Great news for everyone using CloudFlare on an e-commerce site, or a site accepting or processing credit card transactions. After undergoing a Payment Card Industry (PCI) Data Security Standard (DSS) 2.0 security control assessment, we’ve been certified as a Level 1 service provider. Achieving Level 1 status requires an assessment of our security controls by […]

Education, expertise, and community: these themes define Meetups at CloudFlare. Meetups in our office bring together industry leaders, academics, and field experts to examine topics ranging from the Go programming language, to databases, to cryptography, and more. We’re creating a space for people interested in learning about, and hashing-out, specialized topics together; check out CloudFlare’s […]

At CloudFlare we spend a lot of time thinking about the best way to keep our customers’ data safe. Despite recent troubles, HTTPS is still the best way to deliver encrypted content for the web. As the threat landscape changes we try to keep up with best practices with respect to which cryptographic primitives we […]

Over time we’ve updated the SSL configuration we use for serving HTTPS as the security landscape has changed. In the past we’ve documented those changes in blog posts; to make things simpler to track, and so that people can stay up to date on the configuration we’ve chosen, I’ve created a Github repository called sslconfig. […]

At CloudFlare, we love connecting with our communities, and so we are excited to announce two meetups to be hosted here at the CloudFlare headquarters in San Francisco next month. All Things Crypto – 5/8/2014 On Thursday, May 8, Nick Sullivan from the security engineering team at CloudFlare will host a meetup with several cryptography […]

Trust, transparency, and collaboration are values which we hold dear at CloudFlare. As a web security and performance company, we are always interested in how we can make our service and our infrastructure more secure. We also know how the power of the security researcher community can help us achieve results more quickly and more […]

Eleven days ago the Heartbleed vulnerability was publicly announced. Last Friday, we issued the CloudFlare Challenge: Heartbleed and simultaneously started the process of revoking and reissuing all the SSL certificates that CloudFlare manages for our customers. That process is now complete. We have revoked and reissued every single certificate we manage and all the certificates […]

Earlier today we announced the Heartbleed Challenge. We set up a nginx server with a vulnerable version of OpenSSL and challenged the community to steal its private key. The world was up to the task: two people independently retrieved private keys using the Heartbleed exploit. The first valid submission was received at 16:22:01PST by Software […]

As we’ve said before, lots of our users run WordPress on their websites and its popularity makes it a big target. So when a new vulnerability is discovered, acting quickly is prudent. Jetpack is an extremely popular plugin to provide self-hosted blogs with all of the additional functionality that WordPress provide to sites hosted with […]

At CloudFlare, security is on the top of our minds. We are always looking for ways to better secure the data we are entrusted with and improve the security of our customers’ websites. With this in mind, Nick Sullivan, one of our system engineers, will hold a security-themed webcast this Thursday. Some of you may […]