mTLS client certificate revocation vulnerability with TLS Session Resumption
April 03, 2023 2:00PM
This blog post outlines the root cause analysis and solution for a bug found in Cloudflare’s mTLS implementation...
However improbable: The story of a processor bug
January 18, 2018 12:06PM
Reliability Bugs Vulnerabilities NGINXProcessor problems have been in the news lately, due to the Meltdown and Spectre vulnerabilities. But generally, engineers writing software assume that computer hardware operates in a reliable, well-understood fashion, and that any problems lie on the software side of the software-hardware divide....
An Explanation of the Meltdown/Spectre Bugs for a Non-Technical Audience
January 08, 2018 6:57PM
Bugs Security VulnerabilitiesLast week the news of two significant computer bugs was announced. They've been dubbed Meltdown and Spectre and they take advantage of very technical systems that modern CPUs have implemented to make computers extremely fast....
Quantifying the Impact of "Cloudbleed"
March 01, 2017 3:27PM
Bugs Post Mortem Privacy SecurityLast Thursday we released details on a bug in Cloudflare's parser impacting our customers. It was an extremely serious bug that caused data flowing through Cloudflare's network to be leaked onto the Internet....
Incident report on memory leak caused by Cloudflare parser bug
February 23, 2017 11:01PM
Post Mortem Security Privacy BugsLast Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare....
More Posts
January 01, 2017 10:40PM
How and why the leap second affected Cloudflare DNS
At midnight UTC on New Year’s Day, deep inside Cloudflare’s custom RRDNS software, a number went negative when it should always have been, at worst, zero. A little later this negative value caused RRDNS to panic....
-
By