DNSSEC is Open for Beta

Published on by Dani Grant.

Since January, CloudFlare has been running a small, private beta for DNSSEC. Starting today, the DNSSEC beta is open for everyone. To request access, email dnssec-beta@cloudflare.com. A Background on DNS and DNSSEC DNS is the system that lets your browser know which web server to connect to when you request to visit a website. It’s the underlying backbone of the usable internet, and yet, is…

A Look at the New WordPress Brute Force Amplification Attack

Published on by Pasha Kravtsov.

Recently, a new brute force attack method for WordPress instances was identified by Sucuri. This latest technique allows attackers to try a large number of WordPress username and password login combinations in a single HTTP request. The vulnerability can easily be abused by a simple script to try a significant number of username and password combinations with a relatively small number of HTTP requests. The following diagram shows…

Single RX queue kernel bypass in Netmap for high packet rate networking

Published on by Gilberto Bertin.

In a previous post we discussed the performance limitations of the Linux kernel network stack. We detailed the available kernel bypass techniques allowing user space programs to receive packets with high throughput. Unfortunately, none of the discussed open source solutions supported our needs. To improve the situation we decided to contribute to the Netmap project. In this blog post we'll describe our proposed changes. CC BY-SA 2.0…

Doubling the speed of jpegtran with SIMD

Published on by Vlad Krasnov.

It is no secret that at CloudFlare we put a great effort into accelerating our customers' websites. One way to do it is to reduce the size of the images on the website. This is what our Polish product is for. It takes various images and makes them smaller using open source tools, such as jpegtran, gifsicle and pngcrush. However those tools are computationally expensive, and making them…