BGP leaks and cryptocurrencies
April 24, 2018 10:31 PM
Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak....
Now You Can Setup Centrify, OneLogin, Ping and Other Identity Providers with Cloudflare Access
April 23, 2018 7:08 PM
Today we would like to announce support for two more Identity Providers with Cloudflare Access: Centrify and OneLogin. If you are using Centrify or OneLogin as your identity provider you can now easily integrate them with Cloudflare Access....
mmproxy - Creative Linux routing to preserve client IP addresses in L7 proxies
April 17, 2018 10:11 PM
In previous blog post we discussed how we use the TPROXY iptables module to power Cloudflare Spectrum. With TPROXY we solved a major technical issue on the server side, and we thought we might find another use for it on the client side of our product....
Introducing Spectrum: Extending Cloudflare To 65,533 More Ports
April 12, 2018 1:01 PM
We are introducing Spectrum, which brings Cloudflare’s security and acceleration to the whole spectrum of TCP ports and protocols for our Enterprise customers. It’s DDoS protection for any box, container or VM that connects to the internet....
Abusing Linux's firewall: the hack that allowed us to build Spectrum
April 12, 2018 1:00 PM
Introducing Spectrum: a new Cloudflare feature that brings DDoS protection, load balancing, and content acceleration to any TCP-based protocol.Today we are releasing Spectrum. ...
MORE POSTS
April 06, 2018 2:00 PM
Cloudflare Argo Tunnel with Rust+Raspberry Pi
Serving content from a Rust web server running on a Raspberry Pi from your home to the world, with a Cloudflare Argo Tunnels....
- By
April 05, 2018 1:00 PM
Argo Tunnel: A Private Link to the Public Internet
Argo Tunnel lets you deploy services that are hidden on the internet. In other words, Argo Tunnel is like a P.O. box: someone can send you packets without knowing your real address. Only Cloudflare can see the server and communicate with it....
- By
April 03, 2018 4:00 PM
Extend your security view from the data center to the edge
How great would it be to have a dashboard with a holistic view of threats, malicious server activity, vulnerabilities, sensitive data access levels and a daily scan of resources across all of your applications and services? Now you can. ...
- By
March 27, 2018 12:00 PM
A Solution to Compression Oracles on the Web
Compression is often considered an essential tool when reducing the bandwidth usage of internet services. The impact that the use of such compression schemes can have on security, however, has often been overlooked. ...
- By
March 24, 2018 2:59 AM
A tour through Merkle Town, Cloudflare's Certificate Transparency dashboard
The success of Certificate Transparency rests on the existence of a robust ecosystem of logs and log operators. Without logs that CAs can depend on, it’s not practical for browsers to require that SSL certificates have been logged to be trusted—as Chrome plans to do on April 30....
- By
March 23, 2018 2:45 PM
Introducing Certificate Transparency and Nimbus
Certificate Transparency (CT) is an ambitious project to help improve security online by bringing accountability to the system that protects HTTPS. Cloudflare is announcing support for this project by introducing two new public-good services....
- By
March 12, 2018 4:00 PM
Deprecating TLS 1.0 and 1.1 on api.cloudflare.com
On June 4, Cloudflare will be dropping support for TLS 1.0 and 1.1 on api.cloudflare.com. Additionally, the dashboard will be moved from www.cloudflare.com/a to dash.cloudflare.com and will require a browser that supports TLS 1.2 or higher....
- By
March 06, 2018 3:46 PM
The real cause of large DDoS - IP Spoofing
A week ago we published a story about new amplification attacks using memcached protocol on UDP port 11211. A few things happened since then: Github announced it was a target of 1.3Tbps memcached attack. OVH and Arbor reported similar large attacks with the peak reported at 1.7Tb...
- By
February 26, 2018 12:04 PM
Using Cloudflare Workers to identify pwned passwords
Last week Troy Hunt launched his Pwned Password v2 service which has an API handled and cached by Cloudflare using a clever anonymity scheme. The following simple code can check if a password exists in Troy's database without sending the password to Troy....
- By
February 21, 2018 7:00 PM
Validating Leaked Passwords with k-Anonymity
Today, v2 of Pwned Passwords was released as part of the Have I Been Pwned service offered by Troy Hunt. Containing over half a billion real world leaked passwords, this database provides a vital tool for correcting the course of how the industry combats modern threats against pa...
- By
February 21, 2018 7:00 PM
How Developers got Password Security so Wrong
Both in our real lives, and online, there are times where we need to authenticate ourselves - where we need to confirm we are who we say we are. This can be done using three things....
- By
February 16, 2018 10:30 PM
Keeping our users safe
To everyone in Cloudflare, account security is one of our most important tasks. We recognize that to every customer on our platform, we are critical infrastructure. We also know that the simplest attacks often lead to the most devastating of outcomes. ...
- By
February 14, 2018 8:00 PM
HTTPS or bust: Chrome’s plan to label sites as "Not Secure"
Google just announced that beginning in July 2018, with the release of Chrome 68, web pages loaded without HTTPS will be marked as “not secure”. More than half of web visitors will soon see this warning when visiting unencrypted HTTP sites....
- By
January 19, 2018 5:38 PM
Web Cache Deception Attack revisited
In April, we wrote about Web Cache Deception attacks, and how our customers can avoid them using origin configuration. Since our previous blog post, we have looked for but have not seen any large scale attacks like this in the wild....
- By