Inside ImageTragick: The Real Payloads Being Used to Hack Websites
2016-05-09
Last week multiple vulnerabilities were made public in the popular image manipulation software, ImageMagick. These were quickly named ImageTragick. ...
First Bay Area OpenResty Meetup
2016-05-09
On March 9, 章亦春, known to most of us as agentzh, organized the first Bay Area OpenResty Meetup at CloudFlare's San Francisco office....
Everybody gets WebSockets
2016-05-05
Two summers ago, with a seemed-big-at-the-time network of 28 datacenters, not long after introducing Medellin, CloudFlare introduced support for WebSockets, initially for our Enterprise customers....
Dan Kaminsky Will Be Taking Your Questions At Our DNS Meetup Next Week In San Francisco
2016-05-04
Our last DNS meetup was a packed house with Paul Mockapetris, the original inventor of DNS. We learned why DNS answers have a question count but always only one question, why underscores aren’t allowed in domain names, and the history of how DNS came to be....
Yet Another Padding Oracle in OpenSSL CBC Ciphersuites
2016-05-04
Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it’s in the code that fixes Lucky13....
Introducing CloudFlare Origin CA
2016-05-03
In the fall of 2014 CloudFlare launched Universal SSL and doubled the number of sites on the Internet accessible via HTTPS. In just a few days we issued certificates protecting millions of our customers’ domains and became the easiest way to secure your website with SSL/TLS....
Stronger protection and more control over security settings with CloudFlare’s new cPanel plugin
2016-05-02
CloudFlare has released a new version of our plugin for cPanel with two new features and more control over the security settings of your website....
Bangkok, Thailand: CloudFlare’s 79th Data Center
2016-05-01
CloudFlare just turned up our newest data center in Bangkok, the capital of Thailand and a very popular destination with travelers in Southeast Asia. This expands our network to span 32 cities across Asia, and 79 cities globally....
Lizard Squad Ransom Threats: New Name, Same Faux Armada Collective M.O.
2016-04-29
CloudFlare recently wrote about the group of cyber criminals claiming to be be the "Armada Collective." In that article, we stressed that this group had not followed through on any of the ransom threats they had made. ...
Announcing Support for HTTP/2 Server Push
2016-04-28
Last November, we rolled out HTTP/2 support for all our customers. At the time, HTTP/2 was not in wide use, but more than 88k of the Alexa 2 million websites are now HTTP/2-enabled....
Ask Me Anything About HTTP/2
2016-04-27
We're big fans of HTTP/2 at CloudFlare. Our customers make up the majority of HTTP/2 enabled domains today. HTTP/2 is a key part of the modern web, and its growth and adoption is changing how websites and applications are built....
Building the simplest Go static analysis tool
2016-04-27
Go native vendoring (a.k.a. GO15VENDOREXPERIMENT) allows you to freeze dependencies by putting them in a vendor folder in your project. The compiler will then look there before searching the GOPATH....
Kyiv, Ukraine: Cloudflare’s 78th Data Center
2016-04-26
Здоровенькі були! CloudFlare just turned up our newest datacenter in Kiev, the capital and largest city of Ukraine. Kiev is an old city with more than 1,000 years of history. ...
Empty DDoS Threats: Meet the Armada Collective
2016-04-25
Beginning in March 2016, we began hearing reports of a gang of cybercriminals once again calling themselves the Armada Collective. The calling card of the gang was an extortion email sent to a wide variety of online businesses threatening to launch DDoS attacks if they weren't paid in Bitcoin....
Today Is A Big Day For Page Rules
2016-04-19
Today we're releasing a whole suite of upgrades to page rules: API support, additional settings, pausing a page rule and a mobile-friendly design. ...
New for Virtual DNS Customers: Self-Service Dashboard and APIs, and Two New Features
2016-04-13
Today we're launching two new features and a brand new dashboard and API for Virtual DNS. Virtual DNS is CloudFlare’s DNS proxy that sits in front of some of the largest hosting providers in the world, shielding their DNS infrastructure from attacks....
What happened next: the deprecation of ANY
2016-04-13
Almost a year ago, we announced that we were going to stop answering DNS ANY queries. We were prompted by a number of factors: The lack of legitimate ANY use. The abundance of malicious ANY use. The constant use of ANY queries in large DNS amplification DDoS attacks....
Taipei: CloudFlare’s 77th Data Center is Now Live
2016-04-11
We are excited to announce the launch of our Taipei data center, which is our 28th data center in Asia, and our 77th data center globally. Millions of websites which were previously served from Hong Kong are now served locally from Taipei....
The curious case of slow downloads
2016-04-11
Some time ago we discovered that certain very slow downloads were getting abruptly terminated and began investigating whether that was a client (i.e. web browser) or server (i.e. us) problem....
