Cloudflare’s customers recognize that they need to protect the confidentiality and integrity of communications with their web visitors. The widely accepted solution to this problem is to use the SSL/TLS protocol to establish an encrypted HTTPS session, over which secure requests can then be sent. Eavesdropping is protected against as only those who have access […]
Tag Archives: security
Making the World Better by Breaking Things
Ben Sadeghipour, Technical Account Manager, HackerOne, and Katie Moussouris, Founder & CEO, Luta Security Moderator: John Graham-Cumming, CTO, Cloudflare Photo by Cloudflare Staff JGC: We’re going to talk about hacking Katie Moussouris helps people how to work around security vulnerabilities. Ben Sadeghipour is a technical account manager at HackerOne, and a hacker at night JGC: […]
The View from Washington: The State of Cybersecurity
Avril Haines, Former Deputy National Security Advisor, Obama Administration Moderator: Doug Kramer, General Counsel, Cloudflare Photo by Cloudflare Staff Avril began her career on the National Security Council, and went on to become the first female deputy at the CIA. DK: How will cyber will play a role in military operations? AH: We look at […]
SIDH in Go for quantum-resistant TLS 1.3
The Quantum Threat Most of today’s cryptography is designed to be secure against an adversary with enormous amounts of computational power. This means estimating how much work certain computations (such as factoring a number, or finding a discrete logarithm) require, and choosing cryptographic parameters based on our best estimate of how much work would be […]
Introducing TLS with Client Authentication
In a traditional TLS handshake, the client authenticates the server, and the server doesn’t know too much about the client. However, starting now, Cloudflare is offering enterprise customers TLS with client authentication, meaning that the server additionally authenticates that the client connecting to it is authorized to connect. TLS Client Authentication is useful in cases […]
A tale of a DNS exploit: CVE-2015-7547
This post was written by Marek Vavruša and Jaime Cochran, who found out they were both independently working on the same glibc vulnerability attack vectors at 3am last Tuesday. A buffer overflow error in GNU libc DNS stub resolver code was announced last week as CVE-2015-7547. While it doesn’t have any nickname yet (last year’s […]
Introducing CloudFlare Registrar: Designed for Security, Not the Masses
At CloudFlare, we’ve constructed one of the world’s largest networks purpose-built to protect our customers from a wide range of attacks. We’re so good at it that attackers increasingly look for ways to go around us, rather than go through us. One of the biggest risks for high-profile customers has been having their domain stolen […]
A Different Kind of POP: The Joomla Unserialize Vulnerability
At CloudFlare, we spend a lot of time talking about the PoPs (Points of Presence) we have around the globe, however, on December 14th, another kind of POP came to the world: a vulnerability being exploited in the wild against Joomla’s Content Management System. This is known as a zero day attack, where it has […]
CloudFlare is now PCI 3.1 certified
The Payment Card Industry Data Security Standard (PCI DSS) is a global financial information security standard that keeps credit card holders safe. It ensures that any company processing credit card transactions adheres to the highest technical standards. PCI certification has several levels. Level one (the highest level) is reserved for those companies that handle the […]
DNS parser, meet Go fuzzer
Here at CloudFlare we are heavy users of the github.com/miekgs/dns Go DNS library and we make sure to contribute to its development as much as possible. Therefore when Dmitry Vyukov published go-fuzz and started to uncover tens of bugs in the Go standard library, our task was clear. Hot Fuzz Fuzzing is the technique of […]
