Security - The Cloudflare Blog

September 28, 2019 10:54PM

Cloudflare’s protection against a new Remote Code Execution vulnerability (CVE-2019-16759) in vBulletin

Cloudflare has released a new rule as part of its Cloudflare Specials Rulesets, to protect our customers against a high-severity vulnerability in vBulletin. A new zero-day vulnerability was discovered for vBulletin, a proprietary Internet forum software....

September 27, 2019 7:00PM

Birthday Week 2019 Wrap-up

Birthday Week Product News Security Analytics 1.1.1.1

This week we celebrated Cloudflare’s 9th birthday by launching a variety of new offerings that support our mission: to help build a better Internet. Below is a summary recap of how we celebrated Birthday Week 2019....

Jake Anderson

September 26, 2019 1:00PM

HTTP/3: the past, the present, and the future

Birthday Week Product News HTTP3 QUIC Security

We are now happy to announce that QUIC and HTTP/3 support is available on the Cloudflare edge network. We’re excited to be joined in this announcement by Google Chrome and Mozilla Firefox, two of the leading browser vendors and partners in our effort to make the web faster and more reliable for all....

September 26, 2019 12:59PM

HTTP/3: 과거, 현재 그리고 미래

Korean Product News HTTP3 QUIC Security

오늘 QUIC와 HTTP/3의 엣지 네트워크 지원을 발표하게 되어 기쁘게 생각합니다. 또한 모두를 위해 웹을 빠르고 더 신뢰성 있게 만들고자 하는 우리의 노력에 있어 Google Chrome과 Mozilla Firefox라는 선도적인 두 브라우저 제조사와 이 발표를 함께 하게 되어 기쁩니다....

September 23, 2019 1:00PM

Cleaning up bad bots (and the climate)

Birthday Week Product News Bots Security

From the very beginning Cloudflare has been stopping bots from scraping websites, or misusing APIs. Over time we’ve improved our bot detection methods and deployed large machine learning models that are able to distinguish real traffic (be it from humans or apps) from misbehaving bots....

John Graham-Cumming

September 18, 2019 2:03PM

Cloudflare’s Approach to Research

Cloudflare’s mission is to help build a better Internet. One of the tools used in pursuit of this goal is computer science research. We’ve learned that some of the difficult problems to solve are best approached through research...

By

Nick Sullivan

Cryptography , Security

September 13, 2019 11:00PM

How Cloudflare and Wall Street Are Helping Encrypt the Internet Today

Today has been a big day for Cloudflare, as we became a public company on the New York Stock Exchange (NYSE: NET). To mark the occasion, we decided to bring our favorite entropy machines to the floor of the NYSE....

By

Nick Sullivan

LavaRand , Entropy , Security , Encryption

September 11, 2019 4:00PM

How Castle is Building Codeless Customer Account Protection

Strong security should be easy. Asking your consumers again and again to take responsibility for their security through robust passwords and other security measures doesn’t work. The responsibility of security needs to shift from end users to the companies who serve them....

By

Guest Author

Serverless , Workers , Security , API , Guest Post

August 30, 2019 1:00PM

Announcing the General Availability of API Tokens

Today we are announcing the general availability of API Tokens - a scalable and more secure way to interact with the Cloudflare API. As part of making a better internet, Cloudflare strives to simplify manageability of a customer’s presence at the edge....

By

Garrett Galow

API , Security , Product News

August 22, 2019 1:00PM

Supercharging Firewall Events for Self-Serve

Today, I’m very pleased to announce the release of a completely overhauled version of our Firewall Event log to our Free, Pro and Business customers. This new Firewall Events log is now available in your Dashboard, and you are not required to do anything to receive this new capability....

By

Alex Cruz Farmer

Product News , Firewall , Security , WAF , Dashboard

August 08, 2019 10:00PM

Introducing Certificate Transparency Monitoring

Today we’re launching Certificate Transparency Monitoring (my summer project as an intern!) to help customers spot malicious certificates. If you opt into CT Monitoring, we’ll send you an email whenever a certificate is issued for one of your domains....

By

Ben Solomon

Product News , Security , SSL

July 19, 2019 1:00PM

Securing infrastructure at scale with Cloudflare Access

I rarely have to deal with the hassle of using a corporate VPN and I hope it remains this way. As a new member of the Cloudflare team, that seems possible. Coworkers who joined a few years ago did not have that same luck. They had to use a VPN to get any work done. What changed?...

By

Jeremy Bernick

Access , Product News , Security , HTTPS , VPN

July 18, 2019 2:12PM

A Tale of Two (APT) Transports

Securing access to your APT repositories is critical. At Cloudflare, like in most organizations, we used a legacy VPN to lock down who could reach our internal software repositories. However, a network perimeter model lacks a number of features that we consider critical to a team’s security....

By

Ryan Djurovich

Access , Linux , HTTPS , Security

June 21, 2019 1:00PM

Introducing time.cloudflare.com

Cloudflare has always been a leader in deploying secure versions of insecure Internet protocols and making them available for free for anyone to use. In 2014, we launched one of the world’s first free, secure HTTPS service (Universal SSL) to go along with our existing free HTTP plan....

By

Aanchal Malhotra

Guest Post , Crypto , Crypto Week , Cryptography , Product News