2013 was a great year for Sucuri! We were able to add some great services and tools like CloudProxy to help website owners and administrators fight malware. We also grew the Sucuri team quite a bit in an effort to support our products, and more importantly our customers. We’re very excited about the future, so […]
Security issue on vBulletin’s uploader.swf
The vBulletin team recently disclosed a XSS (cross site scripting) vulnerability in the uploader.swf file that is included by default on vBulletin 4 and 5. This file comes from the YUI library that is not supported anymore, so the vBulletin team is recommending everyone to remove that file asap from their installs. This is their […]
How the NSA (may have) put a backdoor in RSA’s cryptography: A technical primer
There has been a lot of news lately about nefarious-sounding backdoors being inserted into cryptographic standards and toolkits. One algorithm, a pseudo-random bit generator, Dual_EC_DRBG, was ratified by the National Institute of Standards and Technology (NIST) in 2007 and is attracting a lot of attention for having a potential backdoor. This is the algorithm into […]
Using CloudFlare to mix domain sharding and SPDY
Note: this post originally appeared as part of the 2013 PerfPlanet Calendar It’s common knowledge that domain sharding, where the resources in a web page are shared across different domains (or subdomains), is a good thing. It’s a good thing because browsers limit the number of connections per domain: splitting a web page across domains […]
Keeping our open source promise
Back in October I wrote a blog post about CloudFlare and open source software titled CloudFlare And Open Source Software: A Two-Way Street which detailed the many ways in which we use and support open source software. Since then we’ve pushed out quite a lot of new open source projects, as well as continuing to […]
Zero Day Vulnerability in OpenX Source 2.8.11 and Revive Adserver 3.0.1
If you are using OpenX or the new Revive Adserver (fork of OpenX), you need to update it ASAP. Florian Sander discovered a serious SQL injection vulnerability that affects all versions of OpenX and all versions of the Revive Adserver. From the Revive advisory: An SQL-injection vulnerability was recently discovered and reported to the Revive […]
Red October: CloudFlare’s Open Source Implementation of the Two-Man Rule
At CloudFlare, we are always looking for better ways to secure the data we’re entrusted with. This means hardening our system against outside threats such as hackers, but it also means protecting against insider threats. According to a recent Verizon report, insider threats account for around 14% of data breaches in 2013. While we perform […]
What we’ve been doing with Go
Almost two years ago CloudFlare started working with Go. What started as an experiment on one network and concurrency heavy project has turned into full, production use of Go for multiple services. Today Go is at the heart of CloudFlare’s services including handling compression for high-latency HTTP connections, our entire DNS infrastructure, SSL, load testing […]
A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography
Elliptic Curve Cryptography (ECC) is one of the most powerful but least understood types of cryptography in wide use today. At CloudFlare, we make extensive use of ECC to secure everything from our customers’ HTTPS connections to how we pass data between our data centers. Fundamentally, we believe it’s important to be able to understand […]
Ensuring Randomness with Linux’s Random Number Generator
attribution: Flickr/mark van de wouw license: CC Attribution-NonCommercial-ShareAlike 2.0 Generic When building secure systems, having a source of random numbers is essential. Without them, most cryptographic systems break down and the privacy and authenticity of communications between two parties can be subverted. For example, if you’re reading this using a link to https://blog.cloudflare.com then the SSL connection […]
