A Different Kind of POP: The Joomla Unserialize Vulnerability

Published on by Pasha Kravtsov.

At CloudFlare, we spend a lot of time talking about the PoPs (Points of Presence) we have around the globe, however, on December 14th, another kind of POP came to the world: a vulnerability being exploited in the wild against Joomla’s Content Management System. This is known as a zero day attack, where it has been zero days since a patch has been released for that bug.…

Partial kernel bypass merged into netmap master

Published on by Gilberto Bertin.

In a previous post we described our work on a new netmap mode called single-rx-queue. After submitting the pull request, the netmap maintainers told us that the patch was interesting, but they would prefer something more configurable instead of a tailored custom mode. After an exchange of ideas and some more work, our patch just got merged to mainline netmap. Meet the new netmap Before our patch netmap…

HTTP/2 Demo: Under the Hood

Published on by Marc Bodmer.

At first glance, the potential performance improvements of HTTP/1.1 versus HTTP/2 on our demo page may seem a bit hard to believe. So, we put together a technical explanation of how this demo actually works. We’d also like to credit the Gophertiles demo, which served as a basis for our own HTTP/2 demo. Overview A web page can only be served over either…

HTTP/2 For Web Developers

Published on by Ryan Hodson.

HTTP/2 changes the way web developers optimize their websites. In HTTP/1.1, it’s become common practice to eek out an extra 5% of page load speed by hacking away at your TCP connections and HTTP requests with techniques like spriting, inlining, domain sharding, and concatenation. Life’s a little bit easier in HTTP/2. It gives the typical website a 30% performance gain without a…

SHA-1 Deprecation: No Browser Left Behind

Published on by Matthew Prince.

After December 31, 2015, SSL certificates that use the SHA-1 hash algorithm for their signature will be declared technology non grata on the modern Internet. Google's Chrome browser has already begun displaying a warning for SHA-1 based certs that expire after 2015. Other browsers are mirroring Google and, over the course of 2016, will begin issuing warnings and eventually completely distrust connections to sites using SHA-1 signed certs.…