Over the last few years, there has been a rise in the number of attacks that affect how a computer boots. Most modern computers use a specification called Unified Extensible Firmware Interface (UEFI) that defines a software interface between an operating system (e.g. Windows) and platform firmware (e.g. disk drives, video cards). There are security […]
Tag Archives: security
CIO Week 2023 recap
This post is also available in 日本語, 简体中文, Français, Deutsch and Español. In our Welcome to CIO Week 2023 post, we talked about wanting to start the year by celebrating the work Chief Information Officers do to keep their organizations safe and productive. Over the past week, you learned about announcements addressing all facets of […]
Input Validation for Website Security
Web forms are incredibly useful tools. They allow you to gather important information about potential clients and site visitors, collect comments and feedback, upload files, subscribe new users to your blog, or even collect payment details. But if your forms aren’t properly validating user inputs, you might be in for a nasty surprise: a variety […]
Introducing Cloudflare Access: Like BeyondCorp, But You Don’t Have To Be A Google Employee To Use It
Tell me if this sounds familiar: any connection from inside the corporate network is trusted and any connection from the outside is not. This is the security strategy used by most enterprises today. The problem is that once the firewall, or gateway, or VPN server creating this perimeter is breached, the attacker gets immediate, easy […]
Simple Cyber Security Tips (for your Parents)
Today, December 25th, Cloudflare offices around the world are taking a break. From San Francisco to London and Singapore; engineers have retreated home for the holidays (albeit with PagerDuty safely in arms reach, schedule permitting). Software engineering pro-tip: Do not, I repeat, do not deploy this week. That is how you end up debugging a […]
TLS 1.3 is going to save us all, and other reasons why IoT is still insecure
As I’m writing this, four DDoS attacks are ongoing and being automatically mitigated by Gatebot. Cloudflare’s job is to get attacked. Our network gets attacked constantly. Around the fall of 2016, we started seeing DDoS attacks that looked a little different than usual. One attack we saw around that time had traffic coming from 52,467 […]
CAA of the Wild: Supporting a New Standard
One thing we take pride in at Cloudflare is embracing new protocols and standards that help make the Internet faster and safer. Sometimes this means that we’ll launch support for experimental features or standards still under active development, as we did with TLS 1.3. Due to the not-quite-final nature of some of these features, we […]
Make SSL boring again
It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google’s crypto and SSL implementation that started as a fork of OpenSSL. We dedicated several months of work to make this happen without negative impact on customer traffic. We had a […]
Down the Rabbit Hole: The Making of Cloudflare Warp
In the real world, tunnels are often carved out from the mass of something bigger – a hill, the ground, but also man-made structures. CC BY-SA 2.0 image by Matt Brown In an abstract sense Cloudflare Warp is similar; its connection strategy punches a hole through firewalls and NAT, and provides easy and secure passage […]
Geo Key Manager: How It Works
Today we announced Geo Key Manager, a feature that gives customers unprecedented control over where their private keys are stored when uploaded to Cloudflare. This feature builds on a previous Cloudflare innovation called Keyless SSL and a novel cryptographic access control mechanism based on both identity-based encryption and broadcast encryption. In this post we’ll explain […]
