Come join us on Cloudflare HQ in San Francisco on Tuesday, Febrary 28, 2017 for another cryptography meetup. We again had a great time at the last one, we decided to host another. It’s becoming a pattern. We’ll start the evening at 6:00p.m. with time for networking, followed up with short talks by leading experts […]
Archive | Security
RSS feed for this sectionWordPress REST API Vulnerability Abused in Defacement Campaigns
WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF network and honeypots closely to see how and when the attackers would try to exploit this issue the wild. In less than 48 hours after the vulnerability was disclosed, we […]
DDoS Ransom: An Offer You Can Refuse
Cloudflare has covered DDoS ransom groups several times in the past. First, we reported on the copycat group claiming to be the Armada Collective and then not too long afterwards, we covered the “new” Lizard Squad. While in both cases the groups made threats that were ultimately empty, these types of security events can send […]
Website Application Firewalls (WAF) – Practical Approach to Website Security
In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article was to help website owners differentiate between the types of firewalls they might encounter. Today, I will shift my focus specifically to website application firewalls (WAF). WAFs are not new, but […]
NANOG – the art of running a network and discussing common operational issues
The North American Network Operators Group (NANOG) is the loci of modern Internet innovation and the day-to-day cumulative network-operational knowledge of thousands and thousands of network engineers. NANOG itself is a non-profit membership organization; but you don’t need to be a member in order to attend the conference or join the mailing list. That said, […]
Protecting everyone from WordPress Content Injection
Today a severe vulnerability was announced by the WordPress Security Team that allows unauthenticated users to change content on a site using unpatched (below version 4.7.2) WordPress. CC BY-SA 2.0 image by Nicola Sap De Mitri The problem was found by the team at Sucuri and reported to WordPress. The WordPress team worked with WAF […]
TLS 1.3 explained by the Cloudflare Crypto Team at 33c3
Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg, has been one of the hallmark events of the security community for more than 30 years. You can watch the recording below, or download it in multiple formats […]
Content Injection Vulnerability in WordPress
As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discovered was a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post […]
Firebolt: the fastest, safest ads on the web
Cloudflare’s mission is to help build a better Internet. That means a faster, more secure, open Internet world-wide. We have millions of customers using our services like free SSL, an advanced WAF, the latest compression and the most up to date security to ensure that their web sites, mobile apps and APIs are secure and […]
Spotlight: Website Security Response for Photographers
It takes a lot of bravery to create a small business. Putting yourself out there and taking risks is not for the faint of heart. Having a website is just one aspect of your business, but it’s an important one. A website helps you develop a brand identity, communicate the value of your offerings, and […]
