To everyone in Cloudflare, account security is one of our most important tasks. We recognize that to every customer on our platform, we are critical infrastructure. We also know that the simplest attacks often lead to the most devastating of outcomes.
HTTPS or bust: Chrome’s plan to label sites as "Not Secure"
Google just announced that beginning in July 2018, with the release of Chrome 68, web pages loaded without HTTPS will be marked as “not secure”. More than half of web visitors will soon see this warning when visiting unencrypted HTTP sites.
Web Cache Deception Attack revisited
In April, we wrote about Web Cache Deception attacks, and how our customers can avoid them using origin configuration. Since our previous blog post, we have looked for but have not seen any large scale attacks like this in the wild.
Deprecating SPDY
Participating in the Internet democracy occasionally means that technologies that were once popular lose their utility as newer technologies emerge. SPDY is one such technology. As a result, we're announcing our intention to deprecate the use of SPDY for connections made to Cloudflare's edge.
Introducing Cloudflare Access: Like BeyondCorp, But You Don’t Have To Be A Google Employee To Use It
Tell me if this sounds familiar: any connection from inside the corporate network is trusted and any connection from the outside is not. This is the security strategy used by most enterprises today. The problem is that security is breached, the attacker has access to everything.