Hacker News new | ask | show | jobs
by ScottBurson 3388 days ago
As I understand it -- somebody please correct me if I have this wrong -- the thing about Cloudbleed is that there isn't necessarily any relationship between the site whose page is cached and the site whose credentials appear in that cached page. So the only way to know that a particular site didn't have credentials leaked is to search all the caches of all the search engines on the Internet.

So, as perlgeek says, we'll probably never know specifically what the impact was.
2 comments
JshWright 3388 days ago
Plus all the non-search engine caches, plus the computers of the zero or more people that made requests knowing these sorts of leaks were happening but didn't say anything.

The stuff that got cached was just the persistent vulnerability, there's no way to know how many people noticed the issue taking place in the direct requests they were making.

link
trevyn 3388 days ago
Or if they're not a Cloudflare customer.
link
Eduard 3388 days ago
Or if they have never been visited by some webproxy Cloudflare customer.
link