Today on The Day We Fight Back, companies are coming together to protest the NSA’s mass surveillance programs. CloudFlare is proud to be one of those companies. We are taking a stand and proclaiming that “we will push back against powers that seek to observe, collect, and analyze our every digital action.” Set Boundaries with […]
Archive | Security
RSS feed for this sectionJoomla JomSocial Remote Code Execution Vulnerability
The JomSocial team just released an update that fixes a very serious remote code execution vulnerability that affects any JomSocial version older than 3.1.0.4. From their hot-fix update: Yesterday we released version 3.1.0.4 which fixes two vulnerabilities. As a result of the first vulnerability, our own site was hacked. Thankfully, our security experts spotted the […]
Darkleech + Bitly.com = Insightful Statistics
This post is about how hackers abuse popular web services, and how this helps security researchers obtain interesting statistics about malware attacks. We, at Sucuri, work with infected websites every day. While we see some particular infections on one site or on multiple sites, we can’t accurately tell how many more sites out there are […]
Participate in the Day We Fight Back with One Click
At CloudFlare, we’re fiercely committed to an open internet. That’s why we’re announcing a new app that lets you easily add to your website a banner from The Day We Fight Back. The DayWeFightBack.org has organized a protest against mass surveillance set for Tuesday, February 11th. The banner that your visitors would see urges them […]
Layer 7 DDOS – Blocking HTTP Flood Attacks
There are many types of Distributed Denial of Service (DDOS) attacks that can affect and bring down a website, and they vary in complexity and size. The most well known attacks are the good old syn-flood, followed by the Layer 3/4 UDP and DNS amplification attacks. Today though, we’re going to spend a little time […]
Many Pieces of a Puzzle: Target, Neiman Marcus and Website Hacking
Corporations get hacked all the time. This is not news to anyone in the security business, but it has certainly received a lot of attention from those in the media over the last few weeks because of a couple of large-scale credit card events at both Target and Neiman Marcus. For the average person, website […]
New iFrame Injections Leverage PNG Image Metadata
We’re always trying to stay ahead of the latest trends, and today we caught a very interesting one that we have either been missing, or it’s new. We’ll just say it’s new.. We’re all familiar with the idea of iFrame Injections, right? Understanding an iFrame Injection The iFrame HTML tag is very standard today, it’s […]
Stories from our recent global data center upgrade
Each day at CloudFlare is full of surprises. As it turns out, it takes a lot of work to stop massive attacks and to help make the web faster. Over the past six months, our entire team has contributed in every way imaginable to more than double the capacity of our global network. Below is […]
CloudFlare DNS is simple, fast and flexible
Over the past few years, the CloudFlare blog has covered a great range of different topics, drilling down into the technology we use to both protect websites from attack, and optimise them so that they load faster for visitors. One thing we haven’t spent enough time talking about so far though also happens to be […]
Killing RC4 (softly)
Back in 2011, the BEAST attack on the cipher block chaining (CBC) encryption mode used in TLS v1.0 was demonstrated. At the time the advice of experts (including our own) was to prioritize the use of RC4-based cipher suites. The BEAST vulnerability itself had already been fixed in TLS v1.1 a few years before, but […]