Drupal 7 SA-CORE-2014-005 SQL Injection Protection
2014-10-16
Yesterday the Drupal Security Team released a critical security patch for Drupal 7 that fixes a very serious SQL injection vulnerability....
SSLv3 Support Disabled By Default Due to POODLE Vulnerability
2014-10-14
For the last week we've been tracking rumors about a new vulnerability in SSL. This specific vulnerability, which was just announced, targets SSLv3. ...
Automatic protection for common web platforms
2014-10-14
If you are a CloudFlare Pro or above customer you enjoy the protection of the CloudFlare WAF. If you use one of the common web platforms, such as WordPress, Drupal, Plone, WHMCS, or Joomla, then it's worth checking if the relevant CloudFlare WAF ruleset is enabled....
DNSSEC: An Introduction
2014-10-07
At CloudFlare our mission is to help build a better Internet. Part of this effort includes making web sites faster, more reliable, and more trustworthy....
The little extra that comes with Universal SSL
2014-10-06
Last Monday we announced our SSL for Free plan users called Universal SSL. Universal SSL means that any site running on CloudFlare gets a free SSL certificate, and is automatically secured over HTTPS....
Route leak incident on October 2, 2014
2014-10-02
Today, CloudFlare suffered downtime which caused customers’ sites to be inaccessible in certain parts of the world....
Universal SSL: How It Scales
2014-10-01
On Monday, we announced Universal SSL, enabling HTTPS for all websites using CloudFlare’s Free plan. Universal SSL represents a massive increase in the number of sites we serve over HTTPS—from tens of thousands, to millions....
Inside Shellshock: How hackers are using it to exploit systems
2014-09-30
On Wednesday of last week, details of the Shellshock bash bug emerged. This bug started a scramble to patch computers, servers, routers, firewalls, and other computing appliances using vulnerable versions of bash....
Universal SSL: Be just a bit more patient
2014-09-30
It turns out it takes a while to deploy SSL certificates for 2 million websites. :-) Even longer when you get a flood of new sign ups. While we'd hoped to have the deployment complete within 24 hours of the announcement, it now looks like it's going to take a bit longer....
Origin Server Connection Security with Universal SSL
2014-09-29
Earlier today, CloudFlare enabled Universal SSL: HTTPS support for all sites by default. Universal SSL provides state-of-the-art encryption between browsers and CloudFlare’s edge servers keeping web traffic private and secure from tampering....
Introducing Universal SSL
2014-09-29
The team at CloudFlare is excited to announce the release of Universal SSL™. Beginning today, we will support SSL connections to every CloudFlare customer, including the 2 million sites that have signed up for the free version of our service....
Shellshock protection enabled for all customers
2014-09-29
On Thursday, we rolled out protection against the Shellshock bash vulnerability for all paying customers through the CloudFlare WAF....
One More Thing: Keyless SSL and CloudFlare's Growing Network
2014-09-28
I wanted to write one more thing about Keyless SSL, our announcement from last week, before attention shifts to what we'll be announcing on Monday....
Celebrating CloudFlare's 4th Birthday
2014-09-27
Since CloudFlare launched to the public four years ago today, we've always considered September 27th our birthday. We like to celebrate by doing something nice for our team and also for our customers. ...
Bash vulnerability CVE-2014-6271 patched
2014-09-24
This morning, Stephane Chazelas [disclosed](http://seclists.org/oss-sec/2014/q3/649) a vulnerability in the program bash, the GNU Bourne-Again-Shell. ...
Keyless SSL: The Nitty Gritty Technical Details
2014-09-19
We announced Keyless SSL yesterday to an overwhelmingly positive response. We read through the comments on this blog, Reddit, Hacker News, and people seem interested in knowing more and getting deeper into the technical details....
Announcing Keyless SSL™: All the Benefits of CloudFlare Without Having to Turn Over Your Private SSL Keys
2014-09-18
CloudFlare is an engineering-driven company. This is a story we're proud of because it embodies the essence of who we are: when faced with a problem, we found a novel solution. ...
How Stacks are Handled in Go
2014-09-15
At CloudFlare, We use Go for a variety of services and applications. In this blog post, We're going to take a deep dive into some of the technical intricacies of Go....
SXSW Interactive 2015: Vote for CloudFlare’s Submissions
2014-09-01
Has your Twitter feed been flooded with “vote for my SXSW panel” tweets? With so much buzz all over the place, we wanted to keep it simple and share all of the presentations and panels affiliated with CloudFlare, in one place....
Go interfaces make test stubbing easy
2014-08-27
Go's "object-orientation" approach is through interfaces. Interfaces provide a way of specifying the behavior expected of an object, but rather than saying what an object itself can do, they specify what's expected of an object....