Trust, transparency, and collaboration are values which we hold dear at CloudFlare. As a web security and performance company, we are always interested in how we can make our service and our infrastructure more secure. We also know how the power of the security researcher community can help us achieve results more quickly and more […]

Eleven days ago the Heartbleed vulnerability was publicly announced. Last Friday, we issued the CloudFlare Challenge: Heartbleed and simultaneously started the process of revoking and reissuing all the SSL certificates that CloudFlare manages for our customers. That process is now complete. We have revoked and reissued every single certificate we manage and all the certificates […]

Earlier today we announced the Heartbleed Challenge. We set up a nginx server with a vulnerable version of OpenSSL and challenged the community to steal its private key. The world was up to the task: two people independently retrieved private keys using the Heartbleed exploit. The first valid submission was received at 16:22:01PST by Software […]

As we’ve said before, lots of our users run WordPress on their websites and its popularity makes it a big target. So when a new vulnerability is discovered, acting quickly is prudent. Jetpack is an extremely popular plugin to provide self-hosted blogs with all of the additional functionality that WordPress provide to sites hosted with […]

At CloudFlare, security is on the top of our minds. We are always looking for ways to better secure the data we are entrusted with and improve the security of our customers’ websites. With this in mind, Nick Sullivan, one of our system engineers, will hold a security-themed webcast this Thursday. Some of you may […]

Today’s guest blogger is Rodney Gibbs. Rodney is the CIO of The Texas Tribune, a nonprofit media organization that covers public policy, politics, and government. He and his team recently supported major livestreamed events at South by Southwest (SXSW), a conference that attracts more than 70,000 music, arts and digital media aficionados. A few days […]

At CloudFlare a lot of our customers use WordPress, that’s why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for our Web Application Firewall. WordPress’ ubiquity on the web can make it an ideal target for Layer 7 attacks, and its powerful features as a blogging […]

This blog post is dedicated to the memory of Dr. Scott Vanstone, popularizer of elliptic curve cryptography and inventor of the ECDSA algorithm. He passed away on March 2, 2014. At CloudFlare we are constantly working on ways to make the Internet better. An important part of this is enabling our customers to serve their […]

On January 27, the Department of Justice and the Director of National Intelligence announced a change in rules governing the disclosure of National Security Orders, affording slightly more latitude in how companies could report the number of National Security Orders which they had received. Within several hours, CloudFlare presented its initial Transparency Report on National […]

At CloudFlare, we are always looking for ways to improve the security of our customers’ websites. One of the features we provide is the ability to serve their website encrypted over SSL/TLS. Today we are announcing a new feature to help make encryption on the web safer and more secure: Full SSL (Strict). With strict […]