s very inexpensive and free at many levels, ok?
Craig: Before you change your passwords, get LastPass or get 1Password, my recommended one, and get those set up. Have them generate unique, random passwords for every website. Coz you gotta go through it. You gotta change them all anyways.
Craig: You don’t want sites to have the same password because if one gets compromised, they’ve got your password for another one, ok?
Craig: So go get this. Get the free LastPass. Or buy the 1Password. Have it generate the passwords so that every site you have an account on change every password you have out there. And have these password managers keep track of it. So next time, when you go to the site, it can fill it in for you automatically so you don’t have to remember anything except your new master password that you’re using with the password manager. I know it sounds complicated. You could go to my site. You can do a search for passwords. I got information there. But Jim, this really is absolute shock and terror time here for everyone. This is a huge, huge, huge compromise. It’s been going on from at least September. We have no idea how much information was actually leaked. And you don’t know the user who was using this website, this Cloudflare site. So the only thing to do, the safest thing to do is change them all and use a password manager.
Jim: Alright. Now, you have the information on the password managers in your stuff, correct?
Craig: Yeah. Absolutely.
Jim: So folks, standard data and text rates apply. But I want you to get your hands on this. I want you to text my name, Jim, to…
Jim: That’s Craig Peterson, the Tech Talk guru. He’ll get you these important information. He’ll send you some other stuff occasionally. He does not annoy you. Nor does he sell your stuff. And with Craig, it’s safe and secure. Craig, thanks so much for all of that. This was a great segment. I know very helpful for a lot of people.
Craig: Alright. Thanks Jim. Take care.
Jim: Take care. Craig Peterson everybody. Our Tech Talk guru.
Don’t miss any episode from Craig. Visit http://CraigPeterson.com/itunes Subscribe and give us a rating!
Thanks, everyone, for listening and sharing our podcasts. We’re really hitting it out of the park. This will be a great year!