The Good and Bad News About Cloudbleed

Josephine Wolff  wrote for Slate about a Cloudfare bug:

More security, we’re generally inclined to believe, makes us more secure. The entire industry of computer security tools and services—from firewalls to authentication systems to password managers—is predicated on this notion that adding security to your computer systems makes them less vulnerable to attack or infiltration. But a bug disclosed last week serves as an important reminder that every new layer of security you add introduces new potential vulnerabilities, even as it may reduce or eliminate others.

This time, the culprit was Cloudflare Inc. Even if you’ve never heard of Cloudflare, odds are your online activity has passed through its servers: It handles traffic for popular services including Uber, Fitbit, 1Password, and OkCupid. Those companies, and many others, hire Cloudflare to help them ensure that their online traffic and servers are secure, reliable, and speedy. For instance, among other services, Cloudflare can help protect customers from denial-of-service attacks and configure SSL encryption for their websites.