At CloudFlare, we love connecting with our communities, and so we are excited to announce two meetups to be hosted here at the CloudFlare headquarters in San Francisco next month.
On Thursday, May 8, Nick Sullivan from the security engineering team at CloudFlare will ...
Trust, transparency, and collaboration are values which we hold dear at CloudFlare. As a web security and performance company, we are always interested in how we can make our service and our infrastructure more secure. We also know how the power of the security researcher community can help us achieve ...
A quick followup to our last blog post on our decision to reissue and revoke all of CloudFlare's customers' SSL certificates. One question we've received is why we didn't just reissue and revoke all SSL certificates as soon as we got word about the Heartbleed vulnerability? The ...
Eleven days ago the Heartbleed vulnerability was publicly announced.
Last Friday, we issued the CloudFlare Challenge: Heartbleed and simultaneously started the process of revoking and reissuing all the SSL certificates that CloudFlare manages for our customers.
That process is now complete. We have revoked and reissued every single certificate we ...
As you may have noticed, the CloudFlare Heartbleed Challenge has been solved. The private key for the site cloudflarechallenge.com has been obtained by several authorized attackers via the Heartbleed exploit.
Any person who obtained the private key will be able to impersonate cloudflarechallenge.com, as Fedor Indutny demonstrated when ...
Earlier today we announced the Heartbleed Challenge. We set up a nginx server with a vulnerable version of OpenSSL and challenged the community to steal its private key. The world was up to the task: two people independently retrieved private keys using the Heartbleed exploit.
The first valid submission was ...
Below is what we thought as of 12:27pm UTC. To verify our belief we crowd sourced the investigation. It turns out we were wrong. While it takes effort, it is possible to extract private SSL keys. The challenge was solved by Software Engineer Fedor Indutny and Ilkka Mattila ...
As we've said before, lots of our users run WordPress on their websites and its popularity makes it a big target. So when a new vulnerability is discovered, acting quickly is prudent.
Jetpack is an extremely popular plugin to provide self-hosted blogs with all of the additional functionality that ...
Today a new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160). We fixed this vulnerability last week before it was made public. All sites that use CloudFlare for SSL have received this ...
This post is about a new feature we've been quietly rolling out over the last few months. Last week we began enabling it for everyone by default. It's called CNAME Flattening and it's a bit geeky, but very useful and important if you’re using cloud-based services ...