A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We configured five cloud servers on Linode and Digital Ocean with the root password set to “password.” The idea was to see how long it would… […]
Archive | Security
RSS feed for this sectionAmsterdam to Zhuzhou: Cloudflare network expands to 100 cities
We’re excited to kick off Cloudflare’s sixth birthday celebrations by announcing data center locations in 14 new cities across 5 continents. This expansion makes our global network one of the largest in the world, spanning 100 unique cities across 49 countries. Every new Cloudflare data center improves the performance, security and reliability of millions of […]
How we brought HTTPS Everywhere to the cloud (part 1)
CloudFlare’s mission is to make HTTPS accessible for all our customers. It provides security for their websites, improved ranking on search engines, better performance with HTTP/2, and access to browser features such as geolocation that are being deprecated for plaintext HTTP. With Universal SSL or similar features, a simple button click can now enable encryption […]
What is the Status of IPv6 Adoption?
The internet is a complex ecosystem of interconnected devices, and at its core is the Internet Protocol (IP). This protocol is currently in its second major incarnation (IPv6) but many are only familiar with IPv4. Even with the new IP version (IPv6) available for years, most traffic is still routed over IPv4. Why is this,… […]
An overview of TLS 1.3 and Q&A
The CloudFlare London office hosts weekly internal Tech Talks (with free lunch picked by the speaker). My recent one was an explanation of the latest version of TLS, 1.3, how it works and why it’s faster and safer. You can watch the complete talk below or just read my summarized transcript. The Q&A session is […]
Fixing the mixed content problem with Automatic HTTPS Rewrites
CloudFlare aims to put an end to the unencrypted Internet. But the web has a chicken and egg problem moving to HTTPS. Long ago it was difficult, expensive, and slow to set up an HTTPS capable web site. Then along came services like CloudFlare’s Universal SSL that made switching from http:// to https:// as easy […]
Hacked Website Report – 2016/Q2
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights and analysis performed by our Incident Response Team (IRT) and Malware Research Team (MRT). CMS Analysis Our analysis consisted of over 9,000 infected websites. The graphs below show a side-by-side… […]
Opportunistic Encryption: Bringing HTTP/2 to the unencrypted web
Encrypting the web is not an easy task. Various complexities prevent websites from migrating from HTTP to HTTPS, including mixed content, which can prevent sites from functioning with HTTPS. Opportunistic Encryption provides an additional level of security to websites that have not yet moved to HTTPS and the performance benefits of HTTP/2. Users will not […]
Encryption Week
Since CloudFlare’s inception, we have worked tirelessly to make encryption as simple and as accessible as possible. Over the last two years, we’ve made CloudFlare the easiest way to enable encryption for web properties and internet services. From the launch of Universal SSL, which gives HTTPS to millions of sites for free, to the Origin […]
Introducing TLS 1.3
CloudFlare is turbocharging the encrypted internet The encrypted Internet is about to become a whole lot snappier. When it comes to browsing, we’ve been driving around in a beat-up car from the 90s for a while. Little does anyone know, we’re all about to trade in our station wagons for a smoking new sports car. […]
