The View from Washington: The State of Cybersecurity
September 14, 2017
Avril Haines, Former Deputy National Security Advisor, Obama Administration...
September 14, 2017
Avril Haines, Former Deputy National Security Advisor, Obama Administration...
September 12, 2017
This post summarizes how prevalent encrypted web traffic interception is and how it negatively affects online security according to a study published at NDSS 2017 authored by several researchers including the author of this post and Nick Sullivan of Cloudflare. ...
September 01, 2017
Most of today's cryptography is designed to be secure against an adversary with enormous amounts of computational power. This means estimating how much work certain computations require, and choosing cryptographic parameters based on our best estimates....
August 28, 2017
On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. ...
July 21, 2017
Cloudflare runs 3,588 containers, making up 1,264 apps and services that all need to be able to find and discover each other in order to communicate -- a problem solved with service discovery....
July 10, 2017
At Cloudflare our focus is making the internet faster and more secure. Today we are announcing a new enhancement to our HTTPS service: High-Reliability OCSP stapling....
July 06, 2017
The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services....
July 04, 2017
In a recent blog post, my colleague Marek talked about some SSDP-based DDoS activity we'd been seeing recently. In that blog post he used a tool called mmhistogram to output an ASCII histogram....
July 03, 2017
Everybody has secrets. Software developers have many. Often these secrets—API tokens, TLS private keys, database passwords, SSH keys, and other sensitive data—are needed to make a service run properly and interact securely with other services. ...
June 28, 2017
Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps....
June 07, 2017
Back in April we announced Rate Limiting of requests for every Cloudflare customer. Being able to rate limit at the edge of the network has many advantages: it’s easier for customers to set up and operate, their origin servers are not bothered by excessive traffic or layer 7 atta...
May 24, 2017
Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Connectionless LDAP servers back in November 2016 but totally ignored them because our systems were automatically dropping the attack traffic without any impact....
May 02, 2017
From security cameras to traffic lights, an increasing amount of appliances we interact with on a daily basis are internet connected. A device can be considered IoT-enabled when the functionality offered by its Embedded System is exposed through an internet connected API....
May 01, 2017
In a traditional TLS handshake, the client authenticates the server, and the server doesn’t know too much about the client. However, starting now, Cloudflare is offering enterprise customers TLS with client authentication. ...
April 27, 2017
In October, we wrote about a 1.75M rps DDoS attack we mitigated on our network, launched by 52,467 unique IP’s, mostly hacked CCTV cameras. We continued to see more IoT devices in DDoS attacks....
April 25, 2017
Cloudflare provides numerous benefits to ecommerce sites, including advanced DDOS protection and an industry-leading Web Application Firewall (WAF) that helps secure your transactions and protect customers’ private data....
April 21, 2017
A little over a year ago, Nick Sullivan talked about the beginning of the end for AES-CBC cipher suites, following a plethora of attacks on this cipher mode....
April 19, 2017
If you’re running a SaaS company, you know how important it is that your application is performant, highly available, and hardened against attack. ...
April 14, 2017
About a month ago, security researcher Omer Gil published the details of an attack that he calls the Web Cache Deception attack. It works against sites that sit behind a reverse proxy (like Cloudflare) and are misconfigured in a particular way....