The Cloudflare Incident And Its Impact On Wireshark.org
Cloudflare recently announced a security incident that potentially impacts anyone who visited various wireshark.org and winpcap.org sites for the past six months.
What happened? đź”—Cloudflare is a popular service that provides content delivery, DDoS protection and DNS services for web sites.
A software bug Cloudflare’s servers leaked potentially sensitive information. Some of that information ended up in caches all over the Internet. At Google, Microsoft, your ISP, your company’s or university’s proxy servers, and elsewhere. Due to the randomness and distributed nature of the bug, it’s difficult to know what the full impact is. Cloudflare provides the following estimate:
“The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).”
The bug was introduced on September 22, 2016 and fixed on February 18th, 2017.
The Google Project Zero bug describing the issue in detail can be found at https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
Cloudflare’s incident report can be found at https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
The initial Hacker News discussion can be found at https://news.ycombinator.com/item?id=13718752
Was Wireshark affected?
Getting Ready for SharkFest ’16
Categories:
Announcement
The week leading up to SharkFest is always a busy and hectic time around here, but it’s also exciting. I can’t wait to see everyone, and the talks and labs this year promise to continue our tradition of imparting protocol analysis knowledge and insight.
If you’re sill unsure about attending, perhaps this list of reasons for attending that Laura Chappell recently posted will sway you:
1. Gerald Combs and the Wireshark Developers
Gerald Combs, the creator of Wireshark (formerly Ethereal), and many of the core developers will be there actually working on the code in the Developer’s Den. They will be presenting many of the sessions, joining in on the social events (they are a fun group!) and sharing tips and techniques to improve your analysis process.
2. Wireshark Experts as Presenters and Varied Content Levels
There is no dispute that the presenters at SharkFest are the world-authorities on troubleshooting, security analysis, and network optimization. These are the folks who live in the world at packet-level and can spot a rogue packet at 50 paces! Through a variety of introductory through advanced lectures and hands-on labs, these presenters will show you some hot Wireshark techniques to speed up your time to resolution.
Let me tell you about Wireshark 2.0
Categories:
Uncategorized
We’re getting ready to release Wireshark 2.0, which includes a major user interface update. As a comparison, here’s a picture of Wireshark 1.12.8, which is the current stable release:
Here’s a picture of Wireshark 2.0.0rc2, which is the current development release:
See? Totally different.
Actually, quite a few things have changed. The user interface has been completely rewritten using a different interface library (Qt). It has been streamlined so that you can work faster and it should have a better look and feel on every platform. The screenshots above are similar because we’ve also tried to ensure that the new UI is familiar to current users. The features you’re used to are still there and in the same place (or at least nearby). They should work much more smoothly, however.
I can’t hope to cover all of the changes in Wireshark 2.0 in one blog post, but here are a few highlights:
Capture options. Capture options have been simplified and consolidated. In 1.12 they are spread out in many places across several windows. In 2.0 they are in two places: the Capture Options dialog (Capture→Options or the “gear” icon in the toolbar) and the Manage Interfaces dialog, which you can open by pressing “Manage Interfaces” in the Capture Options dialog.