Stefan Eissing6d ago

Oh no! „Squidbleed“ found by Mythos! When using http:// urls via a squid proxy, an attacker might see the data!😱

Maybe we should all be using https: on the internet or expect our traffic to be public. Wait…we already do that since Lets Encrypt started a decade ago!

This vulnerability could have been a bug report.💁🏻‍♂️

https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/5260367

Mythos discovers 'Squidbleed,' a memory leak that's gone undetected since Clinton era

Plus more blasts from the past: NetWare, FTP, and HTTP

theregister
Show threadferricoxide
@icing Found before it got embargoed, I guess?
Jun 24 at 2:08pmWeb
Show threadStefan Eissing5d ago
@ferricoxide As I understood the article, they followed coordinated disclosure.
Show threadferricoxide5d ago
@icing

The embargo on Mythos (and Fable) was only a couple weeks ago. I assume this Mythos-originated finding happened before then and the more-recent disclosure was part of that coordinated-disclosure process.
Show threadStefan Eissing5d ago
@ferricoxide yes.