At CloudFlare, we are always looking for better ways to secure the data we’re entrusted with. This means hardening our system against outside threats such as hackers, but it also means protecting against insider threats. According to a recent Verizon report, insider threats account for around 14% of data breaches in 2013. While we perform […]
What we’ve been doing with Go
Almost two years ago CloudFlare started working with Go. What started as an experiment on one network and concurrency heavy project has turned into full, production use of Go for multiple services. Today Go is at the heart of CloudFlare’s services including handling compression for high-latency HTTP connections, our entire DNS infrastructure, SSL, load testing […]
A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography
Elliptic Curve Cryptography (ECC) is one of the most powerful but least understood types of cryptography in wide use today. At CloudFlare, we make extensive use of ECC to secure everything from our customers’ HTTPS connections to how we pass data between our data centers. Fundamentally, we believe it’s important to be able to understand […]
Ensuring Randomness with Linux’s Random Number Generator
attribution: Flickr/mark van de wouw license: CC Attribution-NonCommercial-ShareAlike 2.0 Generic When building secure systems, having a source of random numbers is essential. Without them, most cryptographic systems break down and the privacy and authenticity of communications between two parties can be subverted. For example, if you’re reading this using a link to https://blog.cloudflare.com then the SSL connection […]
Why some cryptographic keys are much smaller than others
If you connect to CloudFlare’s web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. When I connect using Chrome I get an RC4_128 connection (with a 128-bit key) which used the ECDHE_RSA key exchange mechanism (with a 2,048-bit key) to set the connection up. If […]
Why secure systems require random numbers
(Image Copyright (c) Walt Disney) If you’ve been following recent news about technical spying by the US National Security Agency and the UK’s Government Communications Headquarters you may have come across a claim that the NSA was involved in weakening a random number generator. The obvious question to ask is… why mess with random number […]
Details Behind Today’s Internet Hacks
When I woke up this morning I had no idea I’d be on a video conference with CloudFlare, OpenDNS, Google, GoDaddy, Twitter tech folks all day — Rajiv Pant (@rajivpant) August 28, 2013 At 1:19pm (PDT) today, a researcher noticed that the New York Times’ website wasn’t loading. We know the New York Times tech […]
Updating Our Privacy Policy
Hi I’m Ken Carter, CloudFlare’s newly minted in-house counsel. Now that I have introduced myself, feel free to introduce yourself. Or, don’t. You may want to remain anonymous because you value your privacy. We do, too. To that end, one of the first things I have undertaken in my new role is a full review […]
Heuristics and Rules: Why We Built a New Old WAF
We just rolled out an update to CloudFlare’s Web Application Firewall (WAF). Previously, CloudFlare’s WAF has received criticism from people who have tested it and found that it didn’t behave as traditional WAFs are expected to. That contrasted with the real world experience of users who saw our WAF virtually eliminate actual web threats. Seemingly […]
DDoS Prevention: Protecting The Origin
One of the many great features that CloudFlare provides is protection from Distributed Denial of Service (DDoS) attacks. A malicious party who wants to make your website or web service unavailable could try to overwhelm it with requests from compromised machines (or bots) all around the world. With a large enough volume of requests, your […]