CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a priority. We use TLS both externally and internally and different uses of TLS have different constraints. Broadly there are three ways we use TLS: to handle HTTPS connections from web […]
Archive by Author
Mirage 2.0: Solving the Mobile Browsing Speed Challenge
Almost exactly a year ago, CloudFlare announced a feature called Mirage. Mirage was designed to make the loading of images faster in two primary ways: 1) deliver smaller images for devices with smaller screens; and 2) “lazy load” images only when they appeared in the viewport. Both of these optimizations were designed primarily to accelerate […]
CloudFlare, PRISM, and Securing SSL Ciphers
Over the last week we’ve closely watched the disclosures about the alleged NSA PRISM program. At CloudFlare, we have never been approached to participate in PRISM or any other similar program. We do, from time to time, receive subpoenas and court orders. A human being on our team reviews each of these requests manually. When […]
What CloudFlare Logs
Over the last few weeks, we’ve had a number of requests for information about what data CloudFlare logs when someone visits a site on our network. While we have provided a Privacy Policy that outlines how we keep information private, I wanted to take the time to clarify our customer log retention policies. What CloudFlare […]
Patching the Internet in Realtime: Fixing the Current WordPress Brute Force Attack
There is currently a significant attack being launched at a large number of WordPress blogs across the Internet. The attacker is brute force attacking the WordPress administrative portals, using the username “admin” and trying thousands of passwords. It appears a botnet is being used to launch the attack and more than tens of thousands of […]
The DDoS That Almost Broke the Internet
The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times calls the attack the largest known DDoS attack ever on the Internet. We wrote about the attack last week. At the time, it was a large attack, sending […]
CloudFlare Keeps TheBayLights.org Running Bright
The Art When you think of San Francisco, undoubtedly one bridge in particular comes to mind – The Golden Gate Bridge. This year, however, the Bay Bridge is getting its moment in the spotlight thanks to Words Pictures Ideas, a CloudFlare customer. Words Pictures Ideas services brands and organizations in need of smarter communications. While […]
Good Web Security News: Open DNS Resolvers Are Getting Closed
This has been a rough week in the security industry with big attacks and compromises reported at companies from Facebook to Apple. We’re therefore happy to end the week with some good news: the web’s open resolvers, one of the sources of the biggest DDoS attacks, are getting closed. Sad State of Affairs Last October, […]
Facebook Bug Redirects the Web Through Javascript Widget Error
You may have heard that Facebook took down a significant portion of the Internet today. A bug in their Facebook Connect script — which is installed widely across many sites including CNN, MSNBC.com, New York Magazine, and many more places — caused users to be redirected to a Facebook error page. Here’s a video of […]
CloudFlare Heading to Parallels Summit 2013
CloudFlare is heading to Parallels Summit in Las Vegas on Monday, February 4th to Wednesday, February 6th. We look forward to meeting and reconnecting with service providers and providing complimentary limo rides between the airport and the Caesars Palace hotel. We recently launched a partnership with Parallels. Any Parallels service provider can increase revenue, while […]
