Note: this post originally appeared as part of the 2013 PerfPlanet Calendar It’s common knowledge that domain sharding, where the resources in a web page are shared across different domains (or subdomains), is a good thing. It’s a good thing because browsers limit the number of connections per domain: splitting a web page across domains […]
Keeping our open source promise
Back in October I wrote a blog post about CloudFlare and open source software titled CloudFlare And Open Source Software: A Two-Way Street which detailed the many ways in which we use and support open source software. Since then we’ve pushed out quite a lot of new open source projects, as well as continuing to […]
Zero Day Vulnerability in OpenX Source 2.8.11 and Revive Adserver 3.0.1
If you are using OpenX or the new Revive Adserver (fork of OpenX), you need to update it ASAP. Florian Sander discovered a serious SQL injection vulnerability that affects all versions of OpenX and all versions of the Revive Adserver. From the Revive advisory: An SQL-injection vulnerability was recently discovered and reported to the Revive […]
Red October: CloudFlare’s Open Source Implementation of the Two-Man Rule
At CloudFlare, we are always looking for better ways to secure the data we’re entrusted with. This means hardening our system against outside threats such as hackers, but it also means protecting against insider threats. According to a recent Verizon report, insider threats account for around 14% of data breaches in 2013. While we perform […]
What we’ve been doing with Go
Almost two years ago CloudFlare started working with Go. What started as an experiment on one network and concurrency heavy project has turned into full, production use of Go for multiple services. Today Go is at the heart of CloudFlare’s services including handling compression for high-latency HTTP connections, our entire DNS infrastructure, SSL, load testing […]
A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography
Elliptic Curve Cryptography (ECC) is one of the most powerful but least understood types of cryptography in wide use today. At CloudFlare, we make extensive use of ECC to secure everything from our customers’ HTTPS connections to how we pass data between our data centers. Fundamentally, we believe it’s important to be able to understand […]
Ensuring Randomness with Linux’s Random Number Generator
attribution: Flickr/mark van de wouw license: CC Attribution-NonCommercial-ShareAlike 2.0 Generic When building secure systems, having a source of random numbers is essential. Without them, most cryptographic systems break down and the privacy and authenticity of communications between two parties can be subverted. For example, if you’re reading this using a link to https://blog.cloudflare.com then the SSL connection […]
Why some cryptographic keys are much smaller than others
If you connect to CloudFlare’s web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. When I connect using Chrome I get an RC4_128 connection (with a 128-bit key) which used the ECDHE_RSA key exchange mechanism (with a 2,048-bit key) to set the connection up. If […]
Why secure systems require random numbers
(Image Copyright (c) Walt Disney) If you’ve been following recent news about technical spying by the US National Security Agency and the UK’s Government Communications Headquarters you may have come across a claim that the NSA was involved in weakening a random number generator. The obvious question to ask is… why mess with random number […]
Details Behind Today’s Internet Hacks
When I woke up this morning I had no idea I’d be on a video conference with CloudFlare, OpenDNS, Google, GoDaddy, Twitter tech folks all day — Rajiv Pant (@rajivpant) August 28, 2013 At 1:19pm (PDT) today, a researcher noticed that the New York Times’ website wasn’t loading. We know the New York Times tech […]