Thousands of developers use CloudFlare to accelerate and secure the backend of their mobile applications and websites. This week is Apple’s Worldwide Developers Conference (WWDC), where thousands of Apple developers come to San Francisco to talk, learn and share best practices for developing software for Apple platforms. New announcements from Apple this week make CloudFlare […]
Archive | Security
RSS feed for this sectionSecurity Advisory: Object Injection Vulnerability in WooCommerce
Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Object Injection Patched Version: 2.3.11 During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability which could, in certain contexts, be used by an attacker to download any file on the vulnerable server. Are you at risk? The vulnerability is onlyRead […]
SweetCAPTCHA Service used to Distribute Adware
SweetCaptcha is free CAPTCHA service that offers to match sweet-looking images instead of making you recognize distorted digits and characters. It has integration with many website platforms: pure PHP, WordPress (10,000+ plugin installs), Drupal, Joomla, ModX, .NET, JavaScript, and even offers an API that can be used on other platforms. So far so good. MaliciousRead […]
Your Website Hacked but No Signs of Infection
Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. This is the emotionally draining world that many live in, with a paranoia and concern that grips you once you see and recognize that something is not right.Read […]
Introducing Free Global Website Performance Tool
We are happy to launch a new free tool (aka Global Website Performance Tester) that allows anyone to quickly check how fast a website is loading from across the globe. We extract three key metrics that are critical to the performance of any website: connection time, time to first byte (TTFB) and total load time:Read […]
Welcome Acquia!
We’ve had the good fortune to share many great experiences with the Acquia team over the last few years. From breaking bread with founder and CTO Dries Buytaert at SXSW, to skiing the slopes of Park City with the company’s CEO Tom Erickson, to staying up late with their incredible team onboarding a joint customer […]
Fake jQuery Scripts in Nulled WordPress Pugins
We recently investigated some random redirects on a WordPress website that would only happen to certain visitors. Traffic analysis showed us that it was not a server-side redirect, rather it happened due to some script loaded by the web pages. A quick look through the HTML code revealed this script: It was very suspicious forRead […]
Logjam: the latest TLS vulnerability explained
Yesterday, a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published a deep analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. This analysis included a novel downgrade attack against the TLS protocol itself called Logjam, which exploits EXPORT cryptography (just like FREAK). First, […]
Website Security – How Do Websites Get Hacked?
In 2014 the total number of websites on the internet reached 1 billion, today it’s hovering somewhere in the neighborhood of 944 million due to websites going inactive and it is expected to normalize again at 1 billion sometime in 2015. Let’s take a minute to absorb that number for a moment. Another surprising statistic isRead […]
CloudFlare Supports the Passage of the USA Freedom Act
Earlier today, the lower house in the U.S. Congress (the House of Representatives) passed the USA FREEDOM Act. The Act, if passed by the Senate and signed by the President, would seek to sunset the National Security Agency’s bulk collection and mass surveillance programs, which may or may not be authorized by Section 215 of […]
