The Athenian Project: Helping Protect Elections

Published on by Alissa Starzak.

From cyberattacks on election infrastructure, to attempted hacking of voting machines, to attacks on campaign websites, the last few years have brought us unprecedented attempts to use online vulnerabilities to affect elections both in the United States and abroad. In the United States, the Department of Homeland Security reported that individuals tried to hack voter registration files or public election sites in 21 states prior to the 2016…

Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

Published on by Guest Author.

This is a guest post by Elie Bursztein who writes about security and anti-abuse research. It was first published on his blog and has been lightly edited. This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices. This research was conducted by a team of researchers from Cloudflare (Jaime…

There’s Always Cache in the Banana Stand

Published on by Anthony Davanzo.

We’re happy to announce that we now support all HTTP Cache-Control response directives. This puts powerful control in the hands of you, the people running origin servers around the world. We believe we have the strongest support for Internet standard cache-control directives of any large scale cache on the Internet. Documentation on Cache-Control is available here. Cloudflare runs a Content Distribution Network (CDN) across our globally distributed…

The Curious Case of Caching CSRF Tokens

Published on by Junade Ali.

It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, they can affect your sign-up rate on your SaaS service and lower the readership of your content. In the run-up to Thanksgiving and Black Friday, e-commerce sites turned to services like Cloudflare to help optimise their performance and withstand the traffic spikes of the shopping…

Why Some Phishing Emails Are Mysteriously Disappearing

Published on by Dani Grant.

Phishing is the absolute worst. Unfortunately, sometimes phishing campaigns use Cloudflare for the very convenient, free DNS. To be clear –– there’s a difference between a compromised server being leveraged to send phishing emails and an intentionally malicious website dedicated to this type of activity. The latter clearly violates our terms of service. In the past, our Trust and Safety team would kick these intentional phishers off the…